Skip to main content
POST
Complete Password Reset

Complete Password Reset

Validates the one-time reset token sent to the customer’s email and sets the new password. On success, Nexudus returns a JWT that the portal immediately exchanges for a bearer token, signing the customer in automatically without an extra login step.

Authentication

No authentication required. The token in the request body acts as the credential.

Request Body

Token
string
required
The one-time reset token extracted from the password-reset link sent to the customer’s email. This token is single-use and expires after a short period.
Password
string
required
The new password the customer wants to set. Must satisfy the location’s password policy.
BusinessId
number
required
The numeric ID of the business/location. Obtained from the current location context.

Response

Returns an ActionConfirmation envelope. On success, Value contains a JWT that can be exchanged for a bearer token via POST /api/sys/users/exchange.
WasSuccessful
boolean
true when the password was changed successfully.
Value
string | null
One-time JWT to exchange for a bearer token via POST /api/sys/users/exchange. Pass this directly to endpoints.system.auth.login(Value).
Status
number
HTTP-style status code mirrored in the body. 200 on success.
Message
string | null
Human-readable message or error description.
Errors
any
Validation errors object. null on success.

Example Response

TypeScript Integration

Usage in Portal

Error Responses

400 Bad Request
error
The token is invalid, expired, or already used. The customer must restart the password-reset flow via POST /api/sys/users/startPasswordReset.
400 Bad Request — password policy
error
The new password does not meet the location’s password requirements. Check Errors in the response body.