Password Reset
Recover access to your Daakey account when you've forgotten your password. This two-step process allows you to securely reset your password using your registered email address.
The password reset flow provides a secure way to regain account access without compromising security. A unique, time-limited token is sent to your email, ensuring that only the account owner can reset the password.
Security Considerations
- Reset tokens are single-use and expire after 60 minutes
- For security, the API always returns a success message even if the email doesn't exist (to prevent email enumeration)
- After resetting your password, all existing sessions are invalidated
- You must log in again with your new password
Forgot Password
Request a password reset link to be sent to your registered email address. This is the first step of the password recovery process.
Endpoint
INFO
POST /api/v1/client/auth/forgot-password
Headers
| Header | Value | Required |
|---|---|---|
Content-Type | application/json | Yes |
Accept | application/json | Yes |
X-Agency-Signature | {signature} | Yes |
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Registered email address |
Example Request
bash
curl -X POST https://api.daakey.com/api/v1/client/auth/forgot-password \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "X-Agency-Signature: {signature}" \
-d '{
"email": "client@example.com"
}'Success Response (200)
json
{
"success": true,
"message": "Password reset link sent to your email",
"data": null,
"request_id": "uuid",
"timestamp": "2024-01-01T00:00:00.000Z"
}Reset Password
Reset password using the token from email.
Endpoint
INFO
POST /api/v1/client/auth/reset-password
Headers
| Header | Value | Required |
|---|---|---|
Content-Type | application/json | Yes |
Accept | application/json | Yes |
X-Agency-Signature | {signature} | Yes |
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Registered email address |
token | string | Yes | Reset token from email |
password | string | Yes | New password (min: 8 chars) |
password_confirmation | string | Yes | Password confirmation |
Example Request
bash
curl -X POST https://api.daakey.com/api/v1/client/auth/reset-password \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "X-Agency-Signature: {signature}" \
-d '{
"email": "client@example.com",
"token": "abc123def456",
"password": "newSecurePassword123",
"password_confirmation": "newSecurePassword123"
}'Success Response (200)
json
{
"success": true,
"message": "Password reset successful",
"data": null,
"request_id": "uuid",
"timestamp": "2024-01-01T00:00:00.000Z"
}Error Response (400)
json
{
"success": false,
"message": "Invalid or expired reset token",
"data": null,
"request_id": "uuid",
"timestamp": "2024-01-01T00:00:00.000Z"
}Notes
- Reset tokens expire after 60 minutes
- After successful reset, the user must log in again
- All existing sessions are invalidated after password reset