What is a Supabase password reset email template?
Supabase sends a password reset email when a user calls resetPasswordForEmail(). The email contains a link the user clicks to reach your app's password reset page, where they can set a new password.
This template is designed in Figma and exports as HTML ready to paste into your Supabase Auth dashboard. All variables are pre-configured.
The full Figma file with all 12 Supabase auth email templates (including this one) is available at the Supabase email templates hub →
Supabase variables used in this template
| Variable | Description |
|---|---|
{{ .ConfirmationURL }} |
The password reset link — use as the href on your CTA button |
{{ .Token }} |
6-digit OTP code (alternative to the link) |
{{ .TokenHash }} |
Hashed token for constructing custom reset URLs |
{{ .SiteURL }} |
Your app's site URL |
{{ .Email }} |
The user's email address |
{{ .RedirectTo }} |
The redirect URL passed in resetPasswordForEmail() |
How to add this template to Supabase
- Duplicate the Figma file and customize with your brand
- Open Marka Email Generator plugin, select the password reset frame, click Export HTML
- In Supabase Dashboard: go to Authentication → Email Templates
- Select Reset password
- Paste your HTML into the Body field
- Click Save
The template goes live immediately for all new password reset requests.
Customization tips
Reset button link
Set the CTA button to link to {{ .ConfirmationURL }}. Marka preserves this variable in the exported HTML when set as the link value in Figma.
Security language Password reset emails benefit from explicit security copy: "If you didn't request this, you can safely ignore this email. Your password will not change." This reduces user confusion and builds trust.
Expiry notice Reset links expire after the duration set in your Supabase project (default: 1 hour). Add a line like "This link expires in 1 hour" — it reduces support tickets from users who delay clicking.
Custom redirect after reset
Pass a redirectTo URL in your resetPasswordForEmail() call to send users to a specific page after they reset their password. Supabase appends it to the reset URL automatically via {{ .RedirectTo }}.
Frequently asked questions
How do I handle the password reset on my app's side?
After the user clicks the link, Supabase redirects them to your redirectTo URL with an access token in the URL fragment. Use supabase.auth.onAuthStateChange() to detect the PASSWORD_RECOVERY event and show your new password form.
Can I customize the reset link expiry time? Yes. Go to Authentication → Email Templates in your Supabase dashboard and adjust the Mailer OTP Expiry setting. You'll need to update the expiry text in your email template to match.
Does this template work if I use a custom SMTP server? Yes. The template HTML works regardless of whether you use Supabase's built-in email or a custom SMTP provider (SendGrid, Resend, Postmark, etc.). Configure your SMTP in Authentication → SMTP Settings.
