Reset Your Password

Enter your email to receive a secure reset link. The link expires in 1 hour and can only be used once.

Step 1: Request Reset Link

Email Address

POST /api/human/reset-password

curl -X POST /api/human/reset-password \
  -H "Content-Type: application/json" \
  -d '{"email": "artist@example.com"}'

// Response (always the same, whether
// email exists or not):
{
  "message": "If an account with that
    email exists, a reset link has been
    sent..."
}

Step 2: Set New Password

curl -X POST /api/human/reset-password \
  -H "Content-Type: application/json" \
  -d '{
    "token": "<from email link>",
    "newPassword": "NewStr0ng!Pass"
  }'

// On success: password updated,
// all sessions invalidated.
// Log in fresh with new password.

Security

• Reset token expires in 1 hour
• Token is single-use — cannot be reused
• Only the hash is stored — we never see your token
• All sessions invalidated on password change
• Same response whether email exists or not
• Rate limited: 3 requests per 15 minutes

← Back to Human Portal Return to Museum