| principal | Principal | | [optional] |
| token | String | Secure token hash (SHA-256 hashed for DB storage) | |
| tokenHash | String | Hash of the reset token (for lookup) | [optional] [readonly] |
| expiresAt | OffsetDateTime | When this token expires (typically 24 hours) | [optional] |
| usedAt | OffsetDateTime | When the token was used to reset password | [optional] [readonly] |
| ipAddress | String | IP address of the requester (for security audit) | [optional] |
| userAgent | String | User agent string (for security audit) | [optional] |
| id | UUID | Unique identifier for object in the system | [optional] [readonly] |
| ownerId | UUID | UUID of owner of the object in the system | [optional] [readonly] |
| createdDate | OffsetDateTime | Date of object creation | [optional] [readonly] |
| keyHash | String | Data, including hash of the key(s) used to encrypt this record. | [optional] [readonly] |
| lastAccessedById | UUID | Last user to access object | [optional] [readonly] |
| lastAccessedDate | OffsetDateTime | Timestamp of last access of object | [optional] [readonly] |
| lastModifiedById | UUID | Unique identifier for user who last modifed the object in the system | [optional] [readonly] |
| lastModifiedDate | OffsetDateTime | Date of last object modification | [optional] [readonly] |
| trashed | Boolean | Indicates if the object is trashed (soft deleted) | [optional] |