# Resume lost password process

This is the second and final step in updating the password of a user who forgot their password.

Endpoint: POST /passwords/lost_password/resume
Version: 3.63.5
Security: api-key

## Request fields (application/json):

  - `nonce` (string, required)
    A randomly generated one-time use code.

  - `email` (string, required)
    E-mail Address of the user

  - `newPassword` (object, required)
    The user's password or passcode used to log in a user.
Passwords must be:
  - minimum 8 characters for end-users (Consumers and Corporates); 12 characters for others
  - maximum 30 characters
  - include a lowercase character
  - include an uppercase character
  - include a digit and a special character
  - different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

  - `newPassword.value` (string, required)

## Response 200 fields (application/json):

  - `token` (string)
    An authorisation token to be used in the Authorization header for secured operations.

## Response 400 fields (application/json):

  - `message` (string)
    When present helps to identify and fix the problem.

  - `syntaxErrors` (object)
    Is returned as part of an HTTP error response whenever a syntax error is detected. A list of the fields together with their syntax error will be provided.

  - `syntaxErrors.invalidFields` (array)

  - `syntaxErrors.invalidFields.params` (array)

  - `syntaxErrors.invalidFields.fieldName` (string)

  - `syntaxErrors.invalidFields.error` (string)
    Enum: "REQUIRED", "HAS_TEXT", "REQUIRES", "SIZE", "RANGE", "IN", "NOT_IN", "REGEX", "EXACTLY", "AT_LEAST", "AT_MOST", "ALL_OR_NONE"

## Response 404 fields (application/json):

  - `errorCode` (string)
    Enum: "TOKEN_EXPIRED", "TOKEN_NOT_FOUND"

## Response 409 fields (application/json):

  - `errorCode` (string)
    Enum: "INVALID_NONCE_OR_EMAIL", "PASSWORD_ALREADY_USED", "PASSWORD_TOO_SHORT", "PASSWORD_TOO_LONG", "PASSWORD_TOO_SIMPLE", "PASSWORD_INCORRECT", "PASSWORD_NOT_SET"

## Response 410 fields (application/json):

  - `errorCode` (string)
    Enum: "TOKEN_EXPIRED", "TOKEN_NOT_FOUND"

## Response default fields (application/json):

  - `code` (string)

  - `message` (string)


## Response 401 fields

## Response 403 fields

## Response 429 fields

## Response 500 fields

## Response 503 fields