> ## Documentation Index
> Fetch the complete documentation index at: https://docs.replyke.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Request Password Reset

> Send a password reset email to a user

Sends a password reset email to the specified address if an account with that email exists and has a password set. The reset link in the email expires after 1 hour.

The response is always a generic success message regardless of whether the email is registered. This prevents user enumeration.

## Body Parameters

<ParamField body="email" type="string" required>
  The email address to send the reset link to.
</ParamField>

## Response

<ResponseField name="success" type="boolean">
  Always `true` when the request is processed without a server error.
</ResponseField>

<ResponseField name="message" type="string">
  Generic confirmation message: `"If an account with that email exists, a password reset link has been sent."`
</ResponseField>

<Note>
  The password reset token is stored as a SHA-256 hash in the database.
  Only one reset token is active per user at a time — requesting a new one
  overwrites the previous token.
</Note>

## See Also

* [`useRequestPasswordReset` hook](/hooks/auth/use-request-password-reset)
* [Reset Password endpoint](/api-reference/auth/reset-password)
* [Built-in Auth guide](/sdk/authentication/built-in)