Nasrul Hazim Bin Mohamad

Reset Your Password from API


As you may know, Laravel provide a scaffold auth, which include reset/forgot password on web applications side. But what if you have a mobile application that need to reset password from the mobile application?

In this post, I’ll show you how to reset user’s password from an API in Laravel.

UPDATE 02/07/2017:

In case you’re looking for App\Transformers\Json, you basically can create a class called Json in app/Transformers directory.

In the Json class:


namespace App\Transformers;

class Json
    public static function response($data = null, $message = null)
        return [
            'data'    => $data,
            'message' => $message,

Please make sure to composer dumpautoload -o afterward.

20 Responses to Reset Your Password from API

  1. $token = $this->broker()->createToken($user);
    got error broker not found

  2. Hey ther! Thanks for the tutorial, but I’m not quite sure what to do with the token that generates the application. What should I do with that response?
    Thanks in advance

  3. App\Transformers\Json
    not found !
    How do i make it work sir ?

  4. How and where can I specify different guard user?

  5. $token = $this->broker()->createToken($user);
    got error broker not found

  6. This needs further user validation.
    Any user can reset the password of another user just by knowing the email address.

  7. Question, won’t this allow someone to reset anybody’s password? You probably want the token to be sent to the email still, to validate whether the user is allowed to reset this password.

  8. José Carlos de Almeida Júnior

    not found !
    How do i make it work sir ?

    • nasrulhazim.m

      ahh..i’m trying to find back where I put my codes for the Transformers part, but couldn’t find it.

      But what it does it’s basically transform from one data structure to another data structure format so that the response will be standard across the application.

      I’ll update my post shortly how to make one Json Transformer based on this article.

  9. This seems highly insecure as Adam Tomat said.

    • nasrulhazim.m

      yes, it’s just a POC to make the possibility to reset the password from API – you may need to implement back the way how the web version working OR use 2FA to reset OR use SMS Code to reset the password.

  10. With the release of Laraven and Lumen 5.5 – Is there a probability where you can make another tutorial of this feature using only Lumen 5.5 stateless API instead? Thank you beforehand.

  11. Thank you, but it is insecure, How can I send token via email ?

  12. User must implement CanResetPassword interface.

    I am getting above error. Is there any solution.

Leave a Reply

Your email address will not be published. Required fields are marked *

eleven + 1 =