Skip to content

Password Reset

Backendless supports two kinds of password reset:

  1. Reset to system (backend) generated password.
  2. Reset to password assigned by the user.

With the first option, an email is sent to the user with a regenerated password assigned to the user account. With the second option, an email is sent with a link to a webpage which contains a form where the user can enter the new password.

You can choose the type of reset for your application using Backendless Console. To change the password reset approach navigate to Users > Email Templates and select either User requests password recovery or User requests password recovery by link. Only one of these options can be active at a time. To make an option active, make sure the Do not send email for the event checkbox is not selected. If you make a change, make sure to click the SAVE button at the bottom of the screen.

For example, the following screenshot shows a configuration where the system will send out a link so the user can assign his own password. Notice the red color for the User requests password recovery option - this indicated that the option is disabled for the app:


In both cases (system-assigned or user-assigned passwords), the password reset sequence must initiated through the API. When the system assigns a password, it is still possible to update the user password using the Data Service API.

For the "password change via a link" option Backendless provides a default HTML form the link in the email points to. The HTML page is located in the File storage of the application where it can be edited and customized for branding purposes. The files are located in the /web/templates/change_password directory:






Argument                Description
<application-id> the ID of your application generated upon its creation. You can obtain the value in the Manage > App Settings section of the Backendless Console.
<REST-api-key> REST API key of your application. You can obtain the value in the Manage > App Settings section of the Backendless Console.
<user-identity-property> -a value for the property marked as identity. The value must be URL-encoded.


When the server-side reports an error, it returns a JSON object in the following format:


The following errors may occur during the Password Recovery API call. See the Error Handling section for details on how to retrieve the error code when the server returns an error.

Error Code
Version is disabled or provided wrong application info (application id or secret key)
Unable to find user with the specified login (invalid user identity).
General password recovery error. Additional details should be available in the "message" property of the response.
One of the requirement arguments (application id, version or user identity) is missing.