There’s a docs page for this use case,
however it only mentions the raw API endpoints for email verification / email reset.
One approach that isn’t mentioned on that page is the use of Rules.
You could create a rule that checks for the user.last_password_reset attribute and if such isn’t set, you would trigger the password reset flow, also within the Rule, via Management API call.
These sample rules might be worth a look: