> ## Documentation Index > Fetch the complete documentation index at: https://spreecommerce.org/docs/llms.txt > Use this file to discover all available pages before exploring further. # Reset password with token > Resets the password using a token received via email. Returns a JWT token on success (auto-login). ## OpenAPI ````yaml /api-reference/store.yaml patch /api/v3/store/password_resets/{token} openapi: 3.0.3 info: title: Store API contact: name: Spree Commerce url: https://spreecommerce.org email: hello@spreecommerce.org description: > Spree Store API v3 - Customer-facing storefront API for building headless commerce experiences. ## Authentication The Store API uses two authentication methods: ### API Key (Required) All requests must include a publishable API key in the `x-spree-api-key` header. ### JWT Bearer Token (For authenticated customers) After login, include the JWT token in the `Authorization: Bearer ` header. ### Order Token (For guest checkout) When creating an order, a `token` is returned. Include this in the `x-spree-token` header for guest access to that specific order. ## Response Format All responses are JSON. List endpoints return paginated responses with `data` and `meta` keys. ## Error Handling Errors return a consistent format: ```json { "error": { "code": "record_not_found", "message": "Product not found" } } ``` version: v3 servers: - url: http://{defaultHost} variables: defaultHost: default: localhost:3000 security: [] tags: - name: Authentication description: Customer authentication (login, logout, token refresh) - name: Product Catalog description: Products and categories - name: Carts description: Shopping cart management - name: Orders description: Order lookup - name: Customers description: Customer account, addresses, saved payment methods, and order history - name: Markets description: Markets, countries, currencies, and locales - name: Wishlists description: Customer wishlists - name: Policies description: Store policies (return policy, privacy policy, terms of service) - name: Digitals description: Digital product downloads paths: /api/v3/store/password_resets/{token}: patch: tags: - Authentication summary: Reset password with token description: >- Resets the password using a token received via email. Returns a JWT token on success (auto-login). parameters: - name: x-spree-api-key in: header required: true schema: type: string - name: token in: path required: true description: Password reset token from the email schema: type: string requestBody: content: application/json: schema: type: object properties: password: type: string minLength: 6 example: newsecurepassword password_confirmation: type: string example: newsecurepassword required: - password - password_confirmation responses: '200': description: password reset successful content: application/json: example: token: >- eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VyX3R5cGUiOiJjdXN0b21lciIsImp0aSI6ImNkNzQ5N2QzLTM5YjctNGYzMi04OGNiLWQzNWI1ODM2MWQxZCIsImlzcyI6InNwcmVlIiwiYXVkIjoic3RvcmVfYXBpIiwiZXhwIjoxNzc4NzE0ODA4fQ.tOwJzz71w-YuOe_DK0dHrNS4f1ZccZxLVRe5kSATM3M refresh_token: 5G4xXN5Vx6ThMLPdqLHAoyAp user: id: cus_UkLWZg9DAJ email: customer@example.com first_name: Jamal last_name: Berge phone: null accepts_email_marketing: false full_name: Jamal Berge available_store_credit_total: '0' display_available_store_credit_total: $0.00 addresses: [] default_billing_address: null default_shipping_address: null schema: $ref: '#/components/schemas/AuthResponse' '401': description: missing API key content: application/json: example: error: code: invalid_token message: Valid API key required schema: $ref: '#/components/schemas/ErrorResponse' '422': description: password confirmation mismatch content: application/json: example: error: code: validation_error message: Password confirmation doesn't match Password details: password_confirmation: - doesn't match Password schema: $ref: '#/components/schemas/ErrorResponse' security: - api_key: [] x-codeSamples: - lang: javascript label: Spree SDK source: |- import { createClient } from '@spree/sdk' const client = createClient({ baseUrl: 'https://your-store.com', publishableKey: '', }) const auth = await client.passwordResets.update( 'reset-token-from-email', { password: 'newsecurepassword', password_confirmation: 'newsecurepassword', } ) components: schemas: AuthResponse: type: object properties: token: type: string description: JWT access token refresh_token: type: string description: Refresh token for obtaining new access tokens user: $ref: '#/components/schemas/Customer' required: - token - refresh_token - user ErrorResponse: type: object properties: error: type: object properties: code: type: string example: record_not_found message: type: string example: Record not found details: type: object description: Field-specific validation errors nullable: true example: name: - is too short - is required email: - is invalid required: - code - message required: - error example: error: code: validation_error message: Validation failed details: name: - is too short email: - is invalid Customer: type: object properties: id: type: string email: type: string first_name: type: string nullable: true last_name: type: string nullable: true phone: type: string nullable: true accepts_email_marketing: type: boolean full_name: type: string available_store_credit_total: type: string display_available_store_credit_total: type: string addresses: type: array items: $ref: '#/components/schemas/Address' default_billing_address: allOf: - $ref: '#/components/schemas/Address' nullable: true default_shipping_address: allOf: - $ref: '#/components/schemas/Address' nullable: true required: - id - email - first_name - last_name - phone - accepts_email_marketing - full_name - available_store_credit_total - display_available_store_credit_total - addresses - default_billing_address - default_shipping_address x-typelizer: true Address: type: object properties: id: type: string first_name: type: string nullable: true last_name: type: string nullable: true full_name: type: string address1: type: string nullable: true address2: type: string nullable: true postal_code: type: string nullable: true city: type: string nullable: true phone: type: string nullable: true company: type: string nullable: true country_name: type: string country_iso: type: string state_text: type: string nullable: true state_abbr: type: string nullable: true quick_checkout: type: boolean is_default_billing: type: boolean is_default_shipping: type: boolean state_name: type: string nullable: true required: - id - first_name - last_name - full_name - address1 - address2 - postal_code - city - phone - company - country_name - country_iso - state_text - state_abbr - quick_checkout - is_default_billing - is_default_shipping - state_name x-typelizer: true securitySchemes: api_key: type: apiKey name: x-spree-api-key in: header description: Publishable API key for store access ````