Depending on what type of app you have, you can either use the Management API directly, or our Authentication API.
Using our Management API requires that the client (your app) contacting our API is highly trusted, because you’ll first need to obtain a Management API access token. This involves storing client_id and client_secret on the app’s side.
The best option from a security standpoint is to use the Authentication API to issue a password reset flow. The user would get an email with a link that they have to click to change their password.