Forgot Password
POST
/web/v1/system/auth/password/forgot NoneInitiates the password reset flow by sending a reset link to the user's registered email address. Requires Turnstile verification to prevent abuse.
Required Headers
| Header | Example Value | Description |
|---|---|---|
| Content-Type | application/json | Request content type |
| Accept | application/json | Expected response type |
| X-Client-Hash | Client device fingerprint | |
| Accept-Language | en, zh, zh-Hant, ja, vi | Response language (default: en) |
Request Parameters
| Name | Type | Required | In | Description |
|---|---|---|---|---|
rawRequestBody | String | Required | body | Raw request body (encrypted via SecureChannel, auto-decrypted by the server) |
email | String | Required | body | User email address (max 255 chars) |
turnstileToken | String | Required | body | Cloudflare Turnstile verification token |
Request Example
json
{
"email": "user@example.com",
"turnstileToken": "0.xxx"
}Success Response
Success 200
{
"version": "2.0.0",
"timestamp": 1711929600000,
"success": true,
"code": "2000",
"message": "SUCCESS",
"data": {
"success": true,
"message": "If the email exists, a reset link will be sent"
}
}Error Responses
Too Many Requests 429
{
"success": false,
"code": "REQUEST.RATE_LIMITED",
"message": "Too many requests, please try again later"
}Notes
- Requires Cloudflare Turnstile verification via the
X-Turnstile-Tokenheader. - Rate limited to 3 requests per 300-second window.
- The request body is strictly validated; unknown properties will cause a rejection.
- This endpoint now requires
@SecureChannel— encrypted channel required.