Skip to main content
PATCH
/
api
/
v3
/
admin
/
auth
/
password_resets
/
{id}
Spree Admin SDK
import { createAdminClient } from '@spree/admin-sdk'

const client = createAdminClient({
  baseUrl: 'https://your-store.com',
  secretKey: 'sk_xxx',
})

// The token comes from the emailed link's ?token= param. On success the admin
// is signed in: a JWT comes back and the refresh token is set as an HttpOnly cookie.
const auth = await client.auth.resetPassword('reset-token-from-email', {
  password: 'new-password-123',
  password_confirmation: 'new-password-123',
})
spree api patch /auth/password_resets/{id} -d '{"password":"new-password-123","password_confirmation":"new-password-123"}'
{
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VyX3R5cGUiOiJhZG1pbiIsImp0aSI6IjliNzNlYzliLWUzZmItNGVlZC1iNzdmLTkyODY3ZjRkNWMwYSIsImlzcyI6InNwcmVlIiwiYXVkIjoiYWRtaW5fYXBpIiwiZXhwIjoxNzgzNDU1ODIzfQ.1F880snWFAYKU8h7UMH-sHzf8oXwqcbFKlBOcvy76VY",
  "user": {
    "id": "admin_UkLWZg9DAJ",
    "email": "admin@example.com",
    "first_name": "Fatimah",
    "last_name": "Larson",
    "full_name": "Fatimah Larson",
    "selected_locale": null,
    "created_at": "2026-07-07T19:23:43.601Z",
    "updated_at": "2026-07-07T19:23:43.884Z",
    "avatar_url": null,
    "roles": [
      {
        "id": "role_UkLWZg9DAJ",
        "name": "admin"
      }
    ]
  }
}
{
  "error": {
    "code": "password_reset_token_invalid",
    "message": "Password reset token is invalid or has expired."
  }
}

Authorizations

x-spree-api-key
string
header
required

Secret API key for admin access

Headers

x-spree-api-key
string
required

Path Parameters

id
string
required

The reset token from the emailed link

Body

application/json
password
string
required
Example:

"new-password-123"

password_confirmation
string
required
Example:

"new-password-123"

Response

password reset

token
string
required

JWT access token

user
object
required