There are many ways to achieve the result of importing users and changing passwords. It is going to rely largely on your desired UX.
Regarding your current solution:
This can also be achieved using the user import/export extension. This allows you to upload a file and not have to interface with an API. Also allows you to monitor progress. Either option will work.
You will likely run into management api rate limits when making this many requests so rapidly. You need to be prepared for that or find another solution (see below).
Alternative solutions:
Automatic Migration:
You can use a automatic migration strategy. This strategy will go undetected by your users and happens over time. It requires a paid account, but you will need that if you have 10k users. It also requires you to have a user database currently set up, but that might not be a problem. The details are laid out below.
Bulk Migration and Password Reset Through Rules:
This solution is going to be similar to your current suggestion. You will require a password reset when a user tries to log in, rather than sending a large batch email and making 20k API requests.
Import your users with the user import/export extension or using /api/v2/jobs/users-imports.
Create a rule that checks if they have logged in, if they have not logged in since the migration, prompt to reset password before they can log in. The rule will look something like this:
function (user, context, callback) {
if (!user.last_password_reset) {
return callback(new UnauthorizedError('please change your password'));
}
callback(null, user, context);
}
You will be passed the error, and can make it a custom page with your own language if you desire.
We are currently seeking feedback to improve our User Invitation flow. If you have a moment, please take a second to checkout this feedback opportunity with one of product managers.