Reset Customer Password in Storefront

Customers reset their password if they forget it.

To implement the flow to reset a customer's password, you need two pages in your storefront:

A page to request the password reset.
A page that prompts the customer to enter a new password.

1. Request Reset Password Page#

The request password reset page prompts the customer to enter their email. Then, it sends a request to the Request Reset Password Token API route to send the customer an email with the URL to reset their password.

While it's not required, it's recommended to implement the subscriber that sends the customer an email with the URL to reset their password.↗

For example:

In this example, you send a request to http://localhost:9000/auth/customer/emailpass/reset-password API route when the form that has the email field is submitted.

In the request body, you pass an identifier parameter, which is the customer's email.

Tip: The Request Reset Password Token API route returns a successful response always, even if the customer's email doesn't exist. However, the customer only receives an email if they have an account with that email.

2. Reset Password Page#

The reset password page is the URL used in the email sent to the customer. It receives a token and email query parameters, prompts the customer for a new password, and sends a request to the Reset Password API route.

Note: If you followed this guide to set up a subscriber that sends the customer an email, make sure to use the URL of this page in the notification's data payload.

For example:

In this example, you receive the token and email from the page's query parameters.

Then, when the form that has the password field is submitted, you send a request to the http://localhost:9000/auth/customer/emailpass/update API route. You pass it the token as a query parameter, and the email and password in the request body.

Was this page helpful?

Edit this page