Forgot Password
POST
/web/v1/users/self/auth/password/forgotNoneInitiates the password reset flow by sending a reset link to the user's registered email address. Requires Turnstile verification to prevent abuse.
Authentication
Auth Chain: WEB Chain — no JWT required (pre-authentication endpoint) These headers are injected by the system (frontend does nothing):
X-PORTAL-ACCESS-CODE(Nginx),X-Request-Id(Gateway) Additionally requiresX-Turnstile-Tokenheader for Cloudflare Turnstile verification.
Request Parameters
| Name | Type | Required | In | Description |
|---|---|---|---|---|
rawRequestBody | String | Yes | body | Encrypted request payload (parsed server-side) |
Success Response
Success200
{
"version": "1.3.0",
"timestamp": 1709337600000,
"success": true,
"code": "2000",
"message": "SUCCESS",
"data": {
"sent": true,
"maskedEmail": "u***@example.com"
}
}Error Responses
Unauthorized401
{
"success": false,
"code": "4010",
"message": "Invalid or expired token"
}Notes
- Requires Cloudflare Turnstile verification via the
X-Turnstile-Tokenheader. - Rate limited to 3 requests per 300-second window.
- The request body is strictly validated; unknown properties will cause a rejection.