Skip to main content

Password Reminder

Sometimes users forget the password for applications. Hence, applications need to provide the password reminder utility to their users. Hypi facilitates password reminder functionality to its client.

Client applications can reset Account’s password using Hypi. Hypi has an in-built PasswordReminder data type. Create a PasswordReminder object and a verification code will be sent to the user’s email id. In turn, Hypi will accept the new password and the verification code in the form of JSON through an endpoint. And the account password will get reset.

Let’s look at the PasswordReminder structure.

type PasswordReminder {
valid: Boolean
code: String
to: Email!
from: String
subject: String
htmlMessage: String
plainTextMessage: String
validThe valid field is ‚Äėtrue‚Äô when the object is created. It becomes ‚Äėfalse‚Äô after the password reset.True
codeThe verification ‚Äėcode‚Äô is included in the email sent. Generated by the server. No need to provide the value01F21B593SD5VK JQYWS8N38H1F
toThe email account of the userEmail data type
fromThe email from which the email will be sent to the user. You MUST have a Hypi email app configured to send email from this address. (Optional field)Valid email id
subjectThe subject of the email, this is a velocity template - Hypi provides a default such as "Please verify your email to"‚ÄúChange Password‚ÄĚ
htmlMessageThe HTML contents of the email. This is a Velocity template that will be rendered before being sent.-
plainTextMessageA plain text version of the email-


Create a passwordReminder object with required values such as email id, subject, etc. Other fields are optional. A valid passwordReminder object will get created and the verification code gets generated.  The generated code in the code field can be referenced using $!{parent.code} in the htmlMessage or plainTextMessage fields.

mutation Upsert($values: HypiUpsertInputUnion!) {
upsert(values: $values) {

Verify the PasswordReminder object details and check the email in the ‚Äėto‚Äô field for the verification code.



Your password reset code is 01F21B593SD5VKJQYWS8N38H1F.

In the HTML / Plain message, you should also provide a link to a URL where the user can enter their new password.

Include the code in this URL e.g.$!{parent.code}.

When the user gets to this page, you will have the password reset code in the URL query string. Get this code from the URL and when the user enters the new password, make a POST request to the Hypi API as follows.

POST <hypi-domain>/email/reset/\<domain\>

Here \<domain> is app instance domain and hypi domain is

E.g. is the instance domain on Hypi.

In the body of the request send a JSON like this:

"code": "\<the-code-from-the-URL>",
"password": "\<the-user's-new-password>"

Send curl Query to reset password:

curl --data-raw '{"code":"01F21B593SD5VKJQYWS8N38H1F","password":"cool"}' --header ‚Äúcontent-type:application/json‚ÄĚ

Hypi will change the user's password and return HTTP status 200.

The passwordReminder object becomes invalid with this.

"data": {
"find": {
"edges": [
"node": {
"code": "01F21B593SD5VKJQYWS8N38H1F",
"valid": false,
"htmlMessage": " Hi ,<br />\n Your password reset code is .\n "
"cursor": "01F21B59239BT23Z6MA7QQ43FH"