How do I reset my password?
Quick answer
Section titled “Quick answer”On the login page, click “Forgot password?”, enter your email address, and submit the request. If an account exists, you’ll receive an email with a reset link (valid for 60 minutes by default). Use the link to set a new password (at least 8 characters), then log in with it.
Prerequisites
Section titled “Prerequisites”The “Forgot password?” link only appears if your administrator has enabled self-service password reset and an email server (SMTP) is configured. If the link is missing, contact your administrator — they can set a new password for you directly or send a reset link (see Users & Roles). If you’re already logged in and just want to change your password, use Manage your profile.
Instructions
Section titled “Instructions”-
Open “Forgot password?”. On the login page, click “Forgot password?” below the password field.
Screenshot pendingerste-schritte-passwort-reset-01Login form with the 'Forgot password?' link highlighted below the password fieldThe 'Forgot password?' link on the login page (only with self-service reset enabled). -
Enter your email address. Enter your account email and click “Send link”. The notice “If the email exists, a reset link has been sent.” appears — this message always shows, regardless of whether the address is registered.
Screenshot pendingerste-schritte-passwort-reset-02'Reset password' form with the email field, the 'Send link' button, and a confirmation noticeAfter submitting, Notory gives a neutral confirmation that a link was sent. -
Open the link in the email. Open the “Reset password” email and click the button in the message. You’ll land on the “Set a new password” page.
-
Set a new password. Enter the new password and confirm it (both must match, at least 8 characters) and click “Change password”. On success, “Your password has been changed. You can now sign in.” appears.
Screenshot pendingerste-schritte-passwort-reset-03'Set a new password' form with the fields New password and Confirm passwordUse the link from the email to set a new password.
The reset consists of two steps: requesting a link and confirming it with the token.
curl -X POST https://demo.notory.io/api/v1/auth/password/reset \ -H "Content-Type: application/json" \ -d '{ "email": "max.mustermann@example.com" }'The response is always identical — even for unknown addresses, to prevent conclusions about which accounts exist:
{ "message": "If the email exists, a password reset link has been sent" }You redeem the token from the email (the token parameter in the link
URL) for a new password:
curl -X POST https://demo.notory.io/api/v1/auth/password/reset/confirm \ -H "Content-Type: application/json" \ -d '{ "token": "TOKEN-AUS-DER-EMAIL", "new_password": "neues-sicheres-passwort" }'{ "message": "Password has been reset successfully" }Possible errors: 400 (token invalid, already used, or expired), 429
(rate limit reached when requesting).
What happens behind the scenes?
Section titled “What happens behind the scenes?”- Gating: Self-service reset only works if it’s enabled (instance setting or ENV default). If it’s off, the request is silently ignored — no email goes out. Controlled under Admin → Login & Security → “Self-service password reset (login screen)”. Requires a configured SMTP server.
- No user enumeration: The confirmation is always the same, regardless of whether the email exists. This prevents anyone from figuring out which addresses are registered.
- One-time token: The link contains a single-use token, which is stored only as a SHA-256 hash and is valid for 60 minutes by default. It’s invalidated after use.
- Email content: The message is sent in your account or instance language (German or English), with the instance’s branding and legal links (imprint/privacy policy/terms).
- Rate limit: Requests are limited per IP address (default 60/minute).
- Audit log: A completed reset is logged as a password change.
- Admin path: Alternatively, an administrator can set a password directly in user management or send a reset link to the address on file.
Related topics
Section titled “Related topics”- Log in
- Manage your profile — changing your password while logged in
- Set up 2FA
- Users & Roles — admin sets a password / sends a reset link