This document details the account recovery workflow and exposes standard administrative endpoints to manage user credentials. Developers can test these endpoints in real-time using the embedded Swagger interactive tool below.
Prevent account enumeration attacks. The recovery API returns 200 OK with the same generic payload whether or not the email exists in the database.
Initiate the reset protocol. Zero IDS validates the user and sends a temporary token:
Request Body Schema:
{
"email": "user@example.com",
"method": "email" // Supports "email" or "sms" (based on provider configurations)
}
Response Body Schema (Success):
{
"success": true,
"message": "If the account exists, a recovery token has been dispatched."
}
Submit the received token and specify the new password:
Request Body Schema:
{
"token": "3a0b81e8-782a-4a6f-b14f-698f1234abcd", // Hexadecimal UUID token received
"password": "NewSecurePassword123!" // Must satisfy organization password policies
}
Response Body Schema (Success):
{
"success": true,
"message": "Password updated successfully. You may now log in."
}
Response Body Schema (Invalid/Expired Token):
{
"success": false,
"error": "Invalid or expired recovery token."
}
Test OIDC, client, user management, and organization operations directly from this console page: