In this tutorial you will learn how to create Change / Update Password and Reset / Forgot Password API using Django Rest Framework. This tutorial is a second part of our Django REST Framework Tutorial – Register Login Logout API.

Django Change and Reset Password API
change reset password

Change Password API using Django Rest Framework

Django Change Password API will create a new password with the verification of old password.

In, add the following code –

from rest_framework import serializers
from django.contrib.auth.models import User

class ChangePasswordSerializer(serializers.Serializer):
    model = User

    Serializer for password change endpoint.
    old_password = serializers.CharField(required=True)
    new_password = serializers.CharField(required=True)

In, add the following code –

from rest_framework import status
from rest_framework import generics
from rest_framework.response import Response
from django.contrib.auth.models import User
from .serializers import ChangePasswordSerializer
from rest_framework.permissions import IsAuthenticated   

class ChangePasswordView(generics.UpdateAPIView):
    An endpoint for changing password.
    serializer_class = ChangePasswordSerializer
    model = User
    permission_classes = (IsAuthenticated,)

    def get_object(self, queryset=None):
        obj = self.request.user
        return obj

    def update(self, request, *args, **kwargs):
        self.object = self.get_object()
        serializer = self.get_serializer(

        if serializer.is_valid():
            # Check old password
            if not self.object.check_password("old_password")):
                return Response({"old_password": ["Wrong password."]}, status=status.HTTP_400_BAD_REQUEST)
            # set_password also hashes the password that the user will get
            response = {
                'status': 'success',
                'code': status.HTTP_200_OK,
                'message': 'Password updated successfully',
                'data': []

            return Response(response)

        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

In file, add path –

from .views import ChangePasswordView
from django.urls import path

urlpatterns = [
    path('api/change-password/', ChangePasswordView.as_view(), name='change-password'),

That’s it. Now go to url ( http://localhost:8000/api/register/ ) in your browser or post and the following in content.

    "old_password": "[email protected]",
    "new_password": "[email protected]"

And in response, you will get similar data –

    "status": "success",
    "message": "Password updated successfully",

Reset Password API using Django Rest Framework

Here we will use a library called django-rest-passwordreset for creating Reset or Forgot Password API using Django Rest Framework.

First we need to install django-rest-passwordreset library using pip-

pip install django-rest-passwordreset

Add it to INSTALLED_APPS in file –


and then we need to migrate reset password fields to database –

python migrate

Now in file, add the path –

from django.urls import path, include

urlpatterns = [
    path('api/password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),

Go to – http://localhost:8000/api/password_reset/

In add following signal for sending email.

from django.dispatch import receiver
from django.urls import reverse
from django_rest_passwordreset.signals import reset_password_token_created
from django.core.mail import send_mail  

def password_reset_token_created(sender, instance, reset_password_token, *args, **kwargs):

    email_plaintext_message = "{}?token={}".format(reverse('password_reset:reset-password-request'), reset_password_token.key)

        # title:
        "Password Reset for {title}".format(title="Some website title"),
        # message:
        # from:
        "[email protected]",
        # to:

For printing in Backend Terminal Console, add following line in

EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'

Copy link which is in email, will be similar to /api/password_reset/?token=339e80fe05e5ca9fc74799213f81a093d1f

Learn How to send Email in Django – Link

Now copy that token which comes in email and and post token and password to /api/password_reset/confirm/ api url.

    "password":"[email protected]"

In Response you will get –

    "status": "OK"

Find this tutorial on GitHub –