Also, I did not test this, but if that email sending API endpoint isn't secured, it seems like it would be very easy to spoof a password reset email and make it appear to come from any site using supertokens
SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).
