The functionality provided by such an API could be limited to disabling the account until the password is manually reset given that the client provides a valid email and password. The blast radius for that would be pretty small.
I don't use 90% of the entries in my password manager on a monthly basis so anything that allows me to delay the password change on hundreds of accounts until I need to use the account again would be valuable.
I don't use 90% of the entries in my password manager on a monthly basis so anything that allows me to delay the password change on hundreds of accounts until I need to use the account again would be valuable.