Password Reset Email Template
A secure, conversion-optimized password reset email with expiring tokens. Production-ready code for all major languages.
Email Preview
Use with AI Assistants
Copy and paste this prompt into your AI assistant
Implement an password reset email using the Ark API.
Fetch the template and code examples from: https://arkhq.io/templates/password-reset.md
Replace the template variables with the actual values for:
- {{name}}: The recipient's name
- {{email}}: The recipient's email
- Other variables as documented in the template
Then send via Ark API.The AI will fetch the template from the URL and use it to send your email through Ark.
Why password reset emails matter
- Password resets are critical security touchpoints—users expect immediate delivery
- Poor reset emails lead to support tickets and user frustration
- Clear, branded emails build trust during a sensitive interaction
- Proper token handling prevents security vulnerabilities
Code Examples
Use the HTML template above with these code examples
import Ark from "@arkhq/sdk";
const ark = new Ark({ apiKey: process.env.ARK_API_KEY });
async function sendPasswordResetEmail(
email: string,
name: string,
resetToken: string
) {
const resetLink = `https://yourapp.com/reset-password?token=${resetToken}`;
await ark.emails.send({
from: "[email protected]",
to: email,
subject: "Reset your password",
html: `<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; line-height: 1.6; color: #333; max-width: 600px; margin: 0 auto; padding: 20px;">
<div style="text-align: center; margin-bottom: 30px;">
<h1 style="color: #111; font-size: 24px; margin: 0;">Reset Your Password</h1>
</div>
<p>Hi ${name},</p>
<p>We received a request to reset your password. Click the button below to choose a new password:</p>
<div style="text-align: center; margin: 30px 0;">
<a href="${resetLink}" style="background-color: #000; color: #fff; padding: 12px 30px; text-decoration: none; border-radius: 6px; font-weight: 500; display: inline-block;">Reset Password</a>
</div>
<p style="color: #666; font-size: 14px;">This link will expire in 1 hour. If you didn't request a password reset, you can safely ignore this email.</p>
<hr style="border: none; border-top: 1px solid #eee; margin: 30px 0;">
<p style="color: #999; font-size: 12px;">If the button doesn't work, copy and paste this link into your browser:<br>
<a href="${resetLink}" style="color: #666;">${resetLink}</a></p>
</body>
</html>`,
});
}Best Practices
- Use short-lived tokens (1 hour max) that expire after single use
- Never include the actual password in the email
- Include a fallback plain-text link for email clients that block buttons
- Add clear expiration messaging to set user expectations
- Log password reset requests for security auditing
- Rate-limit reset requests to prevent abuse
Frequently Asked Questions
How long should password reset links be valid?
Password reset links should expire within 1 hour maximum. Shorter is better for security—many apps use 15-30 minutes. Always invalidate the token after it's used once.
Should I tell users if the email doesn't exist?
No. Always show the same message ('If an account exists, we've sent a reset email') regardless of whether the email exists. This prevents attackers from discovering valid email addresses.
How do I prevent password reset abuse?
Implement rate limiting (e.g., max 3 requests per hour per email), add CAPTCHA for repeated attempts, and log all reset requests for security monitoring.
Should password reset emails include the username?
Including the user's name or first name is fine and adds personalization. Never include the username if it's different from the email, as this could leak account information if the email is forwarded.
Related Templates
Learn More
Ready to send emails?
Get started with Ark in under 2 minutes. $2.50 welcome credit included.