Request Password Reset (v1)
Method & Path
POST /api/v1/password-reset/request
Description
Request a password reset by sending an OTP code via SMS to the workspace owner's verified phone number.
Authentication
None: This is a public endpoint (no authentication required).
Headers
Content-Type: application/json
Request Body
{
"email": "owner@example.com"
}
Request Body Schema
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Workspace owner email address (must be valid email format) |
Response 200 OK
{
"message": "If a workspace exists with this email and has a verified phone number, an OTP code has been sent via SMS."
}
Response Fields
message(string): Success message (always returned to prevent email enumeration)
Common Errors
400 Bad Request: Invalid email format
422 Unprocessable Entity: Validation error
500 Internal Server Error: Server error occurred while processing the request
Notes
- This endpoint always returns success to prevent email enumeration attacks
- OTP is only sent if:
- Workspace exists with the provided email
- Workspace has a verified phone number
- OTP code is valid for 10 minutes
- Rate limiting applies to prevent abuse
- OTP is sent via SMS to the workspace owner's verified phone number