> ## Documentation Index
> Fetch the complete documentation index at: https://docs.replyke.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Reset Password

> Reset a user's password using a token from the reset email

Sets a new password for a user by validating a reset token received via email. On success, all existing refresh tokens for the user are invalidated, forcing re-authentication.

## Body Parameters

<ParamField body="token" type="string" required>
  The raw reset token from the password reset email link. The server hashes
  this token internally before comparing it to the stored hash.
</ParamField>

<ParamField body="newPassword" type="string" required>
  The new password to set.
</ParamField>

## Response

<ResponseField name="success" type="boolean">
  `true` on success.
</ResponseField>

<ResponseField name="message" type="string">
  Confirmation message: `"Password has been reset successfully."`
</ResponseField>

## Error Responses

<AccordionGroup>
  <Accordion title="Invalid or Expired Token — 400">
    ```json theme={null}
    {
      "error": "Invalid or expired password reset token.",
      "code": "auth/invalid-reset-token"
    }
    ```

    Returned when the token does not match any user record or the token has
    expired (1 hour TTL).
  </Accordion>
</AccordionGroup>

<Warning>
  All active sessions for the user are revoked when the password is reset.
  The user must sign in again after resetting their password.
</Warning>

## See Also

* [Request Password Reset endpoint](/api-reference/auth/request-password-reset)
* [`useRequestPasswordReset` hook](/hooks/auth/use-request-password-reset)
* [Built-in Auth guide](/sdk/authentication/built-in)