You will then need to verify the user after the password reset is sent via email, this would need to be done via Verify Magic Link.
Use authorization bearer header with the following format:
Authorization: Bearer <Project ID>
OK
{- "resetMethod": "string",
- "pendingRef": "string",
- "linkId": "string",
- "maskedEmail": "string"
}