How does password reset work?
Your app calls the password-reset endpoint with the user's email or phone number, and Forte sends the reset to their first verified contact method. Depending on your project's reset mode, the user receives either a generated 16-character password or a single-use reset link (30-minute expiry) pointing at your reset page.
The request always returns success whether or not the account exists, so attackers can't probe for registered emails.