Member Forget Password API Documentation

Complete API reference for Member Forget Password endpoints

Table of Contents

POST /v2/forget/password/otp
Request an OTP (One-Time Password) to be sent to the member's mobile number for password reset. This is the first step in the forget password flow.
Request

Headers:

Header Type Required Description
Content-Type string Yes application/json

Body:

Field Type Required Description
partnerKey string Yes Partner key/prefix identifier
mobileNumber string Yes Member mobile number
mobileNumberCountryCode string Yes Country code for mobile number (e.g., "+66", "+95")
Example Request: 
{
  "partnerKey": "ABC",
  "mobileNumber": "0912345678",
  "mobileNumberCountryCode": "+66"
}
Response

200 OK Success

Note: The otp field is only returned in development/staging environments. In production, the OTP is sent via SMS and not included in the response.

Development/Staging Response:

{
  "isSuccess": true,
  "statusCode": 200,
  "data": {
    "otp": "4496",
    "referCode": "7fp25p"
  }
}

Production Response:

{
  "isSuccess": true,
  "statusCode": 200,
  "data": {
    "referCode": "7fp25p"
  }
}

404 Not Found Agent not found

{
  "isSuccess": false,
  "statusCode": 404,
  "message": {
    "errorCode": "AGENT_NOT_FOUND",
    "errorMessage": "Agent not found"
  }
}

429 Too Many Requests Duplicate request detected

{
  "isSuccess": false,
  "statusCode": 429,
  "message": {
    "errorCode": "DUPLICATE_REQUEST",
    "errorMessage": "Duplicate request. Please try again after a short wait."
  }
}

500 Internal Server Error Unable to send OTP

{
  "isSuccess": false,
  "statusCode": 500,
  "message": {
    "errorCode": "UNABLE_TO_SEND_OTP",
    "errorMessage": "Unable to send OTP message"
  }
}
POST /v2/forget/password/otp/verify
Verify the OTP code sent to the member's mobile number. Upon successful verification, a forget password token is returned which can be used to change the password.
Request

Headers:

Header Type Required Description
Content-Type string Yes application/json

Body:

Field Type Required Description
partnerKey string Yes Partner key/prefix identifier
mobileNumber string Yes Member mobile number
otp string Yes OTP code received via SMS
Example Request: 
{
  "partnerKey": "ABC",
  "mobileNumber": "0912345678",
  "otp": "123456"
}
Response

200 OK Success

{
  "isSuccess": true,
  "statusCode": 200,
  "data": {
    "forgetPasswordToken": "uuid-token-here"
  }
}

Note: If OTP is disabled for the partner, the response will include skipOtp: true:

{
  "isSuccess": true,
  "statusCode": 200,
  "data": {
    "skipOtp": true,
    "forgetPasswordToken": "uuid-token-here"
  }
}

400 Bad Request Invalid OTP

{
  "isSuccess": false,
  "statusCode": 400,
  "message": {
    "errorCode": "OTP_INVALID",
    "errorMessage": "Invalid OTP"
  }
}

404 Not Found Member or Agent not found

{
  "isSuccess": false,
  "statusCode": 404,
  "message": {
    "errorCode": "MEMBER_NOT_FOUND",
    "errorMessage": "Member not found"
  }
}

410 Gone OTP expired 

{
  "isSuccess": false,
  "statusCode": 410,
  "message": {
    "errorCode": "OTP_EXPIRED",
    "errorMessage": "OTP expired"
  }
}

429 Too Many Requests Duplicate request detected

{
  "isSuccess": false,
  "statusCode": 429,
  "message": {
    "errorCode": "DUPLICATE_REQUEST",
    "errorMessage": "Duplicate request. Please try again after a short wait."
  }
}

500 Internal Server Error Unable to verify OTP

{
  "isSuccess": false,
  "statusCode": 500,
  "message": {
    "errorCode": "UNABLE_TO_VERIFY_OTP",
    "errorMessage": "Unable to verify OTP"
  }
}
POST /v2/forget/password
Change the member's password using the forget password token obtained from OTP verification. This is the final step in the forget password flow.
Request

Headers:

Header Type Required Description
Content-Type string Yes application/json

Body:

Field Type Required Description
forgetPasswordToken string Yes Forget password token obtained from OTP verification
newPassword string Yes New password for the member account
confirmNewPassword string Yes Confirmation of the new password (must match newPassword)
partnerKey string Yes Partner key/prefix identifier
mobileNumber string Yes Member mobile number
username string Optional Username (required if partner has alternate username enabled)
Example Request: 
{
  "forgetPasswordToken": "uuid-token-here",
  "newPassword": "newPassword123",
  "confirmNewPassword": "newPassword123",
  "partnerKey": "ABC",
  "mobileNumber": "0912345678",
  "username": "member123"
}
Response

200 OK Success

{
  "isSuccess": true,
  "statusCode": 200,
  "data": {
    "message": "Password changed successfully"
  }
}

400 Bad Request Password confirmation mismatch or invalid token

{
  "isSuccess": false,
  "statusCode": 400,
  "message": {
    "errorCode": "PASSWORD_CONFIRMATION_MISMATCH",
    "errorMessage": "Please enter the new password confirmation correctly"
  }
}

400 Bad Request Invalid token

{
  "isSuccess": false,
  "statusCode": 400,
  "message": {
    "errorCode": "INVALID_TOKEN",
    "errorMessage": "Invalid token"
  }
}

400 Bad Request Username required

{
  "isSuccess": false,
  "statusCode": 400,
  "message": {
    "errorCode": "USERNAME_REQUIRED",
    "errorMessage": "Please enter username"
  }
}

404 Not Found Member or Agent not found

{
  "isSuccess": false,
  "statusCode": 404,
  "message": {
    "errorCode": "MEMBER_NOT_FOUND",
    "errorMessage": "Member not found"
  }
}

410 Gone Token expired 

{
  "isSuccess": false,
  "statusCode": 410,
  "message": {
    "errorCode": "TOKEN_EXPIRED",
    "errorMessage": "Token expired"
  }
}

429 Too Many Requests Duplicate request detected

{
  "isSuccess": false,
  "statusCode": 429,
  "message": {
    "errorCode": "DUPLICATE_REQUEST",
    "errorMessage": "Duplicate request. Please try again after a short wait."
  }
}

Member Forget Password API Documentation © 2024