Password Recovery
POST/auth/recovery
Initiates the forgotten password recovery process. Typical Flow:
- The client sends the user's email
- The server validates that the email exists in the database
- Generates a unique recovery token with a 1-hour expiration
- Sends a recovery link email to the user
- The user clicks the link to reset their password Usage Examples:
- User forgot their login password
- First-time access requiring password setup
- Password change for security reasons Security Features:
- Recovery token valid for 1 hour only
- The token is invalidated after use
- Only 3 requests per hour per email are allowed
- The token is unique and single-use
- For security, it always returns 200 even if the email does not exist Important Notes:
- Requires a valid and registered email in the system
- The email may take up to 5 minutes to arrive
- Check the spam folder if the email does not arrive
- After 1 hour, a new token must be requested
Request
Responses
- 200
- 429
Recovery email sent (always returns 200 for security)
Too many requests