Password Reset with RESTful API

What’s the best way to do a reset password page if you’re connected to a restful API?
I want to send a code to the email of the user and if then if the code typed by the user is the same as the one sent to the email, the user can have the right to update the password. I’m having issues creating the node.js requests also, cause I can’t seem to find a way to connect them. Any help is appreciated. Thanks in advance!

I don’t think there is a universal “best” way here, because there are going to be tradeoffs between security and ease of use. The main limiting factor is going to be what the user database looks like, because some way or another, the user is going to have to present enough information to both (a) uniquely and accurately identify themselves, and (b) demonstrate they received the email you sent. That can be done in a single field, or with a combination of username and cookie.

1 Like