Change Password
Change the password for the authenticated user.
If MFA is enabled, you must provide a valid MFA code.
Request
curl -X POST https://api.fucksornot.com/api/auth/change-password \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"currentPassword": "OldPassword123!",
"newPassword": "NewPassword456!",
"confirmPassword": "NewPassword456!",
"mfaCode": "123456"
}'
Response
{
"success": true,
"message": "Password changed successfully. Please log in again.",
"requireRelogin": true
}
Forgot Password
Request a password reset email.
Request
curl -X POST https://api.fucksornot.com/api/auth/forgot-password \
-H "Content-Type: application/json" \
-d '{"email": "[email protected]"}'
Response
{
"message": "If an account with that email exists, a password reset link has been sent."
}
The response is always the same whether the email exists or not, to prevent email enumeration attacks.
Reset Password
Complete the password reset using the token from the email.
Request
curl -X POST https://api.fucksornot.com/api/auth/reset-password \
-H "Content-Type: application/json" \
-d '{
"token": "reset-token-from-email",
"newPassword": "NewPassword456!",
"confirmPassword": "NewPassword456!"
}'
Response
{
"success": true,
"message": "Password reset successfully"
}
Token Expiry
Reset tokens expire after a short period. If expired, request a new one via the forgot password endpoint.