Password reset

Create a password reset token for a user and reset the user’s password.

When a user’s password is reset, all of their active sessions are revoked.

Get a password reset token

Get the details of an existing password reset token that can be used to reset a user’s password.

JavaScript

 import { WorkOS } from '@workos-inc/node';

const workos = new WorkOS('sk_example_123456789');

const passwordReset = await workos.userManagement.getPasswordReset(
  'password_reset_01HYGDNK5G7FZ4YJFXYXPB5JRW',
);

 {
  "object": "password_reset",
  "id": "password_reset_01E4ZCR3C56J083X43JQXF3JK5",
  "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5",
  "email": "marcelina.davis@example.com",
  "expires_at": "2026-01-15T12:00:00.000Z",
  "created_at": "2026-01-15T12:00:00.000Z",
  "password_reset_token": "Z1uX3RbwcIl5fIGJJJCXXisdI",
  "password_reset_url": "https://your-app.com/reset-password?token=Z1uX3RbwcIl5fIGJJJCXXisdI"
}

GET

`/user_management/password_reset/:id`

`Parameters`

`Returns`

Create a password reset token

Creates a one-time token that can be used to reset a user’s password.

JavaScript

 import { WorkOS } from '@workos-inc/node';

const workos = new WorkOS('sk_example_123456789');

const passwordReset = await workos.userManagement.createPasswordReset({
  email: 'marcelina@example.com',
});

 {
  "object": "password_reset",
  "id": "password_reset_01E4ZCR3C56J083X43JQXF3JK5",
  "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5",
  "email": "marcelina.davis@example.com",
  "expires_at": "2026-01-15T12:00:00.000Z",
  "created_at": "2026-01-15T12:00:00.000Z",
  "password_reset_token": "Z1uX3RbwcIl5fIGJJJCXXisdI",
  "password_reset_url": "https://your-app.com/reset-password?token=Z1uX3RbwcIl5fIGJJJCXXisdI"
}

Sends email

POST

`/user_management/password_reset`

`Returns`

Reset the password

Sets a new password using the token query parameter from the link that the user received. Successfully resetting the password will verify a user’s email, if it hasn’t been verified yet.

Request

JavaScript

 curl --request POST \
  --url https://api.workos.com/user_management/password_reset/confirm \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  -d @- <<BODY
  {
    "token": "stpIJ48IFJt0HhSIqjf8eppe0",
    "new_password": "i8uv6g34kd490s"
  }
BODY

 import { WorkOS } from '@workos-inc/node';

const workos = new WorkOS('sk_example_123456789');

const { user } = await workos.userManagement.resetPassword({
  token: 'stpIJ48IFJt0HhSIqjf8eppe0',
  newPassword: 'i8uv6g34kd490s',
});

 require "workos"

WorkOS.configure do |config|
  config.api_key = "sk_example_123456789"
end

WorkOS.client.user_management.confirm_password_reset(
  token: "Z1Y2X3W4V5U6T7S8R9Q0P1O2N3",
  new_password: "strong_password_123!"
)

 from workos import WorkOSClient

client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789")

client.user_management.confirm_password_reset(
    token="Z1Y2X3W4V5U6T7S8R9Q0P1O2N3", new_password="strong_password_123!"
)

 package main

import (
	"context"

	"github.com/workos/workos-go/v9"
)

func main() {
	client := workos.NewClient("sk_example_123456789")

	_, err := client.UserManagement().ConfirmPasswordReset(context.Background(), &workos.UserManagementConfirmPasswordResetParams{
		Token:       "Z1Y2X3W4V5U6T7S8R9Q0P1O2N3",
		NewPassword: "strong_password_123!",
	})
	if err != nil {
		panic(err)
	}
}

 <?php

use WorkOS\WorkOS;

$workos = new WorkOS(
    apiKey: "sk_example_123456789",
    clientId: "client_123456789",
);

$workos
    ->userManagement()
    ->confirmPasswordReset(
        token: "Z1Y2X3W4V5U6T7S8R9Q0P1O2N3",
        newPassword: "strong_password_123!",
    );

 import com.workos.WorkOS;
import com.workos.usermanagement.UserManagementApi.ConfirmPasswordResetOptions;

WorkOS workos = new WorkOS("sk_example_123456789");

ConfirmPasswordResetOptions options = ConfirmPasswordResetOptions.builder()
                                          .token("Z1Y2X3W4V5U6T7S8R9Q0P1O2N3")
                                          .newPassword("strong_password_123!")
                                          .build();

workos.userManagement.confirmPasswordReset(options);

 using WorkOS;

var client = new WorkOSClient(new WorkOSOptions {
    ApiKey = "sk_example_123456789",
    ClientId = "client_123456789",
});

await client.UserManagement.ConfirmPasswordResetAsync(new UserManagementConfirmPasswordResetOptions {
    Token = "Z1Y2X3W4V5U6T7S8R9Q0P1O2N3",
    NewPassword = "strong_password_123!",
});

 use workos::Client;
use workos::user_management::ConfirmPasswordResetParams;

#[tokio::main]
async fn main() -> Result<(), workos::Error> {
    let client = Client::builder()
        .api_key("sk_example_123456789")
        .client_id("client_123456789")
        .build();

    let _result = client
        .user_management()
        .confirm_password_reset(
            ConfirmPasswordResetParams {
                token: "Z1Y2X3W4V5U6T7S8R9Q0P1O2N3".into(),
                new_password: "strong_password_123!".into(),
                ..Default::default()
            }
        )
        .await?;

    Ok(())
}

POST

`/user_management/password_reset/confirm`

`Returns`

Organization membership Continue to the next section

Up next

Password reset

Get a password reset token

/user_management/password_reset/:id

Parameters

id: string

Returns

password_reset: object

Create a password reset token

/user_management/password_reset

email: string

Returns

password_reset: object

Reset the password

/user_management/password_reset/confirm

token: string

new_password: string

Returns

user: object

`/user_management/password_reset/:id`

`Parameters`

`Returns`

`/user_management/password_reset`

`Returns`

`/user_management/password_reset/confirm`

`Returns`