跳到主要内容

Forgot Password

POST 

/api/v1/auth/forgot-password

Initiate a password reset for a local account.

Anti-enumeration: always returns {"ok": True} regardless of whether the email matches a user. An email is only sent when ALL of the following hold:

  • A user exists with the given email.
  • The user has a local password (not SSO-only).
  • The user is active.
  • SMTP is configured.

Tokens live for one hour and are stored on the user row directly.

Request

Responses

Successful Response