How does password reset work?

Your app calls the password-reset endpoint with the user's email or phone number, and Forte sends the reset to their first verified contact method. Depending on your project's reset mode, the user receives either a generated 16-character password or a single-use reset link (30-minute expiry) pointing at your reset page.

The request always returns success whether or not the account exists, so attackers can't probe for registered emails.

Read more about this in the documentation

Related questions

Still need help?

If this didn't answer your question, our team is one message away.

Contact support