How to Enable Password Recovery Flow (Administrator)

Configure environment variables and notification scenario so the "Forgot password?" button appears on login, and users receive magic links via email or phone.

When It Will Be Useful

• You're launching self-service for password recovery.
• You need to reduce the number of support requests.

What's Important to Know

• The "Forgot password?" button is shown only if CALL_NODE_URL_FOR_NOTIFICATIONS is configured.
• The link is valid according to the PASSWORD_RESET_TOKEN_TTL timer and is one-time.
• Messages are sent through your scenario in the builder (email/SMS).

Before You Start

• You have access to backend environment variables.
• There is a bot/scenario that can send email/SMS (call_node URL).
• You know the frontend domain (CONSTRUCTOR_ORIGIN).

Step-by-Step Instructions

1. Add to the backend .env:
   • PASSWORD_RESET_KEY (64 hex)
   • PASSWORD_RESET_TOKEN_TTL (for example, 1h)
   • CONSTRUCTOR_ORIGIN (frontend URL)
   • CALL_NODE_URL_FOR_NOTIFICATIONS (full call_node for your bot/node)
2. Restart the backend so variables are applied.
3. In the bot builder, create a scenario that:
   • Accepts payload with emailHtml, smsText, resetLink, userEmail, userPhone.
   • If there is userEmail — sends an email with emailHtml.
   • If there is userPhone — sends SMS with smsText.
4. Verify that Forgot password? is visible on the login page.
5. Make a test reset request: enter your email/phone, open the link, and change the password.

What Happens After

• Users see "Forgot password?" and can independently get a link.
• Magic links are created and sent through your scenario.

How to Verify Everything Worked

• The link is displayed on the login form.
• A test user receives email/SMS with the link.
• The link opens and allows setting a new password.

Other Ways

• If email/SMS is unavailable — use manual link generation for a specific user.

Related Instructions

• Generate link manually
• Reset password through "Forgot password?"