Password Reset Notifications

Secure, reliable password reset notifications that actually reach your users.

Create Free AccountView API docs

Instant delivery

Password reset emails delivered in seconds, not minutes. Users don't wait.

SMS fallback

Configure SMS as a fallback channel when email delivery fails.

Security alerts

Notify users when their password is changed, from a new device, or suspicious activity detected.

Expiring links

Dynamic templates with time-limited reset tokens and clear expiration messaging.

Multi-channel delivery

Send reset links via email and SMS simultaneously for redundancy.

Delivery confirmation

Know when reset notifications are delivered so you can troubleshoot failed attempts.

How it works

typescript
// When user requests password reset
const resetToken = generateSecureToken();
await saveResetToken(user.id, resetToken, expiresIn: '1h');

await sendivent
  .event('password.reset')
  .to({
    email: user.email,
    phone: user.phone // Optional SMS fallback
  })
  .payload({
    resetUrl: `https://app.example.com/reset?token=${resetToken}`,
    expiresIn: '1 hour',
    requestedFrom: request.ip,
    requestedAt: new Date().toISOString()
  })
  .send();

Implementation steps

1

User requests reset

Generate a secure token and store it with an expiration time.

2

Send the notification

Trigger the password.reset event with the reset link to Sendivent.

3

User completes reset

Optionally send a password.changed confirmation for security.

Security-first password reset

Password reset is a security-critical flow. A poorly implemented reset can be a major vulnerability. Sendivent helps you get it right:

  • Deliverability matters — if the reset email lands in spam, users can't recover their account
  • Speed matters — every second of delay frustrates users and increases support tickets
  • Backup channels — SMS provides a reliable fallback when email fails

Complete password security flow

Beyond the reset itself, consider the full security notification flow:

  1. password.reset — the reset link email/SMS
  2. password.changed — confirmation after successful reset
  3. login.new_device — alert when logging in from unknown device
  4. login.suspicious — alert for unusual login patterns

Each notification reinforces account security and builds user trust. For a complete picture of critical user notifications, see our user onboarding guide.

Implementation with Sendivent

Email Template

<h2>Reset your password</h2>

<p>Hi {{user.name}},</p>

<p>We received a request to reset your password. Click the button below to choose a new one:</p>

<a href="{{payload.resetUrl}}" style="...">Reset Password</a>

<p><strong>This link expires in {{payload.expiresIn}}.</strong></p>

{{#if payload.requestedFrom}}
<p style="color: #666; font-size: 12px;">
  Requested from IP: {{payload.requestedFrom}} at {{formatDate payload.requestedAt "MMM D, h:mm A"}}
</p>
{{/if}}

<p>If you didn't request this, you can safely ignore this email.</p>

SMS Template

Your {{payload.appName}} password reset code: {{payload.code}}. Expires in {{payload.expiresIn}}. Don't share this code.

Triggering the notification

await sendivent
  .event('password.reset')
  .to({ email: user.email, phone: user.phone })
  .payload({
    resetUrl: `https://app.example.com/reset?token=${token}`,
    code: shortCode,  // For SMS
    expiresIn: '1 hour',
    appName: 'YourApp'
  })
  .send();

Best practices

  • Always include when and where the reset was requested
  • Set short expiration times (1 hour max)
  • Send confirmation when password is actually changed
  • Consider SMS for high-security accounts
  • Implement rate limiting in your application to prevent abuse

Ensure your password resets actually land. Create a free account and get enterprise-grade deliverability backed by AWS SES. The password.reset event template is ready to go—just wire it up.

Frequently asked questions

How quickly are password reset emails delivered?

Password reset emails are typically delivered within seconds. Fast delivery is critical for this use case since users are actively waiting.

Can I send password resets via SMS instead of email?

Yes, you can use SMS as a primary channel or as a fallback. SMS is great for high-security accounts or when email deliverability is a concern.

How do I prevent abuse of the password reset flow?

Sendivent's API includes rate limiting to prevent abuse. For additional protection, implement token expiration and track reset attempts per user or IP in your application.

Should I send a confirmation after password is changed?

Yes, sending a password.changed confirmation is a security best practice. It alerts users if someone else changed their password.

Related content

Comparison
Sendivent vs Email-Only Approach

Still relying only on email for product notifications? Learn why multi-channel matters and when to expand beyond the inbox.

Read more
Use Case
Order Confirmation Notifications

Send order confirmations, shipping updates, and delivery notifications via email and SMS with Sendivent's multi-channel API.

Read more
Comparison
Sendivent vs SendGrid

Compare Sendivent and SendGrid for notifications. See how modern multi-channel compares to SendGrid's email platform.

Read more
Feature
Transactional Email Deliverability That Just Works

Transactional email deliverability that just works. Automatic authentication, bounce handling, suppression, and delivery logs—all handled for you.

Read more
Use Case
Payment Notification Alerts

Send payment confirmations, failed payment alerts, and billing reminders via email and SMS with Sendivent.

Read more
Comparison
Sendivent vs Customer.io

Compare Sendivent and Customer.io for product notifications. See how Sendivent's developer-first approach compares to Customer.io's marketing automation platform.

Read more

Readytogetstarted?

Start sending password reset notifications in minutes with Sendivent's simple API.

Free to start
No credit card required
5 minute setup