# Password reset **POST /callbacks/password-reset** During a password reset the user is only able to provide the HAVE using the email address. In order to retain the user data the user has to provide a second factor, either HAVE or KNOW. The `prove` can be done with *PIN* (KNOW) or the *device OTP* (HAVE). This callback is called before the password of the user is reset. If the user is able to provide his/her `prove` correctly the data of the user remain untouched. In case the `prove` is in correctly provided for more than 3 times, the critical data e.g. payment data of the user is deleted in order to prevent theft. * `404` is returned in case the user has no `prove` defined. * `410` is returned in case the `prove` didn't match multiple times, the user data will be deleted for safety reasons. * `422` is returned in case the the `prove` is incorrect. ## Servers - Production server (stable release 2021-2): https://api.pace.cloud/user/2021-2 (Production server (stable release 2021-2)) ## Authentication methods - OAuth2 - Oidc ## Parameters ### Body: application/vnd.api+json (object) - **data** (object) ## Responses ### 204 PIN is correct, data will be retained ### 401 OAuth token missing or invalid or a linked identity is missing. Linked identity missing is a special case where you need to make sure that the user has additionally logged in / authorized with a third-party. This is not relevant for most use-cases. The specific error code that identifies a missing linked identity is `missing-linked-identity` Example: ``` { "errors": [ { "id": "cbgmhslmp1o9or9kh1p0", "title": "Missing linked identity for authorized access", "detail": "Linked identity is needed to access this resource, please check why the user does not have a linked identity", "status": "401", "code": "missing-linked-identity" } ] } ``` #### Body: application/vnd.api+json (object) - **errors** (array[object]) ### 403 Forbidden #### Body: application/vnd.api+json (object) - **errors** (array[object]) ### 404 Resource not found #### Body: application/vnd.api+json (object) - **errors** (array[object]) ### 410 Resource is gone #### Body: application/vnd.api+json (object) - **errors** (array[object]) ### 422 The request was well-formed but was unable to be followed due to semantic errors. #### Body: application/vnd.api+json (object) - **errors** (array[object]) ### 501 Internal server error #### Body: application/vnd.api+json (object) - **errors** (array[object]) [Powered by Bump.sh](https://bump.sh)