# Password reset **POST /callbacks/password-reset** During a password reset the user is only able to provide the HAVE using the email address. In order to retain the user data the user has to provide a second factor, either HAVE or KNOW. The `prove` can be done with *PIN* (KNOW) or the *device OTP* (HAVE). This callback is called before the password of the user is reset. If the user is able to provide his/her `prove` correctly the data of the user remain untouched. In case the `prove` is in correctly provided for more than 3 times, the critical data e.g. payment data of the user is deleted in order to prevent theft. * `404` is returned in case the user has no `prove` defined. * `410` is returned in case the `prove` didn't match multiple times, the user data will be deleted for safety reasons. * `422` is returned in case the the `prove` is incorrect. ## Servers - Production server (stable release 2024-3): https://api.pace.cloud/user/2024-3 (Production server (stable release 2024-3)) ## Authentication methods - OAuth2 - Oidc ## Parameters ## Body parameters Content-type: application/vnd.api+json - **pin** (string) 4-digit code - **skip** (boolean) allows skipping credential verification ## Responses ### 204: PIN is correct, data will be retained ### 400: Bad request #### Body Parameters: application/vnd.api+json (object) - **errors** (array[object]) ### 401: OAuth token missing or invalid or a linked identity is missing. Linked identity missing is a special case where you need to make sure that the user has additionally logged in / authorized with a third-party. This is not relevant for most use-cases. The specific error code that identifies a missing linked identity is `missing-linked-identity` Example: ``` { "errors": [ { "id": "cbgmhslmp1o9or9kh1p0", "title": "Missing linked identity for authorized access", "detail": "Linked identity is needed to access this resource, please check why the user does not have a linked identity", "status": "401", "code": "missing-linked-identity" } ] } ``` #### Body Parameters: application/vnd.api+json (object) - **errors** (array[object]) ### 403: Forbidden #### Body Parameters: application/vnd.api+json (object) - **errors** (array[object]) ### 404: Resource not found #### Body Parameters: application/vnd.api+json (object) - **errors** (array[object]) ### 410: Resource is gone #### Body Parameters: application/vnd.api+json (object) - **errors** (array[object]) ### 422: The request was well-formed but was unable to be followed due to semantic errors. #### Body Parameters: application/vnd.api+json (object) - **errors** (array[object]) ### 501: Internal server error #### Body Parameters: application/vnd.api+json (object) - **errors** (array[object]) [Powered by Bump.sh](https://bump.sh)