Update Recovery Flow
POST/self-service/recovery
Use this endpoint to update a recovery flow. This endpoint behaves differently for API and browser flows and has several states:
choose_method expects flow (in the URL query) and email (in the body) to be sent and works with API- and Browser-initiated
flows. For API clients and Browser clients with HTTP Header Accept: application/json it either returns a HTTP 200 OK when the
form is valid and HTTP 400 OK when the form is invalid. and a HTTP 303 See Other redirect with a fresh recovery flow if the flow
was otherwise invalid (e.g. expired). For Browser clients without HTTP Header Accept or with Accept: text/* it returns a HTTP
303 See Other redirect to the Recovery UI URL with the Recovery Flow ID appended. sent_email is the success state after
choose_method for the link method and allows the user to request another recovery email. It works for both API and
Browser-initiated flows and returns the same responses as the flow in choose_method state. passed_challenge expects a token
to be sent in the URL query and given the nature of the flow ("sending a recovery link") does not have any API capabilities. The
server responds with a HTTP 303 See Other redirect either to the Settings UI URL (if the link was valid) and instructs the user to
update their password, or a redirect to the Recover UI URL with a new Recovery Flow ID which contains an error message that the
recovery link was invalid.
More information can be found at Ory Kratos Account Recovery Documentation.
Request
Responses
- 200
- 303
- 400
- 410
- 422
- default
recoveryFlow
Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 201.
recoveryFlow
errorGeneric
errorBrowserLocationChangeRequired
errorGeneric