Showing results for 
Search instead for 
Did you mean: 

Reset customer password via REST API

Reset customer password via REST API

We are developing an angular 4 frontend which uses magento entirely as a rest service. I'm trying to figure out how to update a customers password after their forgot password token has been verified.


We perform a GET request on /V1/customers/{customerId}/password/resetLinkToken/{resetPasswordLinkToken} and receive a 'true' response. But how exactly are we supposed to perform the password update if the customer has no header authorization bearer token? Is there a way to update an anonymous users password when the resetPasswordLinkToken is successfully verified?


Re: Reset customer password via REST API



Who will receive that forgot pwd email?  That reset pwd email user, so i don't think need that to pass barer key for security purppse.

Re: Reset customer password via REST API

Well, we have modified the email so that it sends an email with a link to our Angular application since we are not using Magento 2 for it's frontend experience. When the customer clicks the link in the email, the Angular application verifies the token using the /V1/customers/{customerId}/password/resetLinkToken/{resetPasswordLinkToken} REST api route. This returns a "true" body response, but what can we do next? It does not look like there is an api route to create a new password for this verified (yet not authorized) customer.


We want to keep all frontend activity that a customer makes within the Angular app, but i'm not seeing a way using the REST api to fully complete the "forgot password" -> "check email" -> "reset password" flow using only REST. Am I missing a part of this?

Re: Reset customer password via REST API



you need to check below API


 <route url="/V1/customers/password" method="PUT">
        <service class="Magento\Customer\Api\AccountManagementInterface" method="initiatePasswordReset"/>
            <resource ref="anonymous"/>

Re: Reset customer password via REST API

Hi @Sunil Patel,

We are using the PUT /V1/customers/password api route. This is not the route that actually performs the password update though. These are the body parameters which that route accepts:



This is the call that is initially made when the customer has forgotten their password and enters their email in the "forgot password" form. This api call causes the email to be sent to the customer with the link to reset the password. That part is working fine. Here is the exact description of that api route from the swagger docs:


Send an email to the customer with a password reset link.

This is the current flow that a user takes in our Angular app:


  • Customer clicks "Forgot Password" link
  • Customer enters email in "Forgot Password" form
    • When submitted, /V1/customers/password PUT is called and Magento sends them an email with reset link.
  • Customer opens email and clicks reset link
  • Customer is taken to the website (Angular app, not Magento)
    • Angular performs GET on /V1/customers/{customerId}/password/resetLinkToken/{resetPasswordLinkToken} to make sure the token/user is legit
  • If token/user returns true, what

The only way I am seeing to actually let the customer change their password is using the /V1/customers/me/password api route, but that only works for users who know their password and are logged in.

Re: Reset customer password via REST API

So, I ended up creating a Magento module that exposes the 


method as a POST endpoint in my webapi.xml and i'm now able to complete the password reset with the new api endpoint.


This method just needs to be supplied the users email, reset token and new password, and it then updates the password. This is the method that Magento already uses to complete the process, so I just opened it up to the REST api. I don't know if there is a reason it is not part of the api, but its working great for me now.

Re: Reset customer password via REST API

Hey Jersey, care to share the module you're talking about, please?

Re: Reset customer password via REST API

I developed Moagento controller and use as API call to action of it with the code:




$this->_accountManagement->validateResetPasswordLinkToken($params['customer_id'], $params['reset_token']);

$customerId = (int) $params['customer_id'];
$customer = $this->_customerRepository->getById($customerId);

$this->_customerRepository->save($customer, $this->_encryptor->getHash($params['password'], true));