diff --git a/server/router/passwordresetroute/controller.go b/server/router/passwordresetroute/controller.go
index 0520cdc..f533bbc 100644
--- a/server/router/passwordresetroute/controller.go
+++ b/server/router/passwordresetroute/controller.go
@@ -120,3 +120,16 @@ func (c *controller) handleResetComplete(ctx echo.Context) error {
 
 	return routeutils.ResponseAPIOK(ctx, nil)
 }
+
+func (c *controller) handleTokenOpen(ctx echo.Context) error {
+	token, err := routeutils.GetAndValidateStringParam(ctx, "token", "mandatory field")
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
+	if err := c.svc.PasswordReset.SetTokenOpened(token); err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
+	return routeutils.ResponseAPIOK(ctx, nil)
+}
diff --git a/server/router/passwordresetroute/router.go b/server/router/passwordresetroute/router.go
index 0207f24..6a3b269 100644
--- a/server/router/passwordresetroute/router.go
+++ b/server/router/passwordresetroute/router.go
@@ -9,6 +9,7 @@ import (
 const (
 	resetRequest  = "/request/:email"
 	resetComplete = "/complete"
+	tokenOpen     = "/open/:token"
 )
 
 func Register(r *echo.Group, cfg *config.Config, svc *applicationservice.Service) {
@@ -16,4 +17,5 @@ func Register(r *echo.Group, cfg *config.Config, svc *applicationservice.Service
 
 	r.POST(resetRequest, ctrl.handleResetRequest)
 	r.POST(resetComplete, ctrl.handleResetComplete)
+	r.POST(tokenOpen, ctrl.handleTokenOpen)
 }