Remove email address from the password reset redirect URL

konrad.sopala · July 26, 2023, 9:15am

Problem statement

We noticed that the password reset redirect URL includes the user email, such as below. How to remove the email?

https://{{redirect_to_url_in_change_password_template}}?email=testuser.email%2B4r4%40test.com&success=true&message=You%20can%20now%20login%20to%20the%20application%20with%20the%20new%20password.

Solution

If users reset passwords from the login page: switch off the includeEmailInRedirect flag with the below endpoint:

PATCH /api/v2/email-templates/reset_email { "includeEmailInRedirect": false }

OR

PATCH /api/v2/email-templates/verify_email{ "includeEmailInRedirect": false}2. password reset is triggered by called the POST password-change endpoint

In this case, please add “includeEmailInRedirect”: false. Here is the sample payload.

POST/api/v2/tickets/password-change

{
"result_url": "[https://yoururl.com/"](https://yoururl.com/)",
"connection_id": "con_xxxxxx",
"email": "[name@testuser.com](mailto:name@testuser.com)",
"includeEmailInRedirect": false
}

Topic		Replies	Views
includeEmailInRedirect flag is not working for removing Email from Redirect Link Help password-reset , redirect-rules	4	2032	November 3, 2022
Remove email address in password reset url querystring Help password-reset	3	3680	January 29, 2019
How to disable "Include Email In Redirect"? Help documentation	3	5071	June 2, 2020
After the password reset or email verification, redirected links have the user's email in it. How can I avoid it? Help password-reset , email-template , verification-email	3	3359	April 23, 2020
Redirect back URL after reseting password Help login-experience , reset-password-prompt-new-experience	8	4135	March 2, 2023

Remove email address from the password reset redirect URL

Problem statement

Solution

Related Topics