Newer Version Available

This content describes an older version of this product. View Latest

Headless Forgot Password Overview

If your users can log in and register, they must also be able to reset their passwords. Here’s a high-level overview of how the Headless Forgot Password Flow works with a single-page app.
Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
Available in: Enterprise, Unlimited, and Developer Editions

The flow includes an initial request, a response from Salesforce, an email, a second request, and a final success message from Salesforce.
  • An end user clicks a password reset link in your app.
  • In your app, you natively display a forgot password page.
  • The user enters their username.
  • Your app initiates the flow with a request to Headless Forgot Password API. The request includes the user’s username (1).
  • Salesforce receives the forgot password details.
  • Salesforce returns a success message to your app (2).
  • Immediately after, Salesforce generates a one-time password (OTP) and sends it to the user’s email address (3).
  • In your app, you natively display an OTP verification form.
  • The user receives the OTP email.
  • The user enters the OTP and their new password in your verification form.
  • Your app finishes resetting the password with another request to Headless Forgot Password API. The request includes the username, OTP, and new password (4).
  • Salesforce verifies the OTP and sets a new password.
  • Salesforce returns a success message to your app (5).
  • The user logs in with their new password.

Here are a few key concepts to keep in mind for this flow.

  • This flow sends two requests to Headless Forgot Password API.
  • The first request initializes the password reset and kicks off the OTP verification process.
  • The second request completes the password reset process.