@ttss82HttpAPILogic extends TokenBaseHttpHandler that requires token. So I wonder how it was working before. You need to create separate handler for that or you may reuse ResetPasswordLogic to minimize work for that. Also have in mind that in future versions this classes will be removed .