Problem statement
We noticed that the password reset redirect URL includes the user email, such as below. How to remove the email?
https://{{redirect_to_url_in_change_password_template}}?email=testuser.email%2B4r4%40test.com&success=true&message=You%20can%20now%20login%20to%20the%20application%20with%20the%20new%20password.
Solution
If users reset passwords from the login page: switch off the includeEmailInRedirect flag with the below endpoint:
PATCH /api/v2/email-templates/reset_email { "includeEmailInRedirect": false }
OR
PATCH /api/v2/email-templates/verify_email{ "includeEmailInRedirect": false}2.
password reset is triggered by called the POST password-change endpoint
In this case, please add “includeEmailInRedirect”: false. Here is the sample payload.
POST/api/v2/tickets/password-change
{
"result_url": "[https://yoururl.com/"](https://yoururl.com/)",
"connection_id": "con_xxxxxx",
"email": "[name@testuser.com](mailto:name@testuser.com)",
"includeEmailInRedirect": false
}