Skip to content
AppHandoff AppHandoff Docs

Send password reset email

POST
/auth/send-password-reset
 
curl --request POST \
  --url https://example.com/api/auth/send-password-reset \
  --header 'Content-Type: application/json' \
  --data '{ "email": "hello@example.com", "callback_origin": "example" }'

First-party recovery email via admin generateLink (recovery) + Mailgun. Always returns an opaque success message (enumeration-safe). IP rate limited; no Origin required.

Request Body required

Section titled “Request Body required ”
Media type application/json
object
email
required
string format: email
callback_origin
string
<= 512 characters

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Opaque acknowledgment (whether or not an account exists)

Media type application/json
object
ok
required
boolean
message
required
string

400

Section titled “400 ”

Invalid request

Media type application/json
object
error
required

Human-readable error message

string
code

Stable machine-readable error code for client branching

string
fieldErrors

First validation message per field path

object
key
additional properties
string
issues

Structured validation issues (Zod)

Array<object>
object
path
required
string
message
required
string
retryAfter

Seconds until rate limit resets (429 responses)

number

429

Section titled “429 ”

Rate limited

Media type application/json
object
error
required

Human-readable error message

string
code

Stable machine-readable error code for client branching

string
fieldErrors

First validation message per field path

object
key
additional properties
string
issues

Structured validation issues (Zod)

Array<object>
object
path
required
string
message
required
string
retryAfter

Seconds until rate limit resets (429 responses)

number
retryAfter

Seconds until the rate limit resets

number

Headers

Section titled “Headers ”
Retry-After
string

500

Section titled “500 ”

Auth not configured

502

Section titled “502 ”

Email delivery failed