I'm implementing the password reset and here are few things you may want your engineer to look into:
The structure of error responses is inconsistent. For some I get:
{
"code": 403,
"error": "There is no customer xxxxxx@xxxxxx.com for organization"
}
for others there's nested array:
{
"code": 403,
"error": {
"msg": "status",
"ok": false,
"error": "There was an error connecting to the SMTP server: Error: getaddrinfo ENOTFOUND"
}
}
The emails are getting blocked with following message:
REASON550 5.7.1 [50.31.49.42 11] Our system has detected that this message is not RFC 5322 compliant.
To reduce the amount of spam sent to Gmail, this message has been blocked. Please review RFC 5322 specifications for more information.
I danced around #1 for now, but #2 is a showstopper.
Additionally, I attempted the password reset on the organization’s team member account and it created a separate customer account in the process. Since team members can own organization’s products, the assumption is that organization’s reset password should work on their accounts. If not, the process should at least error out asking to use vanilla account password reset instead.
For anybody trying to implement this feature, you can see the (mostly) working code here. All implemented in client side code so the implementation can be viewed in browser inspector. Same URL is used for the initial request and password reset following the link in email.
account password reset instead.