> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vos.verolabs.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Set a new password after account recovery

> Set a new password after account recovery



## OpenAPI

````yaml openapi.oms.en.json POST /api/auth/recovery/reset-password
openapi: 3.0.3
info:
  title: VOS OMS Public API
  version: 1.0.0
  description: >-
    Public REST API surface for Vero OMS. Authentication requests use
    platform.verolabs.co. REST API requests use api-oms.verolabs.co.
servers:
  - url: https://platform.verolabs.co
    description: Authentication host
  - url: https://api-oms.verolabs.co
    description: REST API host
security: []
tags:
  - name: Authentication
    description: Account authentication and password recovery.
  - name: Trading
    description: Order entry, quote, IOI, and trading activity APIs.
  - name: Portfolio & Risk
    description: Accounts, holdings, mappings, and risk-rule read APIs.
  - name: Administration
    description: Permissions, groups, workflow, reference data, and audit APIs.
  - name: System & Diagnostics
    description: Health and latency endpoints.
paths:
  /api/auth/recovery/reset-password:
    post:
      tags:
        - Authentication
      summary: Reset recovered password
      description: >-
        Sets the new account password after code verification. Send the recovery
        session cookie returned by the verify request. A successful response
        also returns an authenticated session.
      operationId: post_api_auth_recovery_reset_password
      requestBody:
        required: true
        description: New account password.
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AuthRecoveryResetRequest'
      responses:
        '200':
          description: Password reset and active session
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthLoginResponse'
        '400':
          $ref: '#/components/responses/AuthError'
        '401':
          $ref: '#/components/responses/AuthError'
        '502':
          $ref: '#/components/responses/AuthError'
      servers:
        - url: https://platform.verolabs.co
components:
  schemas:
    AuthRecoveryResetRequest:
      type: object
      properties:
        password:
          type: string
          minLength: 1
          description: New password for the Vero OMS account.
      required:
        - password
      description: Request to set a new password after recovery-code verification.
      additionalProperties: false
    AuthLoginResponse:
      type: object
      properties:
        sessionToken:
          type: string
          description: >-
            Session token returned after authentication. Store it securely for
            session refresh and logout.
        jwt:
          type: string
          description: Bearer JWT returned for REST API calls.
        session:
          $ref: '#/components/schemas/AuthSession'
        identity:
          $ref: '#/components/schemas/AuthIdentity'
        tokenizedSession:
          $ref: '#/components/schemas/AuthSession'
      required:
        - sessionToken
        - jwt
        - session
        - tokenizedSession
      description: AuthLoginResponse schema.
    AuthSession:
      type: object
      properties:
        id:
          type: string
          description: Unique identifier for the record.
        active:
          type: boolean
          description: Indicates whether the session is active.
        authenticated_at:
          type: string
          format: date-time
          description: Timestamp when the session was authenticated.
        expires_at:
          type: string
          format: date-time
          description: Timestamp when the session expires.
        devices:
          type: array
          items:
            $ref: '#/components/schemas/AuthSessionDevice'
          description: Devices associated with the authenticated session.
        identity:
          $ref: '#/components/schemas/AuthIdentity'
        tokenized:
          type: string
          description: Bearer JWT issued for REST API calls.
      description: >-
        Session object. The `tokenized` field is the Bearer JWT used for API
        calls.
      additionalProperties: true
    AuthIdentity:
      type: object
      properties:
        id:
          type: string
          description: Unique identifier for the record.
        traits:
          type: object
          additionalProperties: true
          description: Account attributes returned with the authenticated session.
      description: Account identity returned by the authenticated session.
      additionalProperties: true
    AuthError:
      type: object
      properties:
        error:
          type: string
          description: Machine-readable error code or error category.
        message:
          type: string
          description: Human-readable error message.
        status:
          type: integer
          format: int32
          description: Status value returned by the API.
      required:
        - error
        - message
        - status
      description: AuthError schema.
    AuthSessionDevice:
      type: object
      properties:
        ip_address:
          type: string
          description: IP address reported for the session device.
        location:
          type: string
          description: Location metadata reported for the session device.
        user_agent:
          type: string
          description: User agent reported for the session device.
      description: AuthSessionDevice schema.
  responses:
    AuthError:
      description: Authentication error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/AuthError'

````