diff --git a/src/routes/cloudron.js b/src/routes/cloudron.js
index b23bd43ac..73d9b5375 100644
--- a/src/routes/cloudron.js
+++ b/src/routes/cloudron.js
@@ -3,6 +3,7 @@
 exports = module.exports = {
     login: login,
     logout: logout,
+    passwordReset: passwordReset,
     reboot: reboot,
     isRebootRequired: isRebootRequired,
     getConfig: getConfig,
@@ -36,6 +37,7 @@ let assert = require('assert'),
     system = require('../system.js'),
     tokendb = require('../tokendb.js'),
     updater = require('../updater.js'),
+    users = require('../users.js'),
     updateChecker = require('../updatechecker.js');
 
 function login(req, res, next) {
@@ -84,6 +86,16 @@ function logout(req, res) {
     });
 }
 
+function passwordReset(req, res, next) {
+    if (!req.body.identifier || typeof req.body.identifier !== 'string') return next(new HttpError(401, 'A identifier must be non-empty string'));
+
+    users.resetPasswordByIdentifier(req.body.identifier, function (error) {
+        if (error && error.reason !== BoxError.NOT_FOUND) console.error(error);
+
+        next(new HttpSuccess(202, {}));
+    });
+}
+
 function reboot(req, res, next) {
     // Finish the request, to let the appstore know we triggered the reboot
     next(new HttpSuccess(202, {}));
diff --git a/src/server.js b/src/server.js
index 80df070bd..747e61b29 100644
--- a/src/server.js
+++ b/src/server.js
@@ -142,6 +142,7 @@ function initializeExpressSync() {
     // login/logout routes
     router.post('/api/v1/cloudron/login', routes.cloudron.login);
     router.get ('/api/v1/cloudron/logout', routes.cloudron.logout); // this will invalidate the token if any and redirect to /login.html always
+    router.post('/api/v1/cloudron/password_reset', routes.cloudron.passwordReset);
 
     // developer routes
     router.post('/api/v1/developer/login', routes.developer.login);