API Documentation: Reset Password/PIN

This API provides a secure and multi-step process for users to reset their account passwords or PINs. It involves requesting an OTP, verifying the OTP, and then performing the credential reset with dual verification.

---

Base URL

The API endpoint for this service is:

https://techvibs.com/bank/api_general/reset_credentials_api.php

---

1. Request OTP for Reset

This action initiates the reset process by sending a One-Time Password (OTP) to the user's registered email address.

Request

• Method: POST
• Headers:
  • Content-Type: application/json
• Body (JSON):

  {
      "action": "request_reset",
      "type": "password" | "pin",
      "user_identifier": "account_number_or_username"
  }
  

  Field Name	Type	Required	Description
  action	string	Yes	Must be "request_reset".
  type	string	Yes	The type of credential to reset. Can be "password" or "pin".
  user_identifier	string	Yes	The user's account number or username.

Responses

• 200 OK (Success):

  {
      "success": true,
      "message": "OTP sent to your email.",
      "otp_service": {
          "success": true,
          "message": "OTP successfully sent."
      }
  }
  

  • success: (boolean) Always true for successful OTP request.
  • message: (string) A descriptive success message.
  • otp_service: (object) Details from the internal OTP service.
• 500 Internal Server Error (Error):

  {
      "success": false,
      "message": "No user found for this identifier"
  }
  

  OR

  {
      "success": false,
      "message": "Failed to send OTP",
      "otp_service": {
          "success": false,
          "message": "Email service failed"
      }
  }
  

  • success: (boolean) Always false for errors.
  • message: (string) A descriptive error message.
  • otp_service: (object, optional) Contains details from the OTP service if available.

---

2. Verify OTP

This action verifies the OTP provided by the user against the one sent to their email.

Request

• Method: POST
• Headers:
  • Content-Type: application/json
• Body (JSON):

  {
      "action": "verify_otp",
      "type": "password" | "pin",
      "user_identifier": "account_number_or_username",
      "otp": "6-digit_otp"
  }
  

  Field Name	Type	Required	Description
  action	string	Yes	Must be "verify_otp".
  type	string	Yes	The type of credential being reset. Can be "password" or "pin".
  user_identifier	string	Yes	The user's account number or username.
  otp	string	Yes	The 6-digit OTP received by the user.

Responses

• 200 OK (Success):

  {
      "success": true,
      "message": "OTP verified successfully"
  }
  

  • success: (boolean) Always true for successful OTP verification.
  • message: (string) A descriptive success message.
• 500 Internal Server Error (Error):

  {
      "success": false,
      "message": "OTP verification failed",
      "otp_service": {
          "success": false,
          "message": "Invalid OTP"
      }
  }
  

  • success: (boolean) Always false for errors.
  • message: (string) A descriptive error message.
  • otp_service: (object, optional) Contains details from the OTP service if verification failed.

---

3. Reset Password/PIN

This final action updates the user's password or PIN after successful OTP verification and dual credential verification.

Request

• Method: POST
• Headers:
  • Content-Type: application/json
• Body (JSON):

  {
      "action": "reset",
      "type": "password" | "pin",
      "user_identifier": "account_number_or_username",
      "otp": "6-digit_otp",
      "new_credential": "new_password_or_pin",
      "other_credential": "current_pin_if_resetting_password" | "current_password_if_resetting_pin"
  }
  

  Field Name	Type	Required	Description
  action	string	Yes	Must be "reset".
  type	string	Yes	The type of credential to reset. Can be "password" or "pin".
  user_identifier	string	Yes	The user's account number or username.
  otp	string	Yes	The 6-digit OTP that was successfully verified.
  new_credential	string	Yes	The new password or PIN. For passwords, it must be at least 8 characters, with uppercase, lowercase, number, and special character.
  other_credential	string	Yes	If type is "password", this must be the user's **current PIN**. If type is "pin", this must be the user's **current password**.

Responses

• 200 OK (Success):

  {
      "success": true,
      "message": "Password updated successfully. Confirmation email sent."
  }
  

  OR

  {
      "success": true,
      "message": "PIN updated successfully. Could not send confirmation email."
  }
  

  • success: (boolean) Always true for successful credential reset.
  • message: (string) A descriptive success message, indicating if the confirmation email was sent.
• 500 Internal Server Error (Error):

  {
      "success": false,
      "message": "Missing required parameters"
  }
  

  OR

  {
      "success": false,
      "message": "Incorrect PIN. You must provide your current PIN to reset your password."
  }
  

  OR

  {
      "success": false,
      "message": "Failed to update password. Account not found or no changes made."
  }
  

  • success: (boolean) Always false for errors.
  • message: (string) A descriptive error message.
  • otp_service: (object, optional) Contains details from the OTP service if available.