Action guide
Know exactly when and how a password was changed
POST
/v1/events · user.password.changedEmit a `user.password.changed` event every time a user updates their own password, and distinguish it from `user.password.reset` (triggered from the forgot-password flow).
When to emit
Inside the settings endpoint that persists the new password hash, after validating the old one.
Example payload
await recalled.events.create({
action: "user.password.changed",
actor: { id: user.id, email: user.email },
organization: user.organizationId,
metadata: {
ip: "203.0.113.42",
userAgent: "Mozilla/5.0",
reauthenticated: "value"
},
});Metadata to include
Keep metadata flat and consistent across your service so it plays well with search and CSV exports.
| Key | Purpose |
|---|---|
ip | Source IP address of the request |
userAgent | User agent string of the client |
reauthenticated | true if the user re-entered their current password |
Suggested retention
Keep for at least 12 months. This is the question users ask support the most: 'did I change my password?'