auth

Confirm password reset with OTP

Set new password using the OTP sent to the user's email. Call after POST /api/auth/local/password-reset with projectId. Rate limited (OTP limit). If the user's email was not yet verified, it is marked as verified upon successful reset.

POST/api/auth/local/password-reset/confirm

Authentication

Public — No Auth Required

Request Body

Email, projectId, OTP code, and new password.

json

{
  "email": "user@example.com",
  "projectId": "685ad30be129932fbb7a1047",
  "otp": "123456",
  "newPassword": "NewSecurePass123!"
}
{
  "email": "user@example.com",
  "projectId": "685ad30be129932fbb7a1047",
  "otp": "123456",
  "newPassword": "NewSecurePass123!"
}

SDK setup

Create a client instance. No authentication is required for this endpoint.

import { MudbaseClient } from "mudbase";

const client = new MudbaseClient();
import { MudbaseClient } from "mudbase";

const client = new MudbaseClient();

Example request

Call this endpoint using the client from SDK setup. Use View HTTP for a raw cURL example.

const result = await client.auth.confirmPasswordReset({
  email: "mark54@northwind.dev",
  projectId: "proj_Fc2e7AseJvII",
  otp: "firewall navigate",
  newPassword: "Str0ng_Sample_Pass!w0rd"
});
const result = await client.auth.confirmPasswordReset({
  email: "mark54@northwind.dev",
  projectId: "proj_Fc2e7AseJvII",
  otp: "firewall navigate",
  newPassword: "Str0ng_Sample_Pass!w0rd"
});

Try It Live

Test this endpoint with your own credentials. Your requests will be sent to the live API.

Request Body (JSON)

No Request Yet

Send a request to see the full inspector

Responses

200Password reset successful

json

{
  "message": "Password reset successful"
}
{
  "message": "Password reset successful"
}

400Invalid or expired OTP, or validation error

401Authentication required or invalid token.

403Access denied or insufficient permissions.

404Resource not found (exact backend message).

429Too many attempts (rate limit)

500Internal server error.

Errors

Code	Meaning
`400`	Invalid or expired OTP, or validation error
`401`	Authentication required or invalid token.
`403`	Access denied or insufficient permissions.
`404`	Resource not found (exact backend message).
`429`	Too many attempts (rate limit)
`500`	Internal server error.

Run in Postman Download OpenAPI

Next steps

Edit this page on GitHub