Use Custom Domain in an Auth0 Password Reset Ticket

This article explains how to use custom domains while creating a password change ticket with the Management API.
The URL generated by the Management API may include the canonical domain (<tenant_name>.<region_name>.auth0.com) for the generated password change ticket if the custom domain is not correctly configured.

Steps to reproduce:

1. Navigate to the Custom Domain settings page: Auth0 Management Dashboard > Branding > Custom Domains.
2. Toggle off the Enable custom domains for email and phone notifications option or change the default domain to the canonical domain.
3. Generate a password change ticket using POST /api/v2/tickets/password-change.
4. The ticket URL generated includes the tenant's canonical domain, not the custom domain.

• Auth0
• Custom Domains
• Password Change
• Management API

Default Domain

If there is a single custom domain in place, setting the default domain would be sufficient.

1. Navigate to Auth0 Dashboard > Branding > Custom Domains
2. Toggle on the Enable custom domains for email and phone notifications option
3. Click the Change Default button and select the custom domain as the default domain

"Auth0-custom-domain" Header

If there are multiple custom domains other than the default domain, specify the desired domain via the auth-custom-domain header.

NOTE: The Enable custom domains for email and phone notifications option must be toggled on to use the auth-custom-domain header.

Example request payload (cURL):

curl --request POST \
  --url https://(Auth0 tenant domain)/api/v2/tickets/password-change \
  --header 'Authorization: Bearer (access token)' \
  --header 'Content-Type: application/json' \
  --header 'auth0-custom-domain: (desired domain) \
  --data '
{
  "client_id": "<client_id>,
  "user_id": "auth0|<user_id>"
}
'