Skip to main content

Password Reminder

Sometimes users forget the password for applications. Hence, applications need to provide the password reminder utility to their users. Hypi facilitates password reminder functionality to its client.

Client applications can reset Accountā€™s password using Hypi. Hypi has an in-built PasswordReminderĀ data type. Create a PasswordReminder object and a verification code will be sent to the userā€™s email id. In turn, Hypi will accept the new password and the verification code in the form of JSON through an endpoint. And the account password will get reset.

Letā€™s look at the PasswordReminder structure.

type PasswordReminderĀ {
valid:Ā Boolean
code:Ā String
to:Ā Email!
from:Ā String
subject:Ā String
htmlMessage:Ā String
plainTextMessage:Ā String
}
ParameterDescriptionExample
validThe valid field is ā€˜trueā€™ when the object is created. It becomes ā€˜falseā€™ after the password reset.True
codeThe verification ā€˜codeā€™ is included in the email sent. Generated by the server. No need to provide the value01F21B593SD5VK JQYWS8N38H1F
toThe email account of the userEmail data type
fromThe email from which the email will be sent to the user. You MUST have a Hypi email app configured to send email from this address. (Optional field)Valid email id
subjectThe subject of the email, this is a velocity template - Hypi provides a default such as "Please verify your email to"ā€œChange Passwordā€
htmlMessageThe HTML contents of the email. This is a Velocity template that will be rendered before being sent.-
plainTextMessageA plain text version of the email-

Example#

Create a passwordReminder object with required values such as email id, subject, etc. Other fields are optional. A valid passwordReminder object will get created and the verification code gets generated. Ā The generated code in theĀ codeĀ field can be referenced using $!{parent.code} in theĀ htmlMessageĀ orĀ plainTextMessageĀ fields.

mutation Upsert($values: HypiUpsertInputUnion!) {
upsert(values: $values) {
id
}
}

Verify the PasswordReminder object details and check the email in the ā€˜toā€™ field for the verification code.

Email:

Hi,

Your password reset code is 01F21B593SD5VKJQYWS8N38H1F.

In the HTML / Plain message, you should also provide a link to a URL where the user can enter their new password.

Include the code in this URL e.g. https://my-app.com/reset-password?code=$!{parent.code}.

When the user gets to this page, you will have the password reset code in the URL query string. Get this code from the URL and when the user enters the new password, make a POST request to the Hypi API as follows.

POST <hypi-domain>/email/reset/\<domain\>

Here \<domain> is app instance domain and hypi domain is https://api.hypi.app.

E.g. https://api.hypi.app/email/reset/scalability.apps.hypi.app

scalability.apps.hypi.app is the instance domain on Hypi.

In the body of the request send a JSON like this:

{
"code": "\<the-code-from-the-URL>",
"password": "\<the-user's-new-password>"
}

Send curl Query to reset password:

curl --data-raw '{"code":"01F21B593SD5VKJQYWS8N38H1F","password":"cool"}' --header ā€œcontent-type:application/jsonā€ https://api.hypi.app/email/reset/scalability.apps.hypi.app

Hypi will change the user's password and return HTTP status 200.

The passwordReminder object becomes invalid with this.

{
"data": {
"find": {
"edges": [
{
"node": {
"code": "01F21B593SD5VKJQYWS8N38H1F",
"valid": false,
"htmlMessage": " Hi ,<br />\n Your password reset code is .\n "
},
"cursor": "01F21B59239BT23Z6MA7QQ43FH"
}
]
}
}
}