Skip to main content
POST
/
api
/
sys
/
users
/
completePasswordReset
{
  "WasSuccessful": true,
  "Value": {},
  "Status": 123,
  "Message": {},
  "Errors": "<any>",
  "400 Bad Request": {},
  "400 Bad Request — password policy": {}
}

Complete Password Reset

Validates the one-time reset token sent to the customer’s email and sets the new password. On success, Nexudus returns a JWT that the portal immediately exchanges for a bearer token, signing the customer in automatically without an extra login step.

Authentication

No authentication required. The token in the request body acts as the credential.

Request Body

Token
string
required
The one-time reset token extracted from the password-reset link sent to the customer’s email. This token is single-use and expires after a short period.
Password
string
required
The new password the customer wants to set. Must satisfy the location’s password policy.
BusinessId
number
required
The numeric ID of the business/location. Obtained from the current location context.

Response

Returns an ActionConfirmation envelope. On success, Value contains a JWT that can be exchanged for a bearer token via POST /api/sys/users/exchange.
WasSuccessful
boolean
true when the password was changed successfully.
Value
string | null
One-time JWT to exchange for a bearer token via POST /api/sys/users/exchange. Pass this directly to endpoints.system.auth.login(Value).
Status
number
HTTP-style status code mirrored in the body. 200 on success.
Message
string | null
Human-readable message or error description.
Errors
any
Validation errors object. null on success.

Example Response

{
  "WasSuccessful": true,
  "Value": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI0MiIsImV4cCI6MTcw...",
  "Status": 200,
  "Message": null,
  "Errors": null
}

TypeScript Integration

import endpoints from '@/api/endpoints'
import { ActionConfirmation } from '@/types/ActionConfirmation'

const url = endpoints.system.users.completePasswordReset
// => '/api/sys/users/completePasswordReset'

const response = await httpClient.post<ActionConfirmation>(url, {
  Token: resetToken,
  Password: newPassword,
  BusinessId: business.Id,
})

if (response.data.WasSuccessful && response.data.Value) {
  // Exchange the JWT for a bearer token and sign the customer in
  const exchangeUrl = endpoints.system.auth.login(response.data.Value)
  await httpClient.post(exchangeUrl)
}

Usage in Portal

ContextSource file
Reset password page / flowsrc/views/auth/ResetPassword/

Error Responses

400 Bad Request
error
The token is invalid, expired, or already used. The customer must restart the password-reset flow via POST /api/sys/users/startPasswordReset.
400 Bad Request — password policy
error
The new password does not meet the location’s password requirements. Check Errors in the response body.
MethodEndpointDescription
POST/api/sys/users/startPasswordResetTrigger the password-reset email
POST/api/sys/users/exchangeExchange the returned JWT for a bearer token
POST/api/tokenStandard credential-based sign-in