> ## Documentation Index
> Fetch the complete documentation index at: https://docs.novu.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Password Reset and Auth Alert Notifications

> Build password reset, email verification, and authentication alert workflows with Novu email and in-app channels.

Send password reset and authentication alert notifications through Novu by triggering a workflow when your auth provider emits a security event. Novu delivers the reset link or alert via email, in-app, or SMS depending on your workflow configuration.

## How do I send a password reset notification?

1. Create a workflow (for example, `password-reset`) with an email step containing the reset link: `{{payload.resetUrl}}`.
2. When your auth system generates a reset token, [trigger the workflow](/api-reference/events/trigger-event) with the subscriber's ID and payload.

<Tabs>
  <Tab title="Node.js">
    ```typescript theme={null}
    import { Novu } from '@novu/api';

    const novu = new Novu({ secretKey: process.env.NOVU_SECRET_KEY });

    await novu.trigger({
      workflowId: 'password-reset',
      to: { subscriberId: user.id, email: user.email },
      payload: {
        firstName: user.firstName,
        resetUrl: `https://app.example.com/reset?token=${token}`,
        expiresInMinutes: 30,
      },
    });
    ```
  </Tab>

  <Tab title="Python">
    ```python theme={null}
    import os
    import novu_py
    from novu_py import Novu

    with Novu(secret_key=os.getenv("NOVU_SECRET_KEY", "")) as novu:
        novu.trigger(trigger_event_request_dto=novu_py.TriggerEventRequestDto(
            workflow_id="password-reset",
            to={"subscriber_id": user.id, "email": user.email},
            payload={
                "firstName": user.first_name,
                "resetUrl": f"https://app.example.com/reset?token={token}",
                "expiresInMinutes": 30,
            },
        ))
    ```
  </Tab>

  <Tab title="Go">
    ```go theme={null}
    import (
        "context"
        "fmt"
        "os"

        novugo "github.com/novuhq/novu-go"
        "github.com/novuhq/novu-go/models/components"
    )

    s := novugo.New(novugo.WithSecurity(os.Getenv("NOVU_SECRET_KEY")))

    _, err := s.Trigger(context.Background(), components.TriggerEventRequestDto{
        WorkflowID: "password-reset",
        To: components.CreateToSubscriberPayloadDto(components.SubscriberPayloadDto{
            SubscriberID: user.ID,
            Email:        user.Email,
        }),
        Payload: map[string]any{
            "firstName":        user.FirstName,
            "resetUrl":         fmt.Sprintf("https://app.example.com/reset?token=%s", token),
            "expiresInMinutes": 30,
        },
    }, nil)
    ```
  </Tab>

  <Tab title="PHP">
    ```php theme={null}
    use novu;
    use novu\Models\Components;

    $sdk = novu\Novu::builder()
        ->setSecurity('<YOUR_SECRET_KEY_HERE>')
        ->build();

    $sdk->trigger(
        triggerEventRequestDto: new Components\TriggerEventRequestDto(
            workflowId: 'password-reset',
            to: new Components\SubscriberPayloadDto(
                subscriberId: $user->id,
                email: $user->email,
            ),
            payload: [
                'firstName' => $user->firstName,
                'resetUrl' => "https://app.example.com/reset?token={$token}",
                'expiresInMinutes' => 30,
            ],
        ),
    );
    ```
  </Tab>

  <Tab title=".NET">
    ```csharp theme={null}
    using Novu;
    using Novu.Models.Components;
    using System.Collections.Generic;

    var sdk = new NovuSDK(secretKey: "<YOUR_SECRET_KEY_HERE>");

    await sdk.TriggerAsync(triggerEventRequestDto: new TriggerEventRequestDto() {
        WorkflowId = "password-reset",
        To = To.CreateSubscriberPayloadDto(new SubscriberPayloadDto() {
            SubscriberId = user.Id,
            Email = user.Email,
        }),
        Payload = new Dictionary<string, object>() {
            { "firstName", user.FirstName },
            { "resetUrl", $"https://app.example.com/reset?token={token}" },
            { "expiresInMinutes", 30 },
        },
    });
    ```
  </Tab>

  <Tab title="Java">
    ```java theme={null}
    import co.novu.Novu;
    import co.novu.models.components.*;
    import java.util.Map;

    Novu novu = Novu.builder()
        .secretKey("<YOUR_SECRET_KEY_HERE>")
        .build();

    novu.trigger()
        .body(TriggerEventRequestDto.builder()
            .workflowId("password-reset")
            .to(To2.of(SubscriberPayloadDto.builder()
                .subscriberId(user.getId())
                .email(user.getEmail())
                .build()))
            .payload(Map.ofEntries(
                Map.entry("firstName", user.getFirstName()),
                Map.entry("resetUrl", "https://app.example.com/reset?token=" + token),
                Map.entry("expiresInMinutes", 30)))
            .build())
        .call();
    ```
  </Tab>

  <Tab title="cURL">
    ```bash theme={null}
    curl -X POST 'https://api.novu.co/v1/events/trigger' \
    -H 'Content-Type: application/json' \
    -H 'Authorization: ApiKey <NOVU_SECRET_KEY>' \
    -d '{
      "name": "password-reset",
      "to": { "subscriberId": "user_id", "email": "user@example.com" },
      "payload": {
        "firstName": "Jane",
        "resetUrl": "https://app.example.com/reset?token=TOKEN",
        "expiresInMinutes": 30
      }
    }'
    ```
  </Tab>
</Tabs>

3. Optionally add an in-app step to notify the user that a reset email was sent.

## How do I integrate with Auth0 or Clerk?

Use webhook guides to connect your auth provider to Novu:

* [Auth0 webhook integration](/guides/webhooks/auth0)
* [Clerk webhook integration](/guides/webhooks/clerk)

Both patterns verify the webhook signature, map the auth event to a Novu workflow, and pass user details as the subscriber payload.

## What should a password reset workflow include?

* **Email step** with a clear subject, reset link, and expiration time
* **Throttle step** (optional) to prevent abuse if the same subscriber triggers multiple resets
* **In-app step** (optional) to confirm the request inside your application

## Related guides

* [SendGrid email integration](/platform/integrations/email/sendgrid)
* [Throttle step](/platform/workflow/add-and-configure-steps/configure-action-steps/throttle)
* [Transactional notifications](/guides/use-cases/transactional-notifications)

## Frequently asked questions

<AccordionGroup>
  <Accordion title="Should I store reset tokens in Novu?">
    No. Generate and validate reset tokens in your auth system. Pass only the reset URL and metadata to Novu as workflow payload variables.
  </Accordion>

  <Accordion title="Can I send auth alerts through SMS?">
    Yes. Add an SMS step to your workflow and ensure the subscriber has a phone number. Use SMS for high-priority alerts such as new device sign-in.
  </Accordion>
</AccordionGroup>
