PasswordReset

Secure, reliable password reset notifications that actually reach your users.

Start free View API docs

Instant delivery

Password reset emails delivered in seconds, not minutes. Users don't wait.

SMS fallback

If email doesn't reach them, send a reset code via SMS as backup.

Security alerts

Notify users when their password is changed, from a new device, or suspicious activity detected.

Expiring links

Dynamic templates with time-limited reset tokens and clear expiration messaging.

Brute force protection

Rate limiting built-in so attackers can't abuse your reset flow.

Audit trail

Track every reset request and completion for security compliance.

How it works

typescript

// When user requests password reset
const resetToken = generateSecureToken();
await saveResetToken(user.id, resetToken, expiresIn: '1h');

await sendivent.send({
  event: 'password.reset',
  user: {
    email: user.email,
    phone: user.phone // Optional SMS fallback
  },
  payload: {
    resetUrl: `https://app.example.com/reset?token=${resetToken}`,
    expiresIn: '1 hour',
    requestedFrom: request.ip,
    requestedAt: new Date().toISOString()
  }
});

Implementation steps

User requests reset

Generate a secure token and store it with an expiration time.

Send the notification

Trigger the password.reset event with the reset link to Sendivent.

User completes reset

Optionally send a password.changed confirmation for security.

Security-first password reset

Password reset is a security-critical flow. A poorly implemented reset can be a major vulnerability. Sendivent helps you get it right:

Deliverability matters — if the reset email lands in spam, users can't recover their account
Speed matters — every second of delay frustrates users and increases support tickets
Backup channels — SMS provides a reliable fallback when email fails

Complete password security flow

Beyond the reset itself, consider the full security notification flow:

password.reset — the reset link email/SMS
password.changed — confirmation after successful reset
login.new_device — alert when logging in from unknown device
login.suspicious — alert for unusual login patterns

Each notification reinforces account security and builds user trust. For a complete picture of critical user notifications, see our user onboarding guide.

Best practices

Always include when and where the reset was requested
Set short expiration times (1 hour max)
Send confirmation when password is actually changed
Consider SMS for high-security accounts
Log all reset attempts for audit trails

Frequently asked questions

How quickly are password reset emails delivered?

Password reset emails are delivered within seconds. Fast delivery is critical for this use case since users are actively waiting.

Can I send password resets via SMS instead of email?

Yes, you can use SMS as a primary channel or as a fallback. SMS is great for high-security accounts or when email deliverability is a concern.

How do I prevent abuse of the password reset flow?

Sendivent includes rate limiting by default. You can also implement your own token expiration and track reset attempts in your application.

Should I send a confirmation after password is changed?

Yes, sending a password.changed confirmation is a security best practice. It alerts users if someone else changed their password.

Ready to get started?

Start sending password reset in minutes with Sendivent's simple API.