> ## Documentation Index > Fetch the complete documentation index at: https://docs.rinne.com.br/llms.txt > Use this file to discover all available pages before exploring further. # Reset password with verification code > Resets user password using the verification code sent during forgot password flow. Validates the code and sets the new password. ## OpenAPI ````yaml /api-spec.yaml post /v1/auth/reset-password openapi: 3.1.0 info: title: Rinne API version: 1.0.0 description: > **Rinne API** is a robust payment platform that offers integration with multiple payment providers. ## Authentication The API uses API Key authentication via the `x-api-key` header. Each company has a unique key to access resources. ## Response Format All responses follow a consistent format: - **Success**: Returns the requested data directly - **Error**: Returns an `error` object with detailed information ## Pagination Endpoints that return lists support pagination through parameters: - `page`: Page number (default: 1) - `limit`: Items per page (default: 20, maximum: 100) ## Supported Providers The API supports multiple payment providers: - **Rinne**: Internal provider - **Celcoin**: PIX integration and other financial services ## Raw Card Data (PCI Endpoints) Card credential fields (`card_data.number`, `card_data.cvv`, `card_data.network_token`, `card_data.cryptogram`, and the 3DS `card.number`) must always be sent encrypted — values start with the `ev:` prefix. Plaintext values are rejected with `400 VALIDATION_ERROR` on every host. There are two ways to send encrypted values: - **rinne-js**: card forms and wallet buttons (Apple Pay / Google Pay) encrypt credentials client-side before they leave the browser. - **PCI API host**: server-to-server integrations that handle raw card data must call `https://pci.api.rinne.com.br/core` (sandbox: `https://pci.api-sandbox.rinne.com.br/core`) instead of the regular host. This endpoint encrypts `number` and `cvv` in transit before the request reaches the API; all other fields pass through unchanged. The PCI host serves only transaction creation and 3DS session creation (both the self and merchant variants); use the regular host for everything else. contact: name: Rinne API Support email: suporte@rinne.com.br servers: - url: https://api-sandbox.rinne.com.br/core description: Sandbox - url: https://api.rinne.com.br/core description: Production security: [] tags: - name: System description: System and API health endpoints - name: Authentication description: User authentication and authorization endpoints - name: Management description: >- Merchant management endpoints - create, list, get specific, overview, update - name: Transactions description: Transaction operations for merchants - create, list, overview, refunds - name: Affiliations description: Affiliation management for merchants - name: Banking description: Banking operations for merchants - balance, cashout, statements - name: Bank Accounts description: Bank account management for merchants - name: Pix Keys description: PIX key management for merchants - name: Company Transactions description: Direct transaction management and query endpoints for companies - name: Companies description: Company management - name: Company Affiliations description: Payment provider affiliation management - name: Company Banking description: Company banking endpoints (balance, etc.) - name: Company Pix description: Company PIX key management - name: Company Ledger description: Company ledger entry query endpoints - name: Ledger description: Ledger entry query endpoints (company and merchants) - name: Webhooks description: Endpoints for receiving webhooks from external providers - name: Pricing description: Fee and cost policy management for transaction pricing - name: Users description: User management endpoints - name: Roles description: Role management endpoints - name: Permissions description: Permission management endpoints - name: Admin description: Admin management endpoints x-scalar-ignore: true paths: /v1/auth/reset-password: post: tags: - Authentication summary: Reset password with verification code description: > Resets user password using the verification code sent during forgot password flow. Validates the code and sets the new password. requestBody: required: true content: application/json: schema: type: object required: - identifier - code - new_password properties: identifier: type: string description: Email or phone number example: user@company.com code: type: string description: 6-digit verification code example: '123456' new_password: type: string format: password description: > New password. Must be at least 10 characters and include at least one number, one lowercase letter, one uppercase letter, and one special character. example: NewSecurePass123! responses: '200': description: Password reset successfully content: application/json: schema: type: object properties: message: type: string example: Password reset successfully '400': description: Validation error (invalid code, expired code, etc.) content: application/json: schema: $ref: '#/components/schemas/ValidationErrorResponse' '404': description: User not found content: application/json: schema: $ref: '#/components/schemas/NotFoundErrorResponse' '409': description: Code already used or expired content: application/json: schema: $ref: '#/components/schemas/ConflictErrorResponse' components: schemas: ValidationErrorResponse: type: object properties: error: type: object properties: code: type: string example: VALIDATION_ERROR message: type: string example: Validation error status: type: integer example: 400 details: type: object properties: issues: type: array items: type: object properties: field: type: string example: email type: type: string example: REQUIRED message: type: string example: Field 'email' is required value: anyOf: - type: string - type: number - type: boolean example: invalid_value constraints: type: object example: min: 18 max: 120 path: type: string example: /companies timestamp: type: string format: date-time example: '2023-12-01T10:00:00.000Z' requestId: type: string example: req_123456789 NotFoundErrorResponse: type: object properties: error: type: object properties: code: type: string example: RESOURCE_NOT_FOUND message: type: string example: Company with ID '123' not found status: type: integer example: 404 path: type: string example: /companies/me timestamp: type: string format: date-time example: '2023-12-01T10:00:00.000Z' requestId: type: string example: req_123456789 ConflictErrorResponse: type: object properties: error: type: object properties: code: type: string example: CONFLICT_ERROR message: type: string example: A bank account with this account_number and ispb already exists status: type: integer example: 409 details: type: object properties: field: type: string example: account_number value: type: string example: '12345678' path: type: string example: /companies/bank-accounts timestamp: type: string format: date-time example: '2023-12-01T10:00:00.000Z' requestId: type: string example: req_123456789 ````