Password Reset with Email

Use the Shopper Login and API Access Service (SLAS) to send a password reset email to a registered shopper. The shopper can then update their password after verifying a one-time password (OTP) contained in the email.

The implementation described in this guide requires no third-party integration. For instructions on password reset using a callback URI instead, see Password Reset with Callback URI.

  • Registration: The shopper’s email must be registered with B2C Commerce.
  • Volume limits: The monthly quota limit for the getPasswordResetToken endpoint with mode set to email is 1,000 requests per non-production tenant instance. The getPasswordResetToken endpoint also has a maximum of 3 requests per user for every 10-minute window.
  • SLAS client: Your site must have a SLAS client. Both private and public clients are supported. See Authorization for Shopper APIs.

An email sender specifies the sender address that SLAS uses to deliver passwordless login emails, including password reset emails. Use the SLAS Admin UI to add an email sender to an existing SLAS client. Follow the steps to Add an Email Sender as described in the Password Login with Email guide.

SLAS uses password action templates to construct the emails used for password resets, as well as passwordless login.

To create the password action template for password reset emails, make a PUT request to the registerPwdlessTemplate endpoint. Set the actionType parameter to PWD_RESET_ACTION and the templateType parameter to EMAIL. Alternatively, the PWD_RESET_CROSS_DEVICE_ACTION is used if the hint parameter in the getPasswordResetToken call is cross_device.

In the link parameter, you can use ${token}, ${name}, and ${user_id} substitutions. In the template parameter, you can use the above and the ${link} substitution.

Emails with OTP that use the SLAS APIs for getPasswordResetToken will use this template to send emails to shoppers.

Here’s an example request body for creating a password reset email template:

  1. Call the getPasswordResetToken endpoint to trigger the email with the OTP. Setting the mode to email instructs SLAS to send the numeric token directly to the shopper's registered email address.
  2. Then, call the resetPassword endpoint with the shopper’s numeric token to complete the password reset flow.
  1. Request a password reset token
  1. After the customer provides the reset token, use it to request a password reset:
  1. Request a password reset token:
  1. After the customer provides the reset token, use it to request a password reset:

To diagnose issues with password reset emails, use Log Center. For details, see Troubleshooting with Log Center.