POST /api/v1/auth/forgot-password

Request a password reset email. For security, this endpoint always returns a success response regardless of whether the email exists in the system, preventing email enumeration.

Authentication

None

Request

Field	Type	Required	Description
`email`	string	Yes	Email address associated with the account

Example

curl -X POST https://intotes.com/api/v1/auth/forgot-password \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com"
  }'

Response

200 OK

Always returns 200 regardless of whether the email exists.

{
  "success": true,
  "message": "If an account with that email exists, a password reset link has been sent."
}

Errors

This endpoint does not return error codes for unknown emails. It always responds with 200 to prevent information disclosure.

Authentication​

Request​

Example​

Response​

200 OK​

Errors​