Remove email address from the password reset redirect URL

Problem statement

We noticed that the password reset redirect URL includes the user email, such as below. How to remove the email?

https://{{redirect_to_url_in_change_password_template}}?email=testuser.email%2B4r4%40test.com&success=true&message=You%20can%20now%20login%20to%20the%20application%20with%20the%20new%20password.

Solution

If users reset passwords from the login page: switch off the includeEmailInRedirect flag with the below endpoint:

PATCH /api/v2/email-templates/reset_email { "includeEmailInRedirect": false }

OR

PATCH /api/v2/email-templates/verify_email{ "includeEmailInRedirect": false}2. password reset is triggered by called the POST password-change endpoint

In this case, please add “includeEmailInRedirect”: false. Here is the sample payload.

POST/api/v2/tickets/password-change

{
"result_url": "[https://yoururl.com/"](https://yoururl.com/)",
"connection_id": "con_xxxxxx",
"email": "[name@testuser.com](mailto:name@testuser.com)",
"includeEmailInRedirect": false
}