Consumer and business web
Password reset
Hosted password reset wired to request and reset-token confirmation APIs.
Waiting for reset token
Request a password reset email for an existing account.
Route boundary
- Hosted path
- /password-reset?token=...
- API seam
- POST /api/v1/app/auth/password-reset/confirm
- Token handoff
- No reset token in querystring.
- Security boundary
- The token must be confirmed by the API; this shell does not expose or validate token contents.
Request a reset email
Deferred implementation
TODO: add signed-in web navigation after successful reset once hosted auth views are complete.