# Start reset by password

Validates the current password and returns a reset token, which enables changing the user`s password

Endpoint: POST /v1/auth/password/reset/password/validate

## Request fields (application/json):

  - `prev_reset_token` (string)
    Reset token that contains mfa_required as true. Should be passed when initiating a second factor authentication, in case MFA is required for password reset flows.

  - `username` (string)
    The user's username. Pass either username or email, but not both.

  - `email` (string)
    The user's primary email address. Pass either username or email, but not both.

  - `phone_number` (string)
    The user's primary phone number. Pass only one of username, email, or phone_number, but not both.

  - `password` (string, required)
    The user's current password

  - `client_id` (string, required)

## Response 200 fields (application/json):

  - `result` (string, required)
    Reset token to be used when sending a reset request (/auth/password/reset)

## Response 403 fields (application/json):

  - `error_code` (string)
    Enum: "auth_locked", "auth_password_invalid_reset_token", "auth_invalid_credentials"

  - `message` (string)

## Response 404 fields (application/json):

  - `error_code` (string)
    Enum: "client_not_exist"

  - `message` (string)


