Is there a way to randomize the temporary password that gets sent to the user under the condition that the user forgot their password and cant login? Im not exactly sure if the API sets the new password itself but if the same password each time gets sent in the recovery emails then couldn’t a user that knows a another users email easily login with their email address and static password? I’m not sure exactly how the API works I think at this stage.
Thanks
I was running it from in the console with the ‘send test email’ which wasn’t quite doing what I was expecting, but it works when I call the API from inside my application.