> ## Documentation Index
> Fetch the complete documentation index at: https://docs.marzipan.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Set new password from reset token

> Set a new password using the token from a password reset email. This is a public endpoint used before the customer is logged in.



## OpenAPI

````yaml /api-reference/openapi.json post /account/password/reset
openapi: 3.0.0
info:
  title: Marzipan API
  version: 1.0.0
servers:
  - url: https://api.marzipan.co/v1
security:
  - tenantAuth: []
tags:
  - name: Account
    description: >-
      Account management endpoints including registration, login, and user
      details
  - name: Carts
    description: Shopping cart management endpoints
  - name: Products
    description: Product catalog and search endpoints
  - name: Subscriptions
    description: Subscription management and renewal endpoints
  - name: CMS
    description: Content management system endpoints
  - name: Messaging
    description: Message and communication endpoints
  - name: Search
    description: Search functionality endpoints
  - name: Settings
    description: >-
      Storefront settings and market detection used to configure the web
      components and checkout.
  - name: Analytics
    description: Storefront visit and attribution tracking.
  - name: Rewards
    description: >-
      Loyalty and rewards programme endpoints for the authenticated customer,
      covering points balance, tier status, perks, exclusive products and
      transaction history.
  - name: Forms
    description: Render and submit dynamic storefront forms defined in the CMS.
  - name: Events
    description: >-
      Check event availability, browse occurrences and recurring dates, generate
      ticket QR codes, and manage event waitlists (join, leave, check status,
      and claim promoted spots).
paths:
  /account/password/reset:
    parameters: []
    post:
      tags:
        - Account
      summary: Set new password from reset token
      description: >-
        Set a new password using the token from a password reset email. This is
        a public endpoint used before the customer is logged in.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - token
                - email
                - password
                - passwordConfirmation
              properties:
                token:
                  type: string
                  description: The password reset token from the emailed link
                email:
                  type: string
                  format: email
                password:
                  type: string
                  format: password
                  description: >-
                    Minimum 8 characters, must include an uppercase letter, a
                    lowercase letter and a number
                passwordConfirmation:
                  type: string
                  format: password
            example:
              token: a1b2c3d4e5f6
              email: jane@example.com
              password: NewPass456
              passwordConfirmation: NewPass456
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                type: object
                properties:
                  status:
                    type: string
              example:
                status: Your password has been reset.
        '422':
          description: Invalid or expired token, or validation error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
              example:
                message: >-
                  This password reset token has expired. Please request a new
                  password reset link.
                errors:
                  email:
                    - The email field is required.
      security:
        - tenantAuth: []
components:
  schemas:
    ValidationError:
      type: object
      properties:
        message:
          type: string
          description: Validation error message
        errors:
          type: object
          additionalProperties:
            type: array
            items:
              type: string
          description: Field-specific validation errors
      required:
        - message
        - errors
  securitySchemes:
    tenantAuth:
      type: http
      scheme: bearer
      description: >-
        Bearer authentication header of the form `Bearer <token>`, where
        `<token>` is your API token.
      bearerFormat: JWT

````