xclade
Store APIAuth

Reset a Customer's Password

Reset a customer's password using a reset-password token generated with the [Generate Reset Password Token API route](https://). You pass the token as a bearer token in the request's Authorization header.

POST
/auth/customer/{auth_provider}/update

Authorization

reset_password

AuthorizationBearer <token>

In: header

Path Parameters

auth_provider*string

The provider used for authentication.

Request Body

application/json

Response Body

application/json

application/json

text/plain

application/json

application/json

application/json

application/json

curl -X POST "https://{tenant}.api.myxclade.com/auth/customer/emailpass/update" \  -H "Content-Type: application/json" \  -d '{    "email": "customer@gmail.com",    "password": "supersecret"  }'
{
  "success": true
}

{
  "message": "Discount must be set to dynamic",
  "type": "not_allowed"
}

"Unauthorized"
{
  "message": "Entity with id 1 was not found",
  "type": "not_found"
}
{
  "code": "unknown_error",
  "message": "The request conflicted with another request. You may retry the request with the provided Idempotency-Key.",
  "type": "QueryRunnerAlreadyReleasedError"
}
{
  "code": "invalid_request_error",
  "message": "Discount with code TEST already exists.",
  "type": "duplicate_error"
}

{
  "code": "api_error",
  "message": "An error occured while hashing password",
  "type": "database_error"
}

Generate Reset Password Token for Customer

Generate a reset password token for a customer. This API route doesn't reset the customer password or send them the reset instructions in a notification. Instead, This API route emits the `auth.password_reset` event, passing it the token as a payload. You can listen to that event in a subscriber as explained in [this guide](https://), then send the customer a notification. The notification is sent using a [Notification Module Provider](https://), and it should have a URL that accepts a `token` query parameter, allowing the customer to reset their password from the storefront. Use the generated token to update the customer's password using the [Reset Password API route](https://).

Refresh Authentication Token

Refresh the authentication token of a customer. This is useful after authenticating a customer with a third-party service to ensure the token holds the new user's details, or when you don't want customers to re-login every day.