Request a password reset code
POST/auth/forgot-password
Triggers Cognito ForgotPassword for the user's tenant. Always returns { ok: true } for unknown users so the endpoint cannot enumerate accounts.
Request
Responses
- 200
- 400
- 429
Reset code dispatched (or email did not match — response is identical).
Request rejected (missing email, internal failure).
Cognito rate limit hit (too_many_attempts_try_later).