fix(member): simplify handler naming convention

docs/api/openapi.yml

@@ -6068,9 +6068,9 @@ paths:
       - fields
   /api/v1/getResetPasswordToken/{id}:
     get:
-      deprecated: false
+      deprecated: true
       description: This endpoint returns the reset password token by id
-      operationId: GetResetPasswordToken
+      operationId: GetResetPasswordTokenDeprecated
       parameters:
       - in: path
         name: id
@@ -10894,6 +10894,129 @@ paths:
       summary: Update user v2
       tags:
       - users
+  /api/v2/users/{id}/reset_password_tokens:
+    get:
+      deprecated: false
+      description: This endpoint returns the existing reset password token for a user.
+      operationId: GetResetPasswordToken
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/TypesResetPasswordToken'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Found
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Get reset password token for a user
+      tags:
+      - users
+    post:
+      deprecated: false
+      description: This endpoint creates or regenerates a reset password token for
+        a user. If a valid token exists, it is returned. If expired, a new one is
+        created.
+      operationId: CreateResetPasswordToken
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/TypesResetPasswordToken'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: Created
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Found
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Create or regenerate reset password token for a user
+      tags:
+      - users
   /api/v2/users/{id}/roles:
     get:
       deprecated: false

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -5604,10 +5604,10 @@ export type GetFieldsValues200 = {
 	status: string;
 };
 
-export type GetResetPasswordTokenPathParameters = {
+export type GetResetPasswordTokenDeprecatedPathParameters = {
 	id: string;
 };
-export type GetResetPasswordToken200 = {
+export type GetResetPasswordTokenDeprecated200 = {
 	data: TypesResetPasswordTokenDTO;
 	/**
 	 * @type string
@@ -6579,6 +6579,28 @@ export type GetUser200 = {
 export type UpdateUserPathParameters = {
 	id: string;
 };
+export type GetResetPasswordTokenPathParameters = {
+	id: string;
+};
+export type GetResetPasswordToken200 = {
+	data: TypesResetPasswordTokenDTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
+export type CreateResetPasswordTokenPathParameters = {
+	id: string;
+};
+export type CreateResetPasswordToken201 = {
+	data: TypesResetPasswordTokenDTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
 export type GetRolesByUserIDPathParameters = {
 	id: string;
 };

frontend/src/api/generated/services/users/index.ts

@@ -22,10 +22,14 @@ import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
 import type {
 	ChangePasswordPathParameters,
 	CreateInvite201,
+	CreateResetPasswordToken201,
+	CreateResetPasswordTokenPathParameters,
 	DeleteUserPathParameters,
 	GetMyUser200,
 	GetMyUserDeprecated200,
 	GetResetPasswordToken200,
+	GetResetPasswordTokenDeprecated200,
+	GetResetPasswordTokenDeprecatedPathParameters,
 	GetResetPasswordTokenPathParameters,
 	GetRolesByUserID200,
 	GetRolesByUserIDPathParameters,
@@ -154,33 +158,34 @@ export const useChangePassword = <
 };
 /**
  * This endpoint returns the reset password token by id
+ * @deprecated
  * @summary Get reset password token
  */
-export const getResetPasswordToken = (
-	{ id }: GetResetPasswordTokenPathParameters,
+export const getResetPasswordTokenDeprecated = (
+	{ id }: GetResetPasswordTokenDeprecatedPathParameters,
 	signal?: AbortSignal,
 ) => {
-	return GeneratedAPIInstance<GetResetPasswordToken200>({
+	return GeneratedAPIInstance<GetResetPasswordTokenDeprecated200>({
 		url: `/api/v1/getResetPasswordToken/${id}`,
 		method: 'GET',
 		signal,
 	});
 };
 
-export const getGetResetPasswordTokenQueryKey = ({
+export const getGetResetPasswordTokenDeprecatedQueryKey = ({
 	id,
-}: GetResetPasswordTokenPathParameters) => {
+}: GetResetPasswordTokenDeprecatedPathParameters) => {
 	return [`/api/v1/getResetPasswordToken/${id}`] as const;
 };
 
-export const getGetResetPasswordTokenQueryOptions = <
-	TData = Awaited<ReturnType<typeof getResetPasswordToken>>,
+export const getGetResetPasswordTokenDeprecatedQueryOptions = <
+	TData = Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>,
 	TError = ErrorType<RenderErrorResponseDTO>
 >(
-	{ id }: GetResetPasswordTokenPathParameters,
+	{ id }: GetResetPasswordTokenDeprecatedPathParameters,
 	options?: {
 		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getResetPasswordToken>>,
+			Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>,
 			TError,
 			TData
 		>;
@@ -189,11 +194,11 @@ export const getGetResetPasswordTokenQueryOptions = <
 	const { query: queryOptions } = options ?? {};
 
 	const queryKey =
-		queryOptions?.queryKey ?? getGetResetPasswordTokenQueryKey({ id });
+		queryOptions?.queryKey ?? getGetResetPasswordTokenDeprecatedQueryKey({ id });
 
 	const queryFn: QueryFunction<
-		Awaited<ReturnType<typeof getResetPasswordToken>>
-	> = ({ signal }) => getResetPasswordToken({ id }, signal);
+		Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>
+	> = ({ signal }) => getResetPasswordTokenDeprecated({ id }, signal);
 
 	return {
 		queryKey,
@@ -201,35 +206,39 @@ export const getGetResetPasswordTokenQueryOptions = <
 		enabled: !!id,
 		...queryOptions,
 	} as UseQueryOptions<
-		Awaited<ReturnType<typeof getResetPasswordToken>>,
+		Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>,
 		TError,
 		TData
 	> & { queryKey: QueryKey };
 };
 
-export type GetResetPasswordTokenQueryResult = NonNullable<
-	Awaited<ReturnType<typeof getResetPasswordToken>>
+export type GetResetPasswordTokenDeprecatedQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>
 >;
-export type GetResetPasswordTokenQueryError = ErrorType<RenderErrorResponseDTO>;
+export type GetResetPasswordTokenDeprecatedQueryError = ErrorType<RenderErrorResponseDTO>;
 
 /**
+ * @deprecated
  * @summary Get reset password token
  */
 
-export function useGetResetPasswordToken<
-	TData = Awaited<ReturnType<typeof getResetPasswordToken>>,
+export function useGetResetPasswordTokenDeprecated<
+	TData = Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>,
 	TError = ErrorType<RenderErrorResponseDTO>
 >(
-	{ id }: GetResetPasswordTokenPathParameters,
+	{ id }: GetResetPasswordTokenDeprecatedPathParameters,
 	options?: {
 		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getResetPasswordToken>>,
+			Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>,
 			TError,
 			TData
 		>;
 	},
 ): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getGetResetPasswordTokenQueryOptions({ id }, options);
+	const queryOptions = getGetResetPasswordTokenDeprecatedQueryOptions(
+		{ id },
+		options,
+	);
 
 	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
 		queryKey: QueryKey;
@@ -241,15 +250,16 @@ export function useGetResetPasswordToken<
 }
 
 /**
+ * @deprecated
  * @summary Get reset password token
  */
-export const invalidateGetResetPasswordToken = async (
+export const invalidateGetResetPasswordTokenDeprecated = async (
 	queryClient: QueryClient,
-	{ id }: GetResetPasswordTokenPathParameters,
+	{ id }: GetResetPasswordTokenDeprecatedPathParameters,
 	options?: InvalidateOptions,
 ): Promise<QueryClient> => {
 	await queryClient.invalidateQueries(
-		{ queryKey: getGetResetPasswordTokenQueryKey({ id }) },
+		{ queryKey: getGetResetPasswordTokenDeprecatedQueryKey({ id }) },
 		options,
 	);
 
@@ -1407,6 +1417,191 @@ export const useUpdateUser = <
 
 	return useMutation(mutationOptions);
 };
+/**
+ * This endpoint returns the existing reset password token for a user.
+ * @summary Get reset password token for a user
+ */
+export const getResetPasswordToken = (
+	{ id }: GetResetPasswordTokenPathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<GetResetPasswordToken200>({
+		url: `/api/v2/users/${id}/reset_password_tokens`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetResetPasswordTokenQueryKey = ({
+	id,
+}: GetResetPasswordTokenPathParameters) => {
+	return [`/api/v2/users/${id}/reset_password_tokens`] as const;
+};
+
+export const getGetResetPasswordTokenQueryOptions = <
+	TData = Awaited<ReturnType<typeof getResetPasswordToken>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ id }: GetResetPasswordTokenPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getResetPasswordToken>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey =
+		queryOptions?.queryKey ?? getGetResetPasswordTokenQueryKey({ id });
+
+	const queryFn: QueryFunction<
+		Awaited<ReturnType<typeof getResetPasswordToken>>
+	> = ({ signal }) => getResetPasswordToken({ id }, signal);
+
+	return {
+		queryKey,
+		queryFn,
+		enabled: !!id,
+		...queryOptions,
+	} as UseQueryOptions<
+		Awaited<ReturnType<typeof getResetPasswordToken>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetResetPasswordTokenQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getResetPasswordToken>>
+>;
+export type GetResetPasswordTokenQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Get reset password token for a user
+ */
+
+export function useGetResetPasswordToken<
+	TData = Awaited<ReturnType<typeof getResetPasswordToken>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ id }: GetResetPasswordTokenPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getResetPasswordToken>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetResetPasswordTokenQueryOptions({ id }, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Get reset password token for a user
+ */
+export const invalidateGetResetPasswordToken = async (
+	queryClient: QueryClient,
+	{ id }: GetResetPasswordTokenPathParameters,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetResetPasswordTokenQueryKey({ id }) },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint creates or regenerates a reset password token for a user. If a valid token exists, it is returned. If expired, a new one is created.
+ * @summary Create or regenerate reset password token for a user
+ */
+export const createResetPasswordToken = (
+	{ id }: CreateResetPasswordTokenPathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<CreateResetPasswordToken201>({
+		url: `/api/v2/users/${id}/reset_password_tokens`,
+		method: 'POST',
+		signal,
+	});
+};
+
+export const getCreateResetPasswordTokenMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createResetPasswordToken>>,
+		TError,
+		{ pathParams: CreateResetPasswordTokenPathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof createResetPasswordToken>>,
+	TError,
+	{ pathParams: CreateResetPasswordTokenPathParameters },
+	TContext
+> => {
+	const mutationKey = ['createResetPasswordToken'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof createResetPasswordToken>>,
+		{ pathParams: CreateResetPasswordTokenPathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return createResetPasswordToken(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type CreateResetPasswordTokenMutationResult = NonNullable<
+	Awaited<ReturnType<typeof createResetPasswordToken>>
+>;
+
+export type CreateResetPasswordTokenMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Create or regenerate reset password token for a user
+ */
+export const useCreateResetPasswordToken = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createResetPasswordToken>>,
+		TError,
+		{ pathParams: CreateResetPasswordTokenPathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof createResetPasswordToken>>,
+	TError,
+	{ pathParams: CreateResetPasswordTokenPathParameters },
+	TContext
+> => {
+	const mutationOptions = getCreateResetPasswordTokenMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
 /**
  * This endpoint returns the user roles by user id
  * @summary Get user roles

frontend/src/api/v1/factor_password/getResetPasswordToken.ts

@@ -1,28 +0,0 @@
-import axios from 'api';
-import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
-import { AxiosError } from 'axios';
-import { ErrorV2Resp, SuccessResponseV2 } from 'types/api';
-import {
-	GetResetPasswordToken,
-	PayloadProps,
-	Props,
-} from 'types/api/user/getResetPasswordToken';
-
-const getResetPasswordToken = async (
-	props: Props,
-): Promise<SuccessResponseV2<GetResetPasswordToken>> => {
-	try {
-		const response = await axios.get<PayloadProps>(
-			`/getResetPasswordToken/${props.userId}`,
-		);
-
-		return {
-			httpStatusCode: response.status,
-			data: response.data.data,
-		};
-	} catch (error) {
-		ErrorResponseHandlerV2(error as AxiosError<ErrorV2Resp>);
-	}
-};
-
-export default getResetPasswordToken;

frontend/src/components/EditMemberDrawer/EditMemberDrawer.tsx

@@ -10,8 +10,9 @@ import { Skeleton, Tooltip } from 'antd';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
 import type { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
 import {
-	getResetPasswordToken,
+	useCreateResetPasswordToken,
 	useDeleteUser,
+	useGetResetPasswordToken,
 	useGetUser,
 	useUpdateMyUserV2,
 	useUpdateUser,
@@ -55,6 +56,27 @@ function getDeleteTooltip(
 	return undefined;
 }
 
+function getInviteButtonLabel(
+	isLoading: boolean,
+	existingToken: { expiresAt?: Date } | undefined,
+	isExpired: boolean,
+	notFound: boolean,
+): string {
+	if (isLoading) {
+		return 'Checking invite...';
+	}
+	if (existingToken && !isExpired) {
+		return 'Copy Invite Link';
+	}
+	if (isExpired) {
+		return 'Regenerate Invite Link';
+	}
+	if (notFound) {
+		return 'Generate Invite Link';
+	}
+	return 'Copy Invite Link';
+}
+
 function toSaveApiError(err: unknown): APIError {
 	return (
 		convertToApiError(err as AxiosError<RenderErrorResponseDTO>) ??
@@ -83,9 +105,11 @@ function EditMemberDrawer({
 	const [localRole, setLocalRole] = useState('');
 	const [isSaving, setIsSaving] = useState(false);
 	const [saveErrors, setSaveErrors] = useState<SaveError[]>([]);
-	const [isGeneratingLink, setIsGeneratingLink] = useState(false);
 	const [showDeleteConfirm, setShowDeleteConfirm] = useState(false);
 	const [resetLink, setResetLink] = useState<string | null>(null);
+	const [resetLinkExpiresAt, setResetLinkExpiresAt] = useState<string | null>(
+		null,
+	);
 	const [showResetLinkDialog, setShowResetLinkDialog] = useState(false);
 	const [hasCopiedResetLink, setHasCopiedResetLink] = useState(false);
 	const [linkType, setLinkType] = useState<'invite' | 'reset' | null>(null);
@@ -121,6 +145,27 @@ function EditMemberDrawer({
 		applyDiff,
 	} = useMemberRoleManager(member?.id ?? '', open && !!member?.id);
 
+	// Token status query for invited users
+	const {
+		data: tokenQueryData,
+		isLoading: isLoadingTokenStatus,
+		isError: tokenNotFound,
+	} = useGetResetPasswordToken(
+		{ id: member?.id ?? '' },
+		{ query: { enabled: open && !!member?.id && isInvited } },
+	);
+
+	const existingToken = tokenQueryData?.data;
+	const isTokenExpired =
+		existingToken != null &&
+		new Date(String(existingToken.expiresAt)) < new Date();
+
+	// Create/regenerate token mutation
+	const {
+		mutateAsync: createTokenMutation,
+		isLoading: isGeneratingLink,
+	} = useCreateResetPasswordToken();
+
 	const fetchedDisplayName =
 		fetchedUser?.data?.displayName ?? member?.name ?? '';
 	const fetchedUserId = fetchedUser?.data?.id;
@@ -338,12 +383,21 @@ function EditMemberDrawer({
 		if (!member) {
 			return;
 		}
-		setIsGeneratingLink(true);
 		try {
-			const response = await getResetPasswordToken({ id: member.id });
+			const response = await createTokenMutation({
+				pathParams: { id: member.id },
+			});
 			if (response?.data?.token) {
 				const link = `${window.location.origin}/password-reset?token=${response.data.token}`;
 				setResetLink(link);
+				setResetLinkExpiresAt(
+					response.data.expiresAt
+						? formatTimezoneAdjustedTimestamp(
+								String(response.data.expiresAt),
+								DATE_TIME_FORMATS.DASH_DATETIME,
+						  )
+						: null,
+				);
 				setHasCopiedResetLink(false);
 				setLinkType(isInvited ? 'invite' : 'reset');
 				setShowResetLinkDialog(true);
@@ -359,10 +413,8 @@ function EditMemberDrawer({
 				err as AxiosError<RenderErrorResponseDTO, unknown> | null,
 			);
 			showErrorModal(errMsg as APIError);
-		} finally {
-			setIsGeneratingLink(false);
 		}
-	}, [member, isInvited, onClose, showErrorModal]);
+	}, [member, isInvited, onClose, showErrorModal, createTokenMutation]);
 
 	const [copyState, copyToClipboard] = useCopyToClipboard();
 	const handleCopyResetLink = useCallback((): void => {
@@ -568,12 +620,19 @@ function EditMemberDrawer({
 								<Button
 									className="edit-member-drawer__footer-btn edit-member-drawer__footer-btn--warning"
 									onClick={handleGenerateResetLink}
-									disabled={isGeneratingLink || isRootUser}
+									disabled={isGeneratingLink || isRootUser || isLoadingTokenStatus}
 								>
 									<RefreshCw size={12} />
-									{isGeneratingLink && 'Generating...'}
-									{!isGeneratingLink && isInvited && 'Copy Invite Link'}
-									{!isGeneratingLink && !isInvited && 'Generate Password Reset Link'}
+									{isGeneratingLink
+										? 'Generating...'
+										: isInvited
+										? getInviteButtonLabel(
+												isLoadingTokenStatus,
+												existingToken,
+												isTokenExpired,
+												tokenNotFound,
+										  )
+										: 'Generate Password Reset Link'}
 								</Button>
 							</span>
 						</Tooltip>
@@ -623,6 +682,7 @@ function EditMemberDrawer({
 				open={showResetLinkDialog}
 				linkType={linkType}
 				resetLink={resetLink}
+				expiresAt={resetLinkExpiresAt}
 				hasCopied={hasCopiedResetLink}
 				onClose={(): void => {
 					setShowResetLinkDialog(false);

frontend/src/components/EditMemberDrawer/ResetLinkDialog.tsx

@@ -6,6 +6,7 @@ interface ResetLinkDialogProps {
 	open: boolean;
 	linkType: 'invite' | 'reset' | null;
 	resetLink: string | null;
+	expiresAt: string | null;
 	hasCopied: boolean;
 	onClose: () => void;
 	onCopy: () => void;
@@ -15,6 +16,7 @@ function ResetLinkDialog({
 	open,
 	linkType,
 	resetLink,
+	expiresAt,
 	hasCopied,
 	onClose,
 	onCopy,
@@ -53,6 +55,11 @@ function ResetLinkDialog({
 						{hasCopied ? 'Copied!' : 'Copy'}
 					</Button>
 				</div>
+				{expiresAt && (
+					<p className="reset-link-dialog__description">
+						This link expires on {expiresAt}.
+					</p>
+				)}
 			</div>
 		</DialogWrapper>
 	);

frontend/src/components/EditMemberDrawer/__tests__/EditMemberDrawer.test.tsx

@@ -2,8 +2,9 @@ import type { ReactNode } from 'react';
 import { toast } from '@signozhq/sonner';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
 import {
-	getResetPasswordToken,
+	useCreateResetPasswordToken,
 	useDeleteUser,
+	useGetResetPasswordToken,
 	useGetUser,
 	useSetRoleByUserID,
 	useUpdateMyUserV2,
@@ -55,7 +56,8 @@ jest.mock('api/generated/services/users', () => ({
 	useUpdateUser: jest.fn(),
 	useUpdateMyUserV2: jest.fn(),
 	useSetRoleByUserID: jest.fn(),
-	getResetPasswordToken: jest.fn(),
+	useGetResetPasswordToken: jest.fn(),
+	useCreateResetPasswordToken: jest.fn(),
 }));
 
 jest.mock('api/ErrorResponseHandlerForGeneratedAPIs', () => ({
@@ -82,7 +84,7 @@ jest.mock('react-use', () => ({
 const ROLES_ENDPOINT = '*/api/v1/roles';
 
 const mockDeleteMutate = jest.fn();
-const mockGetResetPasswordToken = jest.mocked(getResetPasswordToken);
+const mockCreateTokenMutateAsync = jest.fn();
 
 const showErrorModal = jest.fn();
 jest.mock('providers/ErrorModalProvider', () => ({
@@ -184,6 +186,31 @@ describe('EditMemberDrawer', () => {
 			mutate: mockDeleteMutate,
 			isLoading: false,
 		});
+		// Token query: valid token for invited members
+		(useGetResetPasswordToken as jest.Mock).mockReturnValue({
+			data: {
+				data: {
+					token: 'invite-tok-valid',
+					id: 'token-1',
+					expiresAt: new Date(Date.now() + 86400000).toISOString(),
+				},
+			},
+			isLoading: false,
+			isError: false,
+		});
+		// Create token mutation
+		mockCreateTokenMutateAsync.mockResolvedValue({
+			status: 'success',
+			data: {
+				token: 'reset-tok-abc',
+				id: 'user-1',
+				expiresAt: new Date(Date.now() + 86400000).toISOString(),
+			},
+		});
+		(useCreateResetPasswordToken as jest.Mock).mockReturnValue({
+			mutateAsync: mockCreateTokenMutateAsync,
+			isLoading: false,
+		});
 	});
 
 	afterEach(() => {
@@ -357,6 +384,40 @@ describe('EditMemberDrawer', () => {
 		expect(screen.queryByText('Last Modified')).not.toBeInTheDocument();
 	});
 
+	it('shows "Regenerate Invite Link" when token is expired', () => {
+		(useGetResetPasswordToken as jest.Mock).mockReturnValue({
+			data: {
+				data: {
+					token: 'old-tok',
+					id: 'token-1',
+					expiresAt: new Date(Date.now() - 86400000).toISOString(), // expired yesterday
+				},
+			},
+			isLoading: false,
+			isError: false,
+		});
+
+		renderDrawer({ member: invitedMember });
+
+		expect(
+			screen.getByRole('button', { name: /regenerate invite link/i }),
+		).toBeInTheDocument();
+	});
+
+	it('shows "Generate Invite Link" when no token exists', () => {
+		(useGetResetPasswordToken as jest.Mock).mockReturnValue({
+			data: undefined,
+			isLoading: false,
+			isError: true,
+		});
+
+		renderDrawer({ member: invitedMember });
+
+		expect(
+			screen.getByRole('button', { name: /generate invite link/i }),
+		).toBeInTheDocument();
+	});
+
 	it('calls deleteUser after confirming revoke invite for invited members', async () => {
 		const onComplete = jest.fn();
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
@@ -609,7 +670,7 @@ describe('EditMemberDrawer', () => {
 			).not.toBeInTheDocument();
 		});
 
-		it('does not call getResetPasswordToken when Reset Link is clicked while disabled (root)', async () => {
+		it('does not call createResetPasswordToken when Reset Link is clicked while disabled (root)', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
 			renderDrawer();
 
@@ -617,20 +678,16 @@ describe('EditMemberDrawer', () => {
 				screen.getByRole('button', { name: /generate password reset link/i }),
 			);
 
-			expect(mockGetResetPasswordToken).not.toHaveBeenCalled();
+			expect(mockCreateTokenMutateAsync).not.toHaveBeenCalled();
 		});
 	});
 
 	describe('Generate Password Reset Link', () => {
 		beforeEach(() => {
 			mockCopyToClipboard.mockClear();
-			mockGetResetPasswordToken.mockResolvedValue({
-				status: 'success',
-				data: { token: 'reset-tok-abc', id: 'user-1' },
-			});
 		});
 
-		it('calls getResetPasswordToken and opens the reset link dialog with the generated link', async () => {
+		it('calls POST and opens the reset link dialog with the generated link and expiry', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
 
 			renderDrawer();
@@ -642,11 +699,12 @@ describe('EditMemberDrawer', () => {
 			const dialog = await screen.findByRole('dialog', {
 				name: /password reset link/i,
 			});
-			expect(mockGetResetPasswordToken).toHaveBeenCalledWith({
-				id: 'user-1',
+			expect(mockCreateTokenMutateAsync).toHaveBeenCalledWith({
+				pathParams: { id: 'user-1' },
 			});
 			expect(dialog).toBeInTheDocument();
 			expect(dialog).toHaveTextContent('reset-tok-abc');
+			expect(dialog).toHaveTextContent(/this link expires on/i);
 		});
 
 		it('copies the link to clipboard and shows "Copied!" on the button', async () => {

frontend/src/types/api/user/getResetPasswordToken.ts

@@ -1,15 +0,0 @@
-import { User } from 'types/reducer/app';
-
-export interface Props {
-	userId: User['userId'];
-}
-
-export interface GetResetPasswordToken {
-	token: string;
-	userId: string;
-}
-
-export interface PayloadProps {
-	data: GetResetPasswordToken;
-	status: string;
-}

pkg/apiserver/signozapiserver/user.go

@@ -213,8 +213,8 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/getResetPasswordToken/{id}", handler.New(provider.authZ.AdminAccess(provider.userHandler.GetResetPasswordToken), handler.OpenAPIDef{
-		ID:                  "GetResetPasswordToken",
+	if err := router.Handle("/api/v1/getResetPasswordToken/{id}", handler.New(provider.authZ.AdminAccess(provider.userHandler.GetResetPasswordTokenDeprecated), handler.OpenAPIDef{
+		ID:                  "GetResetPasswordTokenDeprecated",
 		Tags:                []string{"users"},
 		Summary:             "Get reset password token",
 		Description:         "This endpoint returns the reset password token by id",
@@ -224,12 +224,46 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
+		Deprecated:          true,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/users/{id}/reset_password_tokens", handler.New(provider.authZ.AdminAccess(provider.userHandler.GetResetPasswordToken), handler.OpenAPIDef{
+		ID:                  "GetResetPasswordToken",
+		Tags:                []string{"users"},
+		Summary:             "Get reset password token for a user",
+		Description:         "This endpoint returns the existing reset password token for a user.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            new(types.ResetPasswordToken),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
 		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
 
+	if err := router.Handle("/api/v2/users/{id}/reset_password_tokens", handler.New(provider.authZ.AdminAccess(provider.userHandler.CreateResetPasswordToken), handler.OpenAPIDef{
+		ID:                  "CreateResetPasswordToken",
+		Tags:                []string{"users"},
+		Summary:             "Create or regenerate reset password token for a user",
+		Description:         "This endpoint creates or regenerates a reset password token for a user. If a valid token exists, it is returned. If expired, a new one is created.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            new(types.ResetPasswordToken),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusCreated,
+		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v1/resetPassword", handler.New(provider.authZ.OpenAccess(provider.userHandler.ResetPassword), handler.OpenAPIDef{
 		ID:                  "ResetPassword",
 		Tags:                []string{"users"},

pkg/modules/user/impluser/getter.go

@@ -218,6 +218,10 @@ func (module *getter) GetRolesByUserID(ctx context.Context, userID valuer.UUID)
 	return userRoles, nil
 }
 
+func (module *getter) GetResetPasswordTokenByOrgIDAndUserID(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) (*types.ResetPasswordToken, error) {
+	return module.store.GetResetPasswordTokenByOrgIDAndUserID(ctx, orgID, userID)
+}
+
 func (module *getter) GetUsersByOrgIDAndRoleID(ctx context.Context, orgID valuer.UUID, roleID valuer.UUID) ([]*types.User, error) {
 	return module.store.GetUsersByOrgIDAndRoleID(ctx, orgID, roleID)
 }

pkg/modules/user/impluser/handler.go

@@ -25,7 +25,7 @@ func NewHandler(setter root.Setter, getter root.Getter) root.Handler {
 	return &handler{setter: setter, getter: getter}
 }
 
-func (h *handler) CreateInvite(rw http.ResponseWriter, r *http.Request) {
+func (handler *handler) CreateInvite(rw http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -41,7 +41,7 @@ func (h *handler) CreateInvite(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	invites, err := h.setter.CreateBulkInvite(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.IdentityID()), valuer.MustNewEmail(claims.Email), &types.PostableBulkInviteRequest{
+	invites, err := handler.setter.CreateBulkInvite(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.IdentityID()), valuer.MustNewEmail(claims.Email), &types.PostableBulkInviteRequest{
 		Invites: []types.PostableInvite{req},
 	})
 	if err != nil {
@@ -52,7 +52,7 @@ func (h *handler) CreateInvite(rw http.ResponseWriter, r *http.Request) {
 	render.Success(rw, http.StatusCreated, invites[0])
 }
 
-func (h *handler) CreateBulkInvite(rw http.ResponseWriter, r *http.Request) {
+func (handler *handler) CreateBulkInvite(rw http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -74,7 +74,7 @@ func (h *handler) CreateBulkInvite(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	_, err = h.setter.CreateBulkInvite(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.IdentityID()), valuer.MustNewEmail(claims.Email), &req)
+	_, err = handler.setter.CreateBulkInvite(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.IdentityID()), valuer.MustNewEmail(claims.Email), &req)
 	if err != nil {
 		render.Error(rw, err)
 		return
@@ -83,7 +83,7 @@ func (h *handler) CreateBulkInvite(rw http.ResponseWriter, r *http.Request) {
 	render.Success(rw, http.StatusCreated, nil)
 }
 
-func (h *handler) GetUserDeprecated(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) GetUserDeprecated(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -95,7 +95,7 @@ func (h *handler) GetUserDeprecated(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user, err := h.getter.GetDeprecatedUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(id))
+	user, err := handler.getter.GetDeprecatedUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(id))
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -104,7 +104,7 @@ func (h *handler) GetUserDeprecated(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, user)
 }
 
-func (h *handler) GetUser(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) GetUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -116,13 +116,13 @@ func (h *handler) GetUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user, err := h.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID))
+	user, err := handler.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID))
 	if err != nil {
 		render.Error(w, err)
 		return
 	}
 
-	userRoles, err := h.getter.GetRolesByUserID(ctx, user.ID)
+	userRoles, err := handler.getter.GetRolesByUserID(ctx, user.ID)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -136,7 +136,7 @@ func (h *handler) GetUser(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, userWithRoles)
 }
 
-func (h *handler) GetMyUserDeprecated(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) GetMyUserDeprecated(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -146,7 +146,7 @@ func (h *handler) GetMyUserDeprecated(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user, err := h.getter.GetDeprecatedUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID))
+	user, err := handler.getter.GetDeprecatedUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID))
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -155,7 +155,7 @@ func (h *handler) GetMyUserDeprecated(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, user)
 }
 
-func (h *handler) GetMyUser(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) GetMyUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -165,13 +165,13 @@ func (h *handler) GetMyUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user, err := h.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID))
+	user, err := handler.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID))
 	if err != nil {
 		render.Error(w, err)
 		return
 	}
 
-	userRoles, err := h.getter.GetRolesByUserID(ctx, user.ID)
+	userRoles, err := handler.getter.GetRolesByUserID(ctx, user.ID)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -185,7 +185,7 @@ func (h *handler) GetMyUser(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, userWithRoles)
 }
 
-func (h *handler) UpdateMyUser(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) UpdateMyUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -201,7 +201,7 @@ func (h *handler) UpdateMyUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	_, err = h.setter.UpdateUser(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID), updatableUser)
+	_, err = handler.setter.UpdateUser(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID), updatableUser)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -210,7 +210,7 @@ func (h *handler) UpdateMyUser(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusNoContent, nil)
 }
 
-func (h *handler) ListUsersDeprecated(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) ListUsersDeprecated(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -220,7 +220,7 @@ func (h *handler) ListUsersDeprecated(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	users, err := h.getter.ListDeprecatedUsersByOrgID(ctx, valuer.MustNewUUID(claims.OrgID))
+	users, err := handler.getter.ListDeprecatedUsersByOrgID(ctx, valuer.MustNewUUID(claims.OrgID))
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -229,7 +229,7 @@ func (h *handler) ListUsersDeprecated(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, users)
 }
 
-func (h *handler) ListUsers(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) ListUsers(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -239,7 +239,7 @@ func (h *handler) ListUsers(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	users, err := h.getter.ListUsersByOrgID(ctx, valuer.MustNewUUID(claims.OrgID))
+	users, err := handler.getter.ListUsersByOrgID(ctx, valuer.MustNewUUID(claims.OrgID))
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -248,7 +248,7 @@ func (h *handler) ListUsers(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, users)
 }
 
-func (h *handler) UpdateUserDeprecated(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) UpdateUserDeprecated(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -266,7 +266,7 @@ func (h *handler) UpdateUserDeprecated(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	updatedUser, err := h.setter.UpdateUserDeprecated(ctx, valuer.MustNewUUID(claims.OrgID), id, &user)
+	updatedUser, err := handler.setter.UpdateUserDeprecated(ctx, valuer.MustNewUUID(claims.OrgID), id, &user)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -275,7 +275,7 @@ func (h *handler) UpdateUserDeprecated(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, updatedUser)
 }
 
-func (h *handler) UpdateUser(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -298,7 +298,7 @@ func (h *handler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	_, err = h.setter.UpdateUser(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), updatableUser)
+	_, err = handler.setter.UpdateUser(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), updatableUser)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -307,7 +307,7 @@ func (h *handler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusNoContent, nil)
 }
 
-func (h *handler) DeleteUser(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) DeleteUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -319,7 +319,7 @@ func (h *handler) DeleteUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := h.setter.DeleteUser(ctx, valuer.MustNewUUID(claims.OrgID), id, claims.IdentityID()); err != nil {
+	if err := handler.setter.DeleteUser(ctx, valuer.MustNewUUID(claims.OrgID), id, claims.IdentityID()); err != nil {
 		render.Error(w, err)
 		return
 	}
@@ -327,7 +327,7 @@ func (h *handler) DeleteUser(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusNoContent, nil)
 }
 
-func (handler *handler) GetResetPasswordToken(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) GetResetPasswordTokenDeprecated(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -354,6 +354,62 @@ func (handler *handler) GetResetPasswordToken(w http.ResponseWriter, r *http.Req
 	render.Success(w, http.StatusOK, token)
 }
 
+func (handler *handler) GetResetPasswordToken(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	userID, err := valuer.NewUUID(mux.Vars(r)["id"])
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	token, err := handler.getter.GetResetPasswordTokenByOrgIDAndUserID(ctx, valuer.MustNewUUID(claims.OrgID), userID)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusOK, token)
+}
+
+func (handler *handler) CreateResetPasswordToken(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	userID, err := valuer.NewUUID(mux.Vars(r)["id"])
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	user, err := handler.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), userID)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	token, err := handler.setter.GetOrCreateResetPasswordToken(ctx, user.ID)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusCreated, token)
+}
+
 func (handler *handler) ResetPassword(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
@@ -392,7 +448,7 @@ func (handler *handler) ChangePassword(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusNoContent, nil)
 }
 
-func (h *handler) ForgotPassword(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) ForgotPassword(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -402,7 +458,7 @@ func (h *handler) ForgotPassword(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	err := h.setter.ForgotPassword(ctx, req.OrgID, req.Email, req.FrontendBaseURL)
+	err := handler.setter.ForgotPassword(ctx, req.OrgID, req.Email, req.FrontendBaseURL)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -411,7 +467,7 @@ func (h *handler) ForgotPassword(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusNoContent, nil)
 }
 
-func (h *handler) GetRolesByUserID(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) GetRolesByUserID(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -423,13 +479,13 @@ func (h *handler) GetRolesByUserID(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user, err := h.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID))
+	user, err := handler.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID))
 	if err != nil {
 		render.Error(w, err)
 		return
 	}
 
-	userRoles, err := h.getter.GetRolesByUserID(ctx, user.ID)
+	userRoles, err := handler.getter.GetRolesByUserID(ctx, user.ID)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -443,7 +499,7 @@ func (h *handler) GetRolesByUserID(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, roles)
 }
 
-func (h *handler) SetRoleByUserID(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) SetRoleByUserID(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -471,7 +527,7 @@ func (h *handler) SetRoleByUserID(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := h.setter.AddUserRole(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), postableRole.Name); err != nil {
+	if err := handler.setter.AddUserRole(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), postableRole.Name); err != nil {
 		render.Error(w, err)
 		return
 	}
@@ -479,7 +535,7 @@ func (h *handler) SetRoleByUserID(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, nil)
 }
 
-func (h *handler) RemoveUserRoleByRoleID(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) RemoveUserRoleByRoleID(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -497,7 +553,7 @@ func (h *handler) RemoveUserRoleByRoleID(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	if err := h.setter.RemoveUserRole(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), valuer.MustNewUUID(roleID)); err != nil {
+	if err := handler.setter.RemoveUserRole(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), valuer.MustNewUUID(roleID)); err != nil {
 		render.Error(w, err)
 		return
 	}
@@ -505,7 +561,7 @@ func (h *handler) RemoveUserRoleByRoleID(w http.ResponseWriter, r *http.Request)
 	render.Success(w, http.StatusNoContent, nil)
 }
 
-func (h *handler) GetUsersByRoleID(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) GetUsersByRoleID(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -517,7 +573,7 @@ func (h *handler) GetUsersByRoleID(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	users, err := h.getter.GetUsersByOrgIDAndRoleID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(roleID))
+	users, err := handler.getter.GetUsersByOrgIDAndRoleID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(roleID))
 	if err != nil {
 		render.Error(w, err)
 		return

pkg/modules/user/impluser/store.go

@@ -359,6 +359,26 @@ func (store *store) GetResetPasswordTokenByPasswordID(ctx context.Context, passw
 	return resetPasswordToken, nil
 }
 
+func (store *store) GetResetPasswordTokenByOrgIDAndUserID(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) (*types.ResetPasswordToken, error) {
+	resetPasswordToken := new(types.ResetPasswordToken)
+
+	err := store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(resetPasswordToken).
+		Join("JOIN factor_password ON factor_password.id = reset_password_token.password_id").
+		Join("JOIN users ON users.id = factor_password.user_id").
+		Where("factor_password.user_id = ?", userID).
+		Where("users.org_id = ?", orgID).
+		Scan(ctx)
+	if err != nil {
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrResetPasswordTokenNotFound, "reset password token for user %s does not exist", userID)
+	}
+
+	return resetPasswordToken, nil
+}
+
 func (store *store) DeleteResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) error {
 	_, err := store.sqlstore.BunDBCtx(ctx).NewDelete().
 		Model(&types.ResetPasswordToken{}).

pkg/modules/user/user.go

@@ -80,6 +80,9 @@ type Getter interface {
 	// Get factor password by user id.
 	GetFactorPasswordByUserID(context.Context, valuer.UUID) (*types.FactorPassword, error)
 
+	// Get reset password token by org id and user id.
+	GetResetPasswordTokenByOrgIDAndUserID(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) (*types.ResetPasswordToken, error)
+
 	// Gets single Non-Deleted user by email and org id
 	GetNonDeletedUserByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) (*types.User, error)
 
@@ -112,7 +115,9 @@ type Handler interface {
 	GetUsersByRoleID(http.ResponseWriter, *http.Request)
 
 	// Reset Password
+	GetResetPasswordTokenDeprecated(http.ResponseWriter, *http.Request)
 	GetResetPasswordToken(http.ResponseWriter, *http.Request)
+	CreateResetPasswordToken(http.ResponseWriter, *http.Request)
 	ResetPassword(http.ResponseWriter, *http.Request)
 	ChangePassword(http.ResponseWriter, *http.Request)
 	ForgotPassword(http.ResponseWriter, *http.Request)

pkg/querybuilder/collision.go

@@ -207,16 +207,23 @@ func AdjustKey(key *telemetrytypes.TelemetryFieldKey, keys map[string][]*telemet
 		indexes := []telemetrytypes.JSONDataTypeIndex{}
 		fieldContextsSeen := map[telemetrytypes.FieldContext]bool{}
 		dataTypesSeen := map[telemetrytypes.FieldDataType]bool{}
+		jsonTypesSeen := map[string]*telemetrytypes.JSONDataType{}
 		for _, matchingKey := range matchingKeys {
 			materialized = materialized && matchingKey.Materialized
 			fieldContextsSeen[matchingKey.FieldContext] = true
 			dataTypesSeen[matchingKey.FieldDataType] = true
+			if matchingKey.JSONDataType != nil {
+				jsonTypesSeen[matchingKey.JSONDataType.StringValue()] = matchingKey.JSONDataType
+			}
 			indexes = append(indexes, matchingKey.Indexes...)
 		}
 		for _, matchingKey := range contextPrefixedMatchingKeys {
 			materialized = materialized && matchingKey.Materialized
 			fieldContextsSeen[matchingKey.FieldContext] = true
 			dataTypesSeen[matchingKey.FieldDataType] = true
+			if matchingKey.JSONDataType != nil {
+				jsonTypesSeen[matchingKey.JSONDataType.StringValue()] = matchingKey.JSONDataType
+			}
 			indexes = append(indexes, matchingKey.Indexes...)
 		}
 		key.Materialized = materialized
@@ -241,6 +248,15 @@ func AdjustKey(key *telemetrytypes.TelemetryFieldKey, keys map[string][]*telemet
 				break
 			}
 		}
+
+		if len(jsonTypesSeen) == 1 && key.JSONDataType == nil {
+			// all matching keys have same JSON data type, use it
+			for _, jt := range jsonTypesSeen {
+				actions = append(actions, fmt.Sprintf("Adjusting key %s to have JSON data type %s", key, jt.StringValue()))
+				key.JSONDataType = jt
+				break
+			}
+		}
 	}
 
 	return actions

pkg/querybuilder/where_clause_visitor_test.go

@@ -318,7 +318,7 @@ func TestVisitKey(t *testing.T) {
 					{
 						Name:          "count",
 						FieldContext:  telemetrytypes.FieldContextAttribute,
-						FieldDataType: telemetrytypes.FieldDataTypeInt64,
+						FieldDataType: telemetrytypes.FieldDataTypeNumber,
 					},
 				},
 			},
@@ -326,7 +326,7 @@ func TestVisitKey(t *testing.T) {
 				{
 					Name:          "count",
 					FieldContext:  telemetrytypes.FieldContextAttribute,
-					FieldDataType: telemetrytypes.FieldDataTypeInt64,
+					FieldDataType: telemetrytypes.FieldDataTypeNumber,
 				},
 			},
 			expectedErrors:     nil,

pkg/telemetrylogs/condition_builder.go

@@ -44,6 +44,7 @@ func (c *conditionBuilder) conditionFor(
 			}
 			return cond, nil
 		}
+
 	}
 
 	if operator.IsStringSearchOperator() {

pkg/telemetrylogs/field_mapper.go

@@ -276,10 +276,14 @@ func (m *fieldMapper) FieldFor(ctx context.Context, tsStart, tsEnd uint64, key *
 					continue
 				}
 
-				if key.FieldDataType == telemetrytypes.FieldDataTypeUnspecified {
+				if key.JSONDataType == nil {
 					return "", qbtypes.ErrColumnNotFound
 				}
 
+				if key.KeyNameContainsArray() && !key.JSONDataType.IsArray {
+					return "", errors.NewInvalidInputf(errors.CodeInvalidInput, "FieldFor not supported for nested fields; only supported for flat paths (e.g. body.status.detail) and paths of Array type: %s(%s)", key.Name, key.FieldDataType)
+				}
+
 				expr, err := m.buildFieldForJSON(key)
 				if err != nil {
 					return "", err
@@ -350,6 +354,7 @@ func (m *fieldMapper) ColumnExpressionFor(
 	field *telemetrytypes.TelemetryFieldKey,
 	keys map[string][]*telemetrytypes.TelemetryFieldKey,
 ) (string, error) {
+
 	fieldExpression, err := m.FieldFor(ctx, tsStart, tsEnd, field)
 	if errors.Is(err, qbtypes.ErrColumnNotFound) {
 		// the key didn't have the right context to be added to the query
@@ -388,8 +393,6 @@ func (m *fieldMapper) ColumnExpressionFor(
 			}
 			fieldExpression = fmt.Sprintf("multiIf(%s, NULL)", strings.Join(args, ", "))
 		}
-	} else if err != nil {
-		return "", err
 	}
 
 	return fmt.Sprintf("%s AS `%s`", sqlbuilder.Escape(fieldExpression), field.Name), nil

pkg/telemetrylogs/json_condition_builder.go

@@ -173,9 +173,29 @@ func (c *jsonConditionBuilder) terminalIndexedCondition(node *telemetrytypes.JSO
 		return "", errors.NewInternalf(CodeArrayNavigationFailed, "can not build index condition for array field %s", fieldPath)
 	}
 
-	indexedExpr := assumeNotNull(fmt.Sprintf("dynamicElement(%s, '%s')", fieldPath, node.TerminalConfig.ElemType.StringValue()))
+	elemType := node.TerminalConfig.ElemType
+	dynamicExpr := fmt.Sprintf("dynamicElement(%s, '%s')", fieldPath, elemType.StringValue())
+	indexedExpr := assumeNotNull(dynamicExpr)
+
+	// switch the operator and value for exists and not exists
+	switch operator {
+	case qbtypes.FilterOperatorExists:
+		operator = qbtypes.FilterOperatorNotEqual
+		value = getEmptyValue(elemType)
+	case qbtypes.FilterOperatorNotExists:
+		operator = qbtypes.FilterOperatorEqual
+		value = getEmptyValue(elemType)
+	default:
+		// do nothing
+	}
+
 	indexedExpr, formattedValue := querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, value, indexedExpr, operator)
-	return c.applyOperator(sb, indexedExpr, operator, formattedValue)
+	cond, err := c.applyOperator(sb, indexedExpr, operator, formattedValue)
+	if err != nil {
+		return "", err
+	}
+
+	return cond, nil
 }
 
 // buildPrimitiveTerminalCondition builds the condition if the terminal node is a primitive type
@@ -184,31 +204,32 @@ func (c *jsonConditionBuilder) buildPrimitiveTerminalCondition(node *telemetryty
 	fieldPath := node.FieldPath()
 	conditions := []string{}
 
-	// Utilize indexes when available, except for EXISTS/NOT EXISTS checks.
-	// Indexed columns always store a default empty value for absent fields (e.g. "" for strings,
-	// 0 for numbers), so using the index for existence checks would incorrectly exclude rows where
-	// the field genuinely holds the empty/zero value.
+	// utilize indexes for the condition if available
 	//
-	// Note: indexing is also skipped for Array Nested fields because they cannot be indexed.
+	// Note: Indexing code doesn't get executed for Array Nested fields because they can not be indexed
 	indexed := slices.ContainsFunc(node.TerminalConfig.Key.Indexes, func(index telemetrytypes.JSONDataTypeIndex) bool {
 		return index.Type == node.TerminalConfig.ElemType
 	})
-	isExistsCheck := operator == qbtypes.FilterOperatorExists || operator == qbtypes.FilterOperatorNotExists
-	if node.TerminalConfig.ElemType.IndexSupported && indexed && !isExistsCheck {
+	if node.TerminalConfig.ElemType.IndexSupported && indexed {
 		indexCond, err := c.terminalIndexedCondition(node, operator, value, sb)
 		if err != nil {
 			return "", err
 		}
-		// With a concrete non-zero value the index condition is self-contained.
+		// if qb has a definitive value, we can skip adding a condition to
+		// check the existence of the path in the json column
 		if value != nil && value != getEmptyValue(node.TerminalConfig.ElemType) {
 			return indexCond, nil
 		}
-		// The value is nil or the type's zero/empty value. Because indexed columns always store
-		// that zero value for absent fields, the index alone cannot distinguish "field is absent"
-		// from "field exists with zero value". Append a path-existence check (IS NOT NULL) as a
-		// second condition and AND them together.
+
 		conditions = append(conditions, indexCond)
-		operator = qbtypes.FilterOperatorExists
+
+		// Switch operator to EXISTS except when operator is NOT EXISTS since
+		// indexed paths on assumedNotNull, indexes will always have a default
+		// value so we flip the operator to Exists and filter the rows that
+		// actually have the value
+		if operator != qbtypes.FilterOperatorNotExists {
+			operator = qbtypes.FilterOperatorExists
+		}
 	}
 
 	var formattedValue = value
@@ -218,15 +239,20 @@ func (c *jsonConditionBuilder) buildPrimitiveTerminalCondition(node *telemetryty
 
 	fieldExpr := fmt.Sprintf("dynamicElement(%s, '%s')", fieldPath, node.TerminalConfig.ElemType.StringValue())
 
-	// For non-nested paths with a negative comparison operator (e.g. !=, NOT LIKE, NOT IN),
-	// wrap in assumeNotNull so ClickHouse treats absent paths as the zero value rather than NULL,
-	// which would otherwise cause them to be silently dropped from results.
-	// NOT EXISTS is excluded: we want a true NULL check there, not a zero-value stand-in.
+	// if operator is negative and has a value comparison i.e. excluding EXISTS and NOT EXISTS, we need to assume that the field exists everywhere
 	//
-	// Note: for nested array paths, buildAccessNodeBranches already inverts the operator before
-	// reaching here, so IsNonNestedPath() guards against double-applying the wrapping.
-	if node.IsNonNestedPath() && operator.IsNegativeOperator() && operator != qbtypes.FilterOperatorNotExists {
-		fieldExpr = assumeNotNull(fieldExpr)
+	// Note: here applyNotCondition will return true only if; top level path is being queried and operator is a negative operator
+	// Otherwise this code will be triggered by buildAccessNodeBranches; Where operator would've been already inverted if needed.
+	if node.IsNonNestedPath() {
+		yes, _ := applyNotCondition(operator)
+		if yes {
+			switch operator {
+			case qbtypes.FilterOperatorNotExists:
+				// skip
+			default:
+				fieldExpr = assumeNotNull(fieldExpr)
+			}
+		}
 	}
 
 	fieldExpr, formattedValue = querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, formattedValue, fieldExpr, operator)

pkg/telemetrylogs/json_stmt_builder_test.go

@@ -220,7 +220,7 @@ func TestJSONStmtBuilder_PrimitivePaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "(((LOWER(toString(dynamicElement(body_v2.`user.age`, 'Int64'))) LIKE LOWER(?)) AND has(JSONAllPaths(body_v2), 'user.age')) OR ((LOWER(dynamicElement(body_v2.`user.age`, 'String')) LIKE LOWER(?)) AND has(JSONAllPaths(body_v2), 'user.age')))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "%25%", "%25%", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `user.age` is ambiguous, found 2 different combinations of field context / data type: [name=user.age,context=body,datatype=int64 name=user.age,context=body,datatype=string]."},
+				Warnings:    []string{"Key `user.age` is ambiguous, found 2 different combinations of field context / data type: [name=user.age,context=body,datatype=int64,jsondatatype=Int64 name=user.age,context=body,datatype=string,jsondatatype=String]."},
 			},
 		},
 		{
@@ -414,7 +414,7 @@ func TestStatementBuilderListQueryBodyPromoted(t *testing.T) {
 			},
 			expected: TestExpected{
 				Args:     []any{uint64(1747945619), uint64(1747983448), "%1.65%", 1.65, "%1.65%", 1.65, "%1.65%", 1.65, "%1.65%", 1.65, "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings: []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,materialized=true name=education[].parameters,context=body,datatype=[]dynamic,materialized=true]."},
+				Warnings: []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,materialized=true,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,materialized=true,jsondatatype=Array(Dynamic)]."},
 			},
 			expectedErr: nil,
 		},
@@ -441,7 +441,7 @@ func TestStatementBuilderListQueryBodyPromoted(t *testing.T) {
 			},
 			expected: TestExpected{
 				Args:     []any{uint64(1747945619), uint64(1747983448), "%true%", true, "%true%", true, "%true%", true, "%true%", true, "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings: []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,materialized=true name=education[].parameters,context=body,datatype=[]dynamic,materialized=true]."},
+				Warnings: []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,materialized=true,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,materialized=true,jsondatatype=Array(Dynamic)]."},
 			},
 			expectedErr: nil,
 		},
@@ -455,7 +455,7 @@ func TestStatementBuilderListQueryBodyPromoted(t *testing.T) {
 			},
 			expected: TestExpected{
 				Args:     []any{uint64(1747945619), uint64(1747983448), "%passed%", "passed", "%passed%", "passed", "%passed%", "passed", "%passed%", "passed", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings: []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,materialized=true name=education[].parameters,context=body,datatype=[]dynamic,materialized=true]."},
+				Warnings: []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,materialized=true,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,materialized=true,jsondatatype=Array(Dynamic)]."},
 			},
 			expectedErr: nil,
 		},
@@ -549,7 +549,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "((NOT arrayExists(`body_v2.education`-> toFloat64OrNull(dynamicElement(`body_v2.education`.`type`, 'String')) = ?, dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND (NOT arrayExists(`body_v2.education`-> dynamicElement(`body_v2.education`.`type`, 'Int64') = ?, dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), int64(10001), int64(10001), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `education[].type` is ambiguous, found 2 different combinations of field context / data type: [name=education[].type,context=body,datatype=string name=education[].type,context=body,datatype=int64]."},
+				Warnings:    []string{"Key `education[].type` is ambiguous, found 2 different combinations of field context / data type: [name=education[].type,context=body,datatype=string,jsondatatype=String name=education[].type,context=body,datatype=int64,jsondatatype=Int64]."},
 			},
 		},
 		{
@@ -576,7 +576,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "(((arrayExists(`body_v2.education`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))')) OR arrayExists(x -> toFloat64(x) = ?, dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))'))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')) OR ((arrayExists(`body_v2.education`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)'))) OR arrayExists(x -> accurateCastOrNull(x, 'Float64') = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)')))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "%1.65%", 1.65, "%1.65%", 1.65, "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64 name=education[].parameters,context=body,datatype=[]dynamic]."},
+				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,jsondatatype=Array(Dynamic)]."},
 			},
 		},
 		{
@@ -585,7 +585,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "(((arrayExists(`body_v2.education`-> arrayExists(x -> toString(x) = ?, dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))')), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')) OR ((arrayExists(`body_v2.education`-> arrayExists(x -> toString(x) = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)'))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "passed", "passed", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64 name=education[].parameters,context=body,datatype=[]dynamic]."},
+				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,jsondatatype=Array(Dynamic)]."},
 			},
 		},
 		{
@@ -594,7 +594,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "(((arrayExists(`body_v2.education`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))')) OR arrayExists(x -> toString(x) = ?, dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))'))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')) OR ((arrayExists(`body_v2.education`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)'))) OR arrayExists(x -> toString(x) = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)')))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "%passed%", "passed", "%passed%", "passed", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64 name=education[].parameters,context=body,datatype=[]dynamic]."},
+				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,jsondatatype=Array(Dynamic)]."},
 			},
 		},
 		{
@@ -603,7 +603,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "(((arrayExists(`body_v2.education`-> arrayExists(x -> toFloat64(x) IN (?, ?), dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))')), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')) OR ((arrayExists(`body_v2.education`-> arrayExists(x -> toString(x) IN (?, ?), arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)'))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), 1.65, 1.99, "1.65", "1.99", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64 name=education[].parameters,context=body,datatype=[]dynamic]."},
+				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,jsondatatype=Array(Dynamic)]."},
 			},
 		},
 		{
@@ -612,7 +612,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "((NOT arrayExists(`body_v2.education`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))')) OR arrayExists(x -> toFloat64(x) = ?, dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))'))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND (NOT arrayExists(`body_v2.education`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)'))) OR arrayExists(x -> accurateCastOrNull(x, 'Float64') = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)')))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "%1.65%", float64(1.65), "%1.65%", float64(1.65), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64 name=education[].parameters,context=body,datatype=[]dynamic]."},
+				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,jsondatatype=Array(Dynamic)]."},
 			},
 		},
 		{
@@ -622,7 +622,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 				WhereClause: "(has(arrayFlatten(arrayConcat(arrayMap(`body_v2.education`->dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))'), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))')))), ?) OR has(arrayFlatten(arrayConcat(arrayMap(`body_v2.education`->dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)'), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))')))), ?))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), 1.65, 1.65, "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
 				Warnings: []string{
-					"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64 name=education[].parameters,context=body,datatype=[]dynamic].",
+					"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,jsondatatype=Array(Dynamic)].",
 				},
 			},
 		},
@@ -702,7 +702,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "(((arrayExists(`body_v2.interests`-> arrayExists(`body_v2.interests[].entities`-> arrayExists(`body_v2.interests[].entities[].reviews`-> arrayExists(`body_v2.interests[].entities[].reviews[].entries`-> arrayExists(`body_v2.interests[].entities[].reviews[].entries[].metadata`-> arrayExists(`body_v2.interests[].entities[].reviews[].entries[].metadata[].positions`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), dynamicElement(`body_v2.interests[].entities[].reviews[].entries[].metadata[].positions`.`ratings`, 'Array(Nullable(Int64))')) OR arrayExists(x -> toFloat64(x) = ?, dynamicElement(`body_v2.interests[].entities[].reviews[].entries[].metadata[].positions`.`ratings`, 'Array(Nullable(Int64))'))), dynamicElement(`body_v2.interests[].entities[].reviews[].entries[].metadata`.`positions`, 'Array(JSON(max_dynamic_types=0, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests[].entities[].reviews[].entries`.`metadata`, 'Array(JSON(max_dynamic_types=1, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests[].entities[].reviews`.`entries`, 'Array(JSON(max_dynamic_types=2, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests[].entities`.`reviews`, 'Array(JSON(max_dynamic_types=4, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests`.`entities`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), dynamicElement(body_v2.`interests`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'interests')) OR ((arrayExists(`body_v2.interests`-> arrayExists(`body_v2.interests[].entities`-> arrayExists(`body_v2.interests[].entities[].reviews`-> arrayExists(`body_v2.interests[].entities[].reviews[].entries`-> arrayExists(`body_v2.interests[].entities[].reviews[].entries[].metadata`-> arrayExists(`body_v2.interests[].entities[].reviews[].entries[].metadata[].positions`-> (arrayExists(x -> LOWER(x) LIKE LOWER(?), dynamicElement(`body_v2.interests[].entities[].reviews[].entries[].metadata[].positions`.`ratings`, 'Array(Nullable(String))')) OR arrayExists(x -> toFloat64OrNull(x) = ?, dynamicElement(`body_v2.interests[].entities[].reviews[].entries[].metadata[].positions`.`ratings`, 'Array(Nullable(String))'))), dynamicElement(`body_v2.interests[].entities[].reviews[].entries[].metadata`.`positions`, 'Array(JSON(max_dynamic_types=0, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests[].entities[].reviews[].entries`.`metadata`, 'Array(JSON(max_dynamic_types=1, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests[].entities[].reviews`.`entries`, 'Array(JSON(max_dynamic_types=2, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests[].entities`.`reviews`, 'Array(JSON(max_dynamic_types=4, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests`.`entities`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), dynamicElement(body_v2.`interests`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'interests')))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "%4%", float64(4), "%4%", float64(4), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `interests[].entities[].reviews[].entries[].metadata[].positions[].ratings` is ambiguous, found 2 different combinations of field context / data type: [name=interests[].entities[].reviews[].entries[].metadata[].positions[].ratings,context=body,datatype=[]int64 name=interests[].entities[].reviews[].entries[].metadata[].positions[].ratings,context=body,datatype=[]string]."},
+				Warnings:    []string{"Key `interests[].entities[].reviews[].entries[].metadata[].positions[].ratings` is ambiguous, found 2 different combinations of field context / data type: [name=interests[].entities[].reviews[].entries[].metadata[].positions[].ratings,context=body,datatype=[]int64,jsondatatype=Array(Nullable(Int64)) name=interests[].entities[].reviews[].entries[].metadata[].positions[].ratings,context=body,datatype=[]string,jsondatatype=Array(Nullable(String))]."},
 			},
 		},
 		{
@@ -844,10 +844,7 @@ func TestJSONStmtBuilder_IndexedPaths(t *testing.T) {
 				Args:        []any{uint64(1747945619), uint64(1747983448), float64(110001), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
 			},
 		},
-		// ── indexed exists: index is skipped; emits plain IS NOT NULL ───────────
-		// EXISTS/NOT EXISTS bypass the index because indexed columns store a default
-		// empty value for absent fields, making != "" unreliable for existence checks
-		// (a field with value "" would be incorrectly excluded).
+		// ── indexed exists: emits assumeNotNull != nil AND dynamicElement IS NOT NULL ─
 		{
 			name: "Indexed String Exists",
 			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
@@ -856,8 +853,8 @@ func TestJSONStmtBuilder_IndexedPaths(t *testing.T) {
 				Limit:  10,
 			},
 			expected: TestExpected{
-				WhereClause: "(dynamicElement(body_v2.`user.name`, 'String') IS NOT NULL)",
-				Args:        []any{uint64(1747945619), uint64(1747983448), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
+				WhereClause: "((assumeNotNull(dynamicElement(body_v2.`user.name`, 'String')) <> ? AND dynamicElement(body_v2.`user.name`, 'String') IS NOT NULL))",
+				Args:        []any{uint64(1747945619), uint64(1747983448), "", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
 			},
 		},
 		// ── indexed not-equal: assumeNotNull wrapping + no path index ─────────
@@ -873,6 +870,22 @@ func TestJSONStmtBuilder_IndexedPaths(t *testing.T) {
 				Args:        []any{uint64(1747945619), uint64(1747983448), "alice", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
 			},
 		},
+		// ── indexed not-exists: assumeNotNull = "" AND assumeNotNull IS NOT NULL ─
+		// FilterOperatorNotExists → Equal + emptyValue("") in the indexed branch,
+		// then a second condition flipped to Exists (IS NOT NULL) on the same
+		// assumeNotNull expr, producing AND(= "", IS NOT NULL).
+		{
+			name: "Indexed String NotExists",
+			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
+				Signal: telemetrytypes.SignalLogs,
+				Filter: &qbtypes.Filter{Expression: "body.user.name NOT EXISTS"},
+				Limit:  10,
+			},
+			expected: TestExpected{
+				WhereClause: "((assumeNotNull(dynamicElement(body_v2.`user.name`, 'String')) = ? AND dynamicElement(body_v2.`user.name`, 'String') IS NULL))",
+				Args:        []any{uint64(1747945619), uint64(1747983448), "", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
+			},
+		},
 
 		// ── special-character indexed paths ───────────────────────────────────
 		{
@@ -929,171 +942,20 @@ func TestJSONStmtBuilder_IndexedPaths(t *testing.T) {
 		})
 	}
 }
-
-func TestJSONStmtBuilder_SelectField(t *testing.T) {
-	enable, disable := jsonQueryTestUtil(t)
-	enable()
-	defer disable()
-	statementBuilder := buildJSONTestStatementBuilder(t, false)
-
-	cases := []struct {
-		name                string
-		requestType         qbtypes.RequestType
-		query               qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]
-		expected            qbtypes.Statement
-		expectedErrContains string
-	}{
-		{
-			name:        "select_x_education[].awards[].participated[].members",
-			requestType: qbtypes.RequestTypeRaw,
-			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
-				Signal:       telemetrytypes.SignalLogs,
-				StepInterval: qbtypes.Step{Duration: 30 * time.Second},
-				Limit:        10,
-				SelectFields: []telemetrytypes.TelemetryFieldKey{
-					{
-						Name: "education[].awards[].participated[].members",
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: "user.name exists",
-				},
-			},
-			expected: qbtypes.Statement{
-				Query: "WITH __resource_filter AS (SELECT fingerprint FROM signoz_logs.distributed_logs_v2_resource WHERE true AND seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?) SELECT timestamp, id, arrayFlatten(arrayConcat(arrayMap(`body_v2.education`->arrayConcat(arrayMap(`body_v2.education[].awards`->arrayConcat(arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(JSON(max_dynamic_types=4, max_dynamic_paths=0))')), arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(Dynamic)'))))), dynamicElement(`body_v2.education`.`awards`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), arrayMap(`body_v2.education[].awards`->arrayConcat(arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=256))')), arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(Dynamic)'))))), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education`.`awards`, 'Array(Dynamic)'))))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))')))) AS `education[].awards[].participated[].members` FROM signoz_logs.distributed_logs_v2 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter) AND (dynamicElement(body_v2.`user.name`, 'String') IS NOT NULL) AND timestamp >= ? AND ts_bucket_start >= ? AND timestamp < ? AND ts_bucket_start <= ? LIMIT ?",
-				Args:  []any{uint64(1747945619), uint64(1747983448), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-			},
-		},
-		{
-			name:        "select_x_user.name",
-			requestType: qbtypes.RequestTypeRaw,
-			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
-				Signal:       telemetrytypes.SignalLogs,
-				StepInterval: qbtypes.Step{Duration: 30 * time.Second},
-				Limit:        10,
-				SelectFields: []telemetrytypes.TelemetryFieldKey{
-					{
-						Name: "user.name",
-					},
-				},
-			},
-			expected: qbtypes.Statement{
-				Query: "WITH __resource_filter AS (SELECT fingerprint FROM signoz_logs.distributed_logs_v2_resource WHERE seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?) SELECT timestamp, id, dynamicElement(body_v2.`user.name`, 'String') AS `user.name` FROM signoz_logs.distributed_logs_v2 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter) AND timestamp >= ? AND ts_bucket_start >= ? AND timestamp < ? AND ts_bucket_start <= ? LIMIT ?",
-				Args:  []any{uint64(1747945619), uint64(1747983448), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-			},
-		},
-	}
-
-	for _, c := range cases {
-		t.Run(c.name, func(t *testing.T) {
-			q, err := statementBuilder.Build(context.Background(), 1747947419000, 1747983448000, c.requestType, c.query, nil)
-			if c.expectedErrContains != "" {
-				require.Error(t, err)
-				require.Contains(t, err.Error(), c.expectedErrContains)
-			} else {
-				require.NoError(t, err)
-				require.Equal(t, c.expected.Query, q.Query)
-				require.Equal(t, c.expected.Args, q.Args)
-				require.Equal(t, c.expected.Warnings, q.Warnings)
-			}
-		})
-	}
-}
-
-func TestJSONStmtBuilder_OrderBy(t *testing.T) {
-	enable, disable := jsonQueryTestUtil(t)
-	enable()
-	defer disable()
-	statementBuilder := buildJSONTestStatementBuilder(t, false)
-
-	cases := []struct {
-		name                string
-		requestType         qbtypes.RequestType
-		query               qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]
-		expected            qbtypes.Statement
-		expectedErrContains string
-	}{
-		{
-			name:        "order_by_education[].awards[].participated[].members",
-			requestType: qbtypes.RequestTypeRaw,
-			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
-				Signal:       telemetrytypes.SignalLogs,
-				StepInterval: qbtypes.Step{Duration: 30 * time.Second},
-				Limit:        10,
-				Order: []qbtypes.OrderBy{
-					{
-						Key: qbtypes.OrderByKey{
-							TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-								Name: "education[].awards[].participated[].members",
-							},
-						},
-						Direction: qbtypes.OrderDirectionAsc,
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: "user.name exists",
-				},
-			},
-			expected: qbtypes.Statement{
-				Query: "WITH __resource_filter AS (SELECT fingerprint FROM signoz_logs.distributed_logs_v2_resource WHERE true AND seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?) SELECT timestamp, id, trace_id, span_id, trace_flags, severity_text, severity_number, scope_name, scope_version, body_v2 as body, attributes_string, attributes_number, attributes_bool, resources_string, scope_string FROM signoz_logs.distributed_logs_v2 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter) AND (dynamicElement(body_v2.`user.name`, 'String') IS NOT NULL) AND timestamp >= ? AND ts_bucket_start >= ? AND timestamp < ? AND ts_bucket_start <= ? ORDER BY arrayFlatten(arrayConcat(arrayMap(`body_v2.education`->arrayConcat(arrayMap(`body_v2.education[].awards`->arrayConcat(arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(JSON(max_dynamic_types=4, max_dynamic_paths=0))')), arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(Dynamic)'))))), dynamicElement(`body_v2.education`.`awards`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), arrayMap(`body_v2.education[].awards`->arrayConcat(arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=256))')), arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(Dynamic)'))))), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education`.`awards`, 'Array(Dynamic)'))))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))')))) AS `education[].awards[].participated[].members` asc LIMIT ?",
-				Args:  []any{uint64(1747945619), uint64(1747983448), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-			},
-		},
-		{
-			name:        "order_by_user.name",
-			requestType: qbtypes.RequestTypeRaw,
-			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
-				Signal:       telemetrytypes.SignalLogs,
-				StepInterval: qbtypes.Step{Duration: 30 * time.Second},
-				Limit:        10,
-				Order: []qbtypes.OrderBy{
-					{
-						Key: qbtypes.OrderByKey{
-							TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-								Name: "user.name",
-							},
-						},
-						Direction: qbtypes.OrderDirectionAsc,
-					},
-				},
-			},
-			expected: qbtypes.Statement{
-				Query: "WITH __resource_filter AS (SELECT fingerprint FROM signoz_logs.distributed_logs_v2_resource WHERE seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?) SELECT timestamp, id, trace_id, span_id, trace_flags, severity_text, severity_number, scope_name, scope_version, body_v2 as body, attributes_string, attributes_number, attributes_bool, resources_string, scope_string FROM signoz_logs.distributed_logs_v2 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter) AND timestamp >= ? AND ts_bucket_start >= ? AND timestamp < ? AND ts_bucket_start <= ? ORDER BY dynamicElement(body_v2.`user.name`, 'String') AS `user.name` asc LIMIT ?",
-				Args:  []any{uint64(1747945619), uint64(1747983448), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-			},
-		},
-	}
-
-	for _, c := range cases {
-		t.Run(c.name, func(t *testing.T) {
-			q, err := statementBuilder.Build(context.Background(), 1747947419000, 1747983448000, c.requestType, c.query, nil)
-			if c.expectedErrContains != "" {
-				require.Error(t, err)
-				require.Contains(t, err.Error(), c.expectedErrContains)
-			} else {
-				require.NoError(t, err)
-				require.Equal(t, c.expected.Query, q.Query)
-				require.Equal(t, c.expected.Args, q.Args)
-				require.Equal(t, c.expected.Warnings, q.Warnings)
-			}
-		})
-	}
-}
-
 func buildTestTelemetryMetadataStore(t *testing.T, addIndexes bool) *telemetrytypestest.MockMetadataStore {
 	mockMetadataStore := telemetrytypestest.NewMockMetadataStore()
 	mockMetadataStore.SetStaticFields(IntrinsicFields)
 	types, _ := telemetrytypes.TestJSONTypeSet()
-	for path, fieldDataTypes := range types {
-		for _, fdt := range fieldDataTypes {
+	for path, jsonTypes := range types {
+		for _, jsonType := range jsonTypes {
 			key := &telemetrytypes.TelemetryFieldKey{
 				Name:          path,
 				Signal:        telemetrytypes.SignalLogs,
 				FieldContext:  telemetrytypes.FieldContextBody,
-				FieldDataType: fdt,
+				FieldDataType: telemetrytypes.MappingJSONDataTypeToFieldDataType[jsonType],
+				JSONDataType:  &jsonType,
 			}
 			if addIndexes {
-				jsonType := telemetrytypes.MappingFieldDataTypeToJSONDataType[fdt]
 				idx := slices.IndexFunc(telemetrytypes.TestIndexedPaths, func(entry telemetrytypes.TestIndexedPathEntry) bool {
 					return entry.Path == path && entry.Type == jsonType
 				})

pkg/telemetrylogs/stmt_builder_test.go

@@ -875,6 +875,7 @@ func TestAdjustKey(t *testing.T) {
 			require.Equal(t, c.expectedKey.FieldContext, key.FieldContext, "field context should match")
 			require.Equal(t, c.expectedKey.FieldDataType, key.FieldDataType, "field data type should match")
 			require.Equal(t, c.expectedKey.Materialized, key.Materialized, "materialized should match")
+			require.Equal(t, c.expectedKey.JSONDataType, key.JSONDataType, "json data type should match")
 			require.Equal(t, c.expectedKey.Indexes, key.Indexes, "json exists should match")
 		})
 	}

pkg/telemetrymetadata/body_json_metadata.go

@@ -21,84 +21,133 @@ import (
 )
 
 var (
+	defaultPathLimit = 100 // Default limit to prevent full table scans
+
+	CodeUnknownJSONDataType     = errors.MustNewCode("unknown_json_data_type")
 	CodeFailLoadPromotedPaths   = errors.MustNewCode("fail_load_promoted_paths")
 	CodeFailCheckPathPromoted   = errors.MustNewCode("fail_check_path_promoted")
+	CodeFailIterateBodyJSONKeys = errors.MustNewCode("fail_iterate_body_json_keys")
+	CodeFailExtractBodyJSONKeys = errors.MustNewCode("fail_extract_body_json_keys")
 	CodeFailLoadLogsJSONIndexes = errors.MustNewCode("fail_load_logs_json_indexes")
 	CodeFailListJSONValues      = errors.MustNewCode("fail_list_json_values")
 	CodeFailScanJSONValue       = errors.MustNewCode("fail_scan_json_value")
 	CodeFailScanVariant         = errors.MustNewCode("fail_scan_variant")
+	CodeFailBuildJSONPathsQuery = errors.MustNewCode("fail_build_json_paths_query")
+	CodeNoPathsToQueryIndexes   = errors.MustNewCode("no_paths_to_query_indexes_provided")
 
 	CodeFailedToPrepareBatch = errors.MustNewCode("failed_to_prepare_batch_promoted_paths")
 	CodeFailedToSendBatch    = errors.MustNewCode("failed_to_send_batch_promoted_paths")
 	CodeFailedToAppendPath   = errors.MustNewCode("failed_to_append_path_promoted_paths")
 )
 
-// enrichJSONKeys enriches body-context keys with promoted path info, indexes,
-// and JSON access plans. parentTypeCache contains parent array types (ArrayJSON/ArrayDynamic)
-// pre-fetched in the main UNION query.
+// fetchBodyJSONPaths extracts body JSON paths from the path_types table
+// This function can be used by both JSONQueryBuilder and metadata extraction
+// uniquePathLimit: 0 for no limit, >0 for maximum number of unique paths to return
+//   - For startup load: set to 10000 to get top 10k unique paths
+//   - For lookup: set to 0 (no limit needed for single path)
+//   - For metadata API: set to desired pagination limit
 //
-// NOTE: enrichment can not work with FuzzySelectors; QB requests exact matches for query building so
-// parentTypeCache will actually have proper matches and
-// FuzzyMatching is for Suggestions API so enrichment is not needed.
-func (t *telemetryMetaStore) enrichJSONKeys(ctx context.Context, selectors []*telemetrytypes.FieldKeySelector, keys []*telemetrytypes.TelemetryFieldKey, parentTypeCache map[string][]telemetrytypes.FieldDataType) error {
-	mapOfExactSelectors := make(map[string]*telemetrytypes.FieldKeySelector)
-	for _, selector := range selectors {
-		if selector.SelectorMatchType != telemetrytypes.FieldSelectorMatchTypeExact {
-			continue
+// searchOperator: LIKE for pattern matching, EQUAL for exact match.
+func (t *telemetryMetaStore) fetchBodyJSONPaths(ctx context.Context,
+	fieldKeySelectors []*telemetrytypes.FieldKeySelector) ([]*telemetrytypes.TelemetryFieldKey, []string, bool, error) {
+	ctx = ctxtypes.NewContextWithCommentVals(ctx, map[string]string{
+		instrumentationtypes.TelemetrySignal:  telemetrytypes.SignalLogs.StringValue(),
+		instrumentationtypes.CodeNamespace:    "metadata",
+		instrumentationtypes.CodeFunctionName: "fetchBodyJSONPaths",
+	})
+
+	query, args, limit := buildGetBodyJSONPathsQuery(fieldKeySelectors)
+	rows, err := t.telemetrystore.ClickhouseDB().Query(ctx, query, args...)
+	if err != nil {
+		return nil, nil, false, errors.WrapInternalf(err, CodeFailExtractBodyJSONKeys, "failed to extract body JSON keys")
+	}
+	defer rows.Close()
+
+	fieldKeys := []*telemetrytypes.TelemetryFieldKey{}
+	paths := []string{}
+	rowCount := 0
+	for rows.Next() {
+		var path string
+		var typesArray []string // ClickHouse returns array as []string
+		var lastSeen uint64
+
+		err = rows.Scan(&path, &typesArray, &lastSeen)
+		if err != nil {
+			return nil, nil, false, errors.WrapInternalf(err, CodeFailExtractBodyJSONKeys, "failed to scan body JSON key row")
 		}
 
-		mapOfExactSelectors[selector.Name] = selector
-	}
-
-	var filteredKeys []*telemetrytypes.TelemetryFieldKey
-	for _, key := range keys {
-		if key.FieldContext == telemetrytypes.FieldContextBody && mapOfExactSelectors[key.Name] != nil {
-			filteredKeys = append(filteredKeys, key)
+		for _, typ := range typesArray {
+			mapping, found := telemetrytypes.MappingStringToJSONDataType[typ]
+			if !found {
+				t.logger.ErrorContext(ctx, "failed to map type string to JSON data type", slog.String("type", typ), slog.String("path", path))
+				continue
+			}
+			fieldKeys = append(fieldKeys, &telemetrytypes.TelemetryFieldKey{
+				Name:          path,
+				Signal:        telemetrytypes.SignalLogs,
+				FieldContext:  telemetrytypes.FieldContextBody,
+				FieldDataType: telemetrytypes.MappingJSONDataTypeToFieldDataType[mapping],
+				JSONDataType:  &mapping,
+			})
 		}
+
+		paths = append(paths, path)
+		rowCount++
+	}
+	if rows.Err() != nil {
+		return nil, nil, false, errors.WrapInternalf(rows.Err(), CodeFailIterateBodyJSONKeys, "error iterating body JSON keys")
 	}
 
-	if len(filteredKeys) == 0 {
-		return nil
-	}
-
-	paths := make([]string, 0, len(filteredKeys))
-	for _, key := range filteredKeys {
-		paths = append(paths, key.Name)
-	}
-
-	// fetch promoted paths
-	promoted, err := t.GetPromotedPaths(ctx, paths...)
-	if err != nil {
-		return err
-	}
-
-	// fetch JSON path indexes
-	indexes, err := t.getJSONPathIndexes(ctx, paths...)
-	if err != nil {
-		return err
-	}
-
-	// apply promoted/index metadata to keys
-	for _, key := range filteredKeys {
-		promotedKey := strings.Split(key.Name, telemetrytypes.ArraySep)[0]
-		key.Materialized = promoted[promotedKey]
-		key.Indexes = indexes[key.Name]
-	}
-
-	// build JSON access plans using the pre-fetched parent type cache
-	return t.buildJSONPlans(ctx, filteredKeys, parentTypeCache)
+	return fieldKeys, paths, rowCount <= limit, nil
 }
 
-// buildJSONPlans builds JSON access plans for the given keys
-// using the provided parent type cache (pre-fetched in the main UNION query).
-func (t *telemetryMetaStore) buildJSONPlans(_ context.Context, keys []*telemetrytypes.TelemetryFieldKey, typeCache map[string][]telemetrytypes.FieldDataType) error {
-	if len(keys) == 0 {
-		return nil
+func (t *telemetryMetaStore) buildBodyJSONPaths(ctx context.Context,
+	fieldKeySelectors []*telemetrytypes.FieldKeySelector) ([]*telemetrytypes.TelemetryFieldKey, bool, error) {
+
+	fieldKeys, paths, finished, err := t.fetchBodyJSONPaths(ctx, fieldKeySelectors)
+	if err != nil {
+		return nil, false, err
 	}
 
-	columnMeta := t.jsonColumnMetadata[telemetrytypes.SignalLogs][telemetrytypes.FieldContextBody]
+	promoted, err := t.GetPromotedPaths(ctx, paths...)
+	if err != nil {
+		return nil, false, err
+	}
+
+	indexes, err := t.getJSONPathIndexes(ctx, paths...)
+	if err != nil {
+		return nil, false, err
+	}
+
+	for _, fieldKey := range fieldKeys {
+		promotedKey := strings.Split(fieldKey.Name, telemetrytypes.ArraySep)[0]
+		fieldKey.Materialized = promoted[promotedKey]
+		fieldKey.Indexes = indexes[fieldKey.Name]
+	}
+
+	return fieldKeys, finished, t.buildJSONPlans(ctx, fieldKeys)
+}
+
+func (t *telemetryMetaStore) buildJSONPlans(ctx context.Context, keys []*telemetrytypes.TelemetryFieldKey) error {
+	parentSelectors := make([]*telemetrytypes.FieldKeySelector, 0, len(keys))
 	for _, key := range keys {
-		if err := key.SetJSONAccessPlan(columnMeta, typeCache); err != nil {
+		parentSelectors = append(parentSelectors, key.ArrayParentSelectors()...)
+	}
+
+	parentKeys, _, _, err := t.fetchBodyJSONPaths(ctx, parentSelectors)
+	if err != nil {
+		return err
+	}
+
+	typeCache := make(map[string][]telemetrytypes.JSONDataType)
+	for _, key := range parentKeys {
+		typeCache[key.Name] = append(typeCache[key.Name], *key.JSONDataType)
+	}
+
+	// build plans for keys now
+	for _, key := range keys {
+		err = key.SetJSONAccessPlan(t.jsonColumnMetadata[telemetrytypes.SignalLogs][telemetrytypes.FieldContextBody], typeCache)
+		if err != nil {
 			return err
 		}
 	}
@@ -106,6 +155,51 @@ func (t *telemetryMetaStore) buildJSONPlans(_ context.Context, keys []*telemetry
 	return nil
 }
 
+func buildGetBodyJSONPathsQuery(fieldKeySelectors []*telemetrytypes.FieldKeySelector) (string, []any, int) {
+	if len(fieldKeySelectors) == 0 {
+		return "", nil, defaultPathLimit
+	}
+	from := fmt.Sprintf("%s.%s", DBName, PathTypesTableName)
+
+	// Build a better query using GROUP BY to deduplicate at database level
+	// This aggregates all types per path and gets the max last_seen, then applies LIMIT
+	sb := sqlbuilder.Select(
+		"path",
+		"groupArray(DISTINCT type) AS types",
+		"max(last_seen) AS last_seen",
+	).From(from)
+
+	limit := 0
+	// Add search filter if provided
+	orClauses := []string{}
+	for _, fieldKeySelector := range fieldKeySelectors {
+		// replace [*] with []
+		fieldKeySelector.Name = strings.ReplaceAll(fieldKeySelector.Name, telemetrytypes.ArrayAnyIndex, telemetrytypes.ArraySep)
+		// Extract search text for body JSON keys
+		keyName := CleanPathPrefixes(fieldKeySelector.Name)
+		if fieldKeySelector.SelectorMatchType == telemetrytypes.FieldSelectorMatchTypeExact {
+			orClauses = append(orClauses, sb.Equal("path", keyName))
+		} else {
+			// Pattern matching for metadata API (defaults to LIKE behavior for other operators)
+			orClauses = append(orClauses, sb.ILike("path", fmt.Sprintf("%%%s%%", querybuilder.FormatValueForContains(keyName))))
+		}
+		limit += fieldKeySelector.Limit
+	}
+	sb.Where(sb.Or(orClauses...))
+	// Group by path to get unique paths with aggregated types
+	sb.GroupBy("path")
+
+	// Order by max last_seen to get most recent paths first
+	sb.OrderBy("last_seen DESC")
+	if limit == 0 {
+		limit = defaultPathLimit
+	}
+	sb.Limit(limit)
+
+	query, args := sb.BuildWithFlavor(sqlbuilder.ClickHouse)
+	return query, args, limit
+}
+
 func (t *telemetryMetaStore) getJSONPathIndexes(ctx context.Context, paths ...string) (map[string][]telemetrytypes.JSONDataTypeIndex, error) {
 	filteredPaths := []string{}
 	for _, path := range paths {

pkg/telemetrymetadata/body_json_metadata_test.go

@@ -7,9 +7,99 @@ import (
 	"github.com/SigNoz/signoz-otel-collector/constants"
 	"github.com/SigNoz/signoz/pkg/querybuilder"
 	"github.com/SigNoz/signoz/pkg/telemetrylogs"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/stretchr/testify/require"
 )
 
+func TestBuildGetBodyJSONPathsQuery(t *testing.T) {
+	testCases := []struct {
+		name              string
+		fieldKeySelectors []*telemetrytypes.FieldKeySelector
+		expectedSQL       string
+		expectedArgs      []any
+		expectedLimit     int
+	}{
+
+		{
+			name: "Single search text with EQUAL operator",
+			fieldKeySelectors: []*telemetrytypes.FieldKeySelector{
+				{
+					Name:              "user.name",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeExact,
+				},
+			},
+			expectedSQL:   "SELECT path, groupArray(DISTINCT type) AS types, max(last_seen) AS last_seen FROM signoz_metadata.distributed_field_keys WHERE (path = ?) GROUP BY path ORDER BY last_seen DESC LIMIT ?",
+			expectedArgs:  []any{"user.name", defaultPathLimit},
+			expectedLimit: defaultPathLimit,
+		},
+		{
+			name: "Single search text with LIKE operator",
+			fieldKeySelectors: []*telemetrytypes.FieldKeySelector{
+				{
+					Name:              "user",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeFuzzy,
+				},
+			},
+			expectedSQL:   "SELECT path, groupArray(DISTINCT type) AS types, max(last_seen) AS last_seen FROM signoz_metadata.distributed_field_keys WHERE (LOWER(path) LIKE LOWER(?)) GROUP BY path ORDER BY last_seen DESC LIMIT ?",
+			expectedArgs:  []any{"%user%", 100},
+			expectedLimit: 100,
+		},
+		{
+			name: "Multiple search texts with EQUAL operator",
+			fieldKeySelectors: []*telemetrytypes.FieldKeySelector{
+				{
+					Name:              "user.name",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeExact,
+				},
+				{
+					Name:              "user.age",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeExact,
+				},
+			},
+			expectedSQL:   "SELECT path, groupArray(DISTINCT type) AS types, max(last_seen) AS last_seen FROM signoz_metadata.distributed_field_keys WHERE (path = ? OR path = ?) GROUP BY path ORDER BY last_seen DESC LIMIT ?",
+			expectedArgs:  []any{"user.name", "user.age", defaultPathLimit},
+			expectedLimit: defaultPathLimit,
+		},
+		{
+			name: "Multiple search texts with LIKE operator",
+			fieldKeySelectors: []*telemetrytypes.FieldKeySelector{
+				{
+					Name:              "user",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeFuzzy,
+				},
+				{
+					Name:              "admin",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeFuzzy,
+				},
+			},
+			expectedSQL:   "SELECT path, groupArray(DISTINCT type) AS types, max(last_seen) AS last_seen FROM signoz_metadata.distributed_field_keys WHERE (LOWER(path) LIKE LOWER(?) OR LOWER(path) LIKE LOWER(?)) GROUP BY path ORDER BY last_seen DESC LIMIT ?",
+			expectedArgs:  []any{"%user%", "%admin%", defaultPathLimit},
+			expectedLimit: defaultPathLimit,
+		},
+		{
+			name: "Search with Contains operator (should default to LIKE)",
+			fieldKeySelectors: []*telemetrytypes.FieldKeySelector{
+				{
+					Name:              "test",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeFuzzy,
+				},
+			},
+			expectedSQL:   "SELECT path, groupArray(DISTINCT type) AS types, max(last_seen) AS last_seen FROM signoz_metadata.distributed_field_keys WHERE (LOWER(path) LIKE LOWER(?)) GROUP BY path ORDER BY last_seen DESC LIMIT ?",
+			expectedArgs:  []any{"%test%", defaultPathLimit},
+			expectedLimit: defaultPathLimit,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			query, args, limit := buildGetBodyJSONPathsQuery(tc.fieldKeySelectors)
+			require.Equal(t, tc.expectedSQL, query)
+			require.Equal(t, tc.expectedArgs, args)
+			require.Equal(t, tc.expectedLimit, limit)
+		})
+	}
+}
+
 func TestBuildListLogsJSONIndexesQuery(t *testing.T) {
 	testCases := []struct {
 		name         string

pkg/telemetrymetadata/metadata.go

@@ -368,20 +368,6 @@ func (t *telemetryMetaStore) logsTblStatementToFieldKeys(ctx context.Context) ([
 	return materialisedKeys, nil
 }
 
-// logKeysUnionArm declares one arm of the UNION ALL in getLogsKeys.
-// All per-table variance is captured here so the loop body can stay uniform.
-type logKeysUnionArm struct {
-	shouldQuery        bool
-	fieldContext       telemetrytypes.FieldContext
-	table              string
-	nameColumn         string                                    // column holding the field/key name (e.g., "name" or "field_name")
-	dataTypeColumn     string                                    // column used in WHERE/GROUP BY
-	dataTypeSelectExpr string                                    // expression used in SELECT (may wrap with lower())
-	addBaseFilters     func(sb *sqlbuilder.SelectBuilder)        // mandatory WHERE filters (e.g., signal, field_context)
-	encodeDataType     func(telemetrytypes.FieldDataType) string // how to render a FieldDataType in WHERE values
-	extraOrBranch      func(sb *sqlbuilder.SelectBuilder) string // optional extra OR branch (e.g., body parent-types)
-}
-
 // getLogsKeys returns the keys from the spans that match the field selection criteria.
 func (t *telemetryMetaStore) getLogsKeys(ctx context.Context, fieldKeySelectors []*telemetrytypes.FieldKeySelector) ([]*telemetrytypes.TelemetryFieldKey, bool, error) {
 	ctx = ctxtypes.NewContextWithCommentVals(ctx, map[string]string{
@@ -411,152 +397,90 @@ func (t *telemetryMetaStore) getLogsKeys(ctx context.Context, fieldKeySelectors
 	// tables to query based on field selectors
 	queryAttributeTable := false
 	queryResourceTable := false
-	queryBodyTable := false
 
 	for _, selector := range fieldKeySelectors {
 		if selector.FieldContext == telemetrytypes.FieldContextUnspecified {
-			// unspecified context, query all tables
+			// unspecified context, query both tables
 			queryAttributeTable = true
 			queryResourceTable = true
-			queryBodyTable = true
 			break
 		} else if selector.FieldContext == telemetrytypes.FieldContextAttribute {
 			queryAttributeTable = true
 		} else if selector.FieldContext == telemetrytypes.FieldContextResource {
 			queryResourceTable = true
-		} else if selector.FieldContext == telemetrytypes.FieldContextBody && querybuilder.BodyJSONQueryEnabled {
-			queryBodyTable = true
 		}
 	}
 
-	// body keys are gated behind the feature flag
-	queryBodyTable = queryBodyTable && querybuilder.BodyJSONQueryEnabled
-
-	// pre-compute parent array path names from body selectors for JSON plan building;
-	// these will be fetched as a separate UNION arm filtered to ArrayJSON/ArrayDynamic only
-	parentPaths := make(map[string]bool)
-	if queryBodyTable {
-		for _, sel := range fieldKeySelectors {
-			if sel.FieldContext != telemetrytypes.FieldContextBody &&
-				sel.FieldContext != telemetrytypes.FieldContextUnspecified {
-				continue
-			}
-			key := &telemetrytypes.TelemetryFieldKey{
-				Name:         sel.Name,
-				Signal:       telemetrytypes.SignalLogs,
-				FieldContext: telemetrytypes.FieldContextBody,
-			}
-			if !key.KeyNameContainsArray() {
-				continue
-			}
-			for _, parent := range key.ArrayParentPaths() {
-				parentPaths[parent] = true
-			}
-		}
+	tablesToQuery := []struct {
+		fieldContext telemetrytypes.FieldContext
+		shouldQuery  bool
+	}{
+		{telemetrytypes.FieldContextAttribute, queryAttributeTable},
+		{telemetrytypes.FieldContextResource, queryResourceTable},
 	}
 
-	// Each UNION arm differs only in: table, data-type column name and SELECT
-	// expression (lower-wrapped for historical mixed-case in attr/resource),
-	// base WHERE filters, the per-selector data-type encoding, and (for body)
-	// an extra OR branch that fetches parent array types for JSON plan building.
-	// All other logic is shared by the loop below.
-	tablesToQuery := []logKeysUnionArm{
-		{
-			shouldQuery:        queryAttributeTable,
-			fieldContext:       telemetrytypes.FieldContextAttribute,
-			table:              t.logsDBName + "." + t.logAttributeKeysTblName,
-			nameColumn:         "name",
-			dataTypeColumn:     "datatype",
-			dataTypeSelectExpr: "lower(datatype)",
-			addBaseFilters:     func(*sqlbuilder.SelectBuilder) {},
-			encodeDataType:     func(ft telemetrytypes.FieldDataType) string { return ft.TagDataType() },
-			extraOrBranch:      func(*sqlbuilder.SelectBuilder) string { return "" },
-		},
-		{
-			shouldQuery:        queryResourceTable,
-			fieldContext:       telemetrytypes.FieldContextResource,
-			table:              t.logsDBName + "." + t.logResourceKeysTblName,
-			nameColumn:         "name",
-			dataTypeColumn:     "datatype",
-			dataTypeSelectExpr: "lower(datatype)",
-			addBaseFilters:     func(*sqlbuilder.SelectBuilder) {},
-			encodeDataType:     func(ft telemetrytypes.FieldDataType) string { return ft.TagDataType() },
-			extraOrBranch:      func(*sqlbuilder.SelectBuilder) string { return "" },
-		},
-		{
-			shouldQuery:        queryBodyTable,
-			fieldContext:       telemetrytypes.FieldContextBody,
-			table:              fmt.Sprintf("%s.%s", DBName, FieldKeysTable),
-			nameColumn:         "field_name",
-			dataTypeColumn:     "field_data_type",
-			dataTypeSelectExpr: "field_data_type",
-			addBaseFilters: func(sb *sqlbuilder.SelectBuilder) {
-				sb.Where(sb.E("signal", telemetrytypes.SignalLogs.StringValue()))
-				sb.Where(sb.E("field_context", telemetrytypes.FieldContextBody.StringValue()))
-			},
-			encodeDataType: func(ft telemetrytypes.FieldDataType) string { return ft.StringValue() },
-			extraOrBranch: func(sb *sqlbuilder.SelectBuilder) string {
-				if len(parentPaths) == 0 {
-					return ""
-				}
-				names := make([]any, 0, len(parentPaths))
-				for n := range parentPaths {
-					names = append(names, n)
-				}
-				return sb.And(
-					sb.In("field_name", names...),
-					sb.In("field_data_type",
-						telemetrytypes.FieldDataTypeArrayDynamic.StringValue(),
-						telemetrytypes.FieldDataTypeArrayJSON.StringValue(),
-					),
-				)
-			},
-		},
-	}
-
-	for _, arm := range tablesToQuery {
-		if !arm.shouldQuery {
+	for _, table := range tablesToQuery {
+		if !table.shouldQuery {
 			continue
 		}
 
+		fieldContext := table.fieldContext
+
+		// table name based on field context
+		var tblName string
+		if fieldContext == telemetrytypes.FieldContextAttribute {
+			tblName = t.logsDBName + "." + t.logAttributeKeysTblName
+		} else {
+			tblName = t.logsDBName + "." + t.logResourceKeysTblName
+		}
+
 		sb := sqlbuilder.Select(
-			arm.nameColumn+" AS tag_key",
-			fmt.Sprintf("'%s' AS tag_type", arm.fieldContext.TagType()),
-			arm.dataTypeSelectExpr+" AS tag_data_type",
-			fmt.Sprintf("%d AS priority", getPriorityForContext(arm.fieldContext)),
-		).From(arm.table)
+			"name AS tag_key",
+			fmt.Sprintf("'%s' AS tag_type", fieldContext.TagType()),
+			"lower(datatype) AS tag_data_type", // in logs, we had some historical data with capital and small case
+			fmt.Sprintf(`%d AS priority`, getPriorityForContext(fieldContext)),
+		).From(tblName)
 
-		arm.addBaseFilters(sb)
+		var limit int
+		conds := []string{}
 
-		branches := []string{}
-		for _, sel := range fieldKeySelectors {
-			if sel.FieldContext != telemetrytypes.FieldContextUnspecified && sel.FieldContext != arm.fieldContext {
+		for _, fieldKeySelector := range fieldKeySelectors {
+			// Include this selector if:
+			// 1. It has unspecified context (matches all tables)
+			// 2. Its context matches the current table's context
+			if fieldKeySelector.FieldContext != telemetrytypes.FieldContextUnspecified &&
+				fieldKeySelector.FieldContext != fieldContext {
 				continue
 			}
-			parts := []string{}
-			if sel.SelectorMatchType == telemetrytypes.FieldSelectorMatchTypeExact {
-				parts = append(parts, sb.E(arm.nameColumn, sel.Name))
+
+			// key part of the selector
+			fieldKeyConds := []string{}
+			if fieldKeySelector.SelectorMatchType == telemetrytypes.FieldSelectorMatchTypeExact {
+				fieldKeyConds = append(fieldKeyConds, sb.E("name", fieldKeySelector.Name))
 			} else {
-				parts = append(parts, sb.ILike(arm.nameColumn, "%"+escapeForLike(sel.Name)+"%"))
+				fieldKeyConds = append(fieldKeyConds, sb.ILike("name", "%"+escapeForLike(fieldKeySelector.Name)+"%"))
 			}
-			if sel.FieldDataType != telemetrytypes.FieldDataTypeUnspecified {
-				parts = append(parts, sb.E(arm.dataTypeColumn, arm.encodeDataType(sel.FieldDataType)))
+
+			// now look at the field data type
+			if fieldKeySelector.FieldDataType != telemetrytypes.FieldDataTypeUnspecified {
+				fieldKeyConds = append(fieldKeyConds, sb.E("datatype", fieldKeySelector.FieldDataType.TagDataType()))
 			}
-			if len(parts) > 0 {
-				branches = append(branches, sb.And(parts...))
+
+			if len(fieldKeyConds) > 0 {
+				conds = append(conds, sb.And(fieldKeyConds...))
 			}
+			limit += fieldKeySelector.Limit
 		}
 
-		if extra := arm.extraOrBranch(sb); extra != "" {
-			branches = append(branches, extra)
+		if len(conds) > 0 {
+			sb.Where(sb.Or(conds...))
 		}
 
-		if len(branches) > 0 {
-			sb.Where(sb.Or(branches...))
+		sb.GroupBy("name", "datatype")
+		if limit == 0 {
+			limit = 1000
 		}
 
-		sb.GroupBy(arm.nameColumn, arm.dataTypeColumn)
-
 		query, args := sb.BuildWithFlavor(sqlbuilder.ClickHouse)
 		queries = append(queries, query)
 		allArgs = append(allArgs, args...)
@@ -593,7 +517,6 @@ func (t *telemetryMetaStore) getLogsKeys(ctx context.Context, fieldKeySelectors
 	defer rows.Close()
 
 	keys := []*telemetrytypes.TelemetryFieldKey{}
-	parentTypeCache := make(map[string][]telemetrytypes.FieldDataType)
 	rowCount := 0
 	searchTexts := []string{}
 
@@ -617,17 +540,6 @@ func (t *telemetryMetaStore) getLogsKeys(ctx context.Context, fieldKeySelectors
 		if err != nil {
 			return nil, false, errors.Wrap(err, errors.TypeInternal, errors.CodeInternal, ErrFailedToGetLogsKeys.Error())
 		}
-
-		// body keys with ArrayJSON/ArrayDynamic types are internal container types
-		// used only for JSON access plan building; route to parentTypeCache, not to results
-		switch fieldDataType {
-		case telemetrytypes.FieldDataTypeArrayJSON, telemetrytypes.FieldDataTypeArrayDynamic:
-			if fieldContext == telemetrytypes.FieldContextBody && parentPaths[name] {
-				parentTypeCache[name] = append(parentTypeCache[name], fieldDataType)
-				continue
-			}
-		}
-
 		key, ok := mapOfKeys[name+";"+fieldContext.StringValue()+";"+fieldDataType.StringValue()]
 
 		// if there is no materialised column, create a key with the field context and data type
@@ -681,11 +593,13 @@ func (t *telemetryMetaStore) getLogsKeys(ctx context.Context, fieldKeySelectors
 		}
 	}
 
-	// enrich body keys with promoted paths, indexes, and JSON access plans
 	if querybuilder.BodyJSONQueryEnabled {
-		if err := t.enrichJSONKeys(ctx, fieldKeySelectors, keys, parentTypeCache); err != nil {
-			return nil, false, err
+		bodyJSONPaths, finished, err := t.buildBodyJSONPaths(ctx, fieldKeySelectors) // LIKE for pattern matching
+		if err != nil {
+			t.logger.ErrorContext(ctx, "failed to extract body JSON paths", errors.Attr(err))
 		}
+		keys = append(keys, bodyJSONPaths...)
+		complete = complete && finished
 	}
 
 	if _, err := t.updateColumnEvolutionMetadataForKeys(ctx, keys); err != nil {

pkg/telemetrymetadata/tables.go

@@ -1,13 +1,13 @@
 package telemetrymetadata
 
-import otelconst "github.com/SigNoz/signoz-otel-collector/constants"
+import otelcollectorconst "github.com/SigNoz/signoz-otel-collector/constants"
 
 const (
 	DBName                           = "signoz_metadata"
 	AttributesMetadataTableName      = "distributed_attributes_metadata"
 	AttributesMetadataLocalTableName = "attributes_metadata"
 	ColumnEvolutionMetadataTableName = "distributed_column_evolution_metadata"
-	FieldKeysTable                   = otelconst.DistributedFieldKeysTable
+	PathTypesTableName               = otelcollectorconst.DistributedFieldKeysTable
 	// Column Evolution table stores promoted paths as (signal, column_name, field_context, field_name); see signoz-otel-collector metadata_migrations.
 	PromotedPathsTableName = "distributed_column_evolution_metadata"
 	SkipIndexTableName     = "system.data_skipping_indices"

pkg/types/telemetrytypes/field.go

@@ -37,6 +37,7 @@ type TelemetryFieldKey struct {
 	FieldContext  FieldContext  `json:"fieldContext,omitzero"`
 	FieldDataType FieldDataType `json:"fieldDataType,omitzero"`
 
+	JSONDataType *JSONDataType       `json:"-"`
 	JSONPlan     JSONAccessPlan      `json:"-"`
 	Indexes      []JSONDataTypeIndex `json:"-"`
 	Materialized bool                `json:"-"` // refers to promoted in case of body.... fields
@@ -79,11 +80,6 @@ func (f *TelemetryFieldKey) ArrayParentSelectors() []*FieldKeySelector {
 	return selectors
 }
 
-// GetJSONDataType derives the JSONDataType from FieldDataType.
-func (f *TelemetryFieldKey) GetJSONDataType() JSONDataType {
-	return MappingFieldDataTypeToJSONDataType[f.FieldDataType]
-}
-
 func (f TelemetryFieldKey) String() string {
 	var sb strings.Builder
 	fmt.Fprintf(&sb, "name=%s", f.Name)
@@ -96,6 +92,9 @@ func (f TelemetryFieldKey) String() string {
 	if f.Materialized {
 		sb.WriteString(",materialized=true")
 	}
+	if f.JSONDataType != nil {
+		fmt.Fprintf(&sb, ",jsondatatype=%s", f.JSONDataType.StringValue())
+	}
 	if len(f.Indexes) > 0 {
 		sb.WriteString(",indexes=[")
 		for i, index := range f.Indexes {
@@ -118,6 +117,7 @@ func (f TelemetryFieldKey) Text() string {
 func (f *TelemetryFieldKey) OverrideMetadataFrom(src *TelemetryFieldKey) {
 	f.FieldContext = src.FieldContext
 	f.FieldDataType = src.FieldDataType
+	f.JSONDataType = src.JSONDataType
 	f.Indexes = src.Indexes
 	f.Materialized = src.Materialized
 	f.JSONPlan = src.JSONPlan

pkg/types/telemetrytypes/field_datatype.go

@@ -31,7 +31,7 @@ var (
 	FieldDataTypeArrayInt64  = FieldDataType{valuer.NewString("[]int64")}
 	FieldDataTypeArrayNumber = FieldDataType{valuer.NewString("[]number")}
 
-	FieldDataTypeArrayJSON    = FieldDataType{valuer.NewString("[]json")}
+	FieldDataTypeArrayObject  = FieldDataType{valuer.NewString("[]object")}
 	FieldDataTypeArrayDynamic = FieldDataType{valuer.NewString("[]dynamic")}
 
 	// Map string representations to FieldDataType values
@@ -51,7 +51,7 @@ var (
 		"int8":   FieldDataTypeNumber,
 		"int16":  FieldDataTypeNumber,
 		"int32":  FieldDataTypeNumber,
-		"int64":  FieldDataTypeInt64,
+		"int64":  FieldDataTypeNumber,
 		"uint":   FieldDataTypeNumber,
 		"uint8":  FieldDataTypeNumber,
 		"uint16": FieldDataTypeNumber,
@@ -72,8 +72,6 @@ var (
 		"[]float64": FieldDataTypeArrayFloat64,
 		"[]number":  FieldDataTypeArrayNumber,
 		"[]bool":    FieldDataTypeArrayBool,
-		"[]json":    FieldDataTypeArrayJSON,
-		"[]dynamic": FieldDataTypeArrayDynamic,
 
 		// c-style array types
 		"string[]":  FieldDataTypeArrayString,
@@ -81,8 +79,6 @@ var (
 		"float64[]": FieldDataTypeArrayFloat64,
 		"number[]":  FieldDataTypeArrayNumber,
 		"bool[]":    FieldDataTypeArrayBool,
-		"json[]":    FieldDataTypeArrayJSON,
-		"dynamic[]": FieldDataTypeArrayDynamic,
 	}
 
 	fieldDataTypeToCHDataType = map[FieldDataType]string{

pkg/types/telemetrytypes/json_access_plan.go

@@ -19,8 +19,7 @@ var (
 	BranchJSON    = JSONAccessBranchType{valuer.NewString("json")}
 	BranchDynamic = JSONAccessBranchType{valuer.NewString("dynamic")}
 
-	CodePlanIndexOutOfBounds     = errors.MustNewCode("plan_index_out_of_bounds")
-	CodePlanFieldDataTypeMissing = errors.MustNewCode("field_data_type_missing")
+	CodePlanIndexOutOfBounds = errors.MustNewCode("plan_index_out_of_bounds")
 )
 
 type JSONColumnMetadata struct {
@@ -43,6 +42,9 @@ type JSONAccessNode struct {
 	IsTerminal bool
 	isRoot     bool // marked true for only body_v2 and body_promoted
 
+	// Precomputed type information (single source of truth)
+	AvailableTypes []JSONDataType
+
 	// Array type branches (Array(JSON) vs Array(Dynamic))
 	Branches map[JSONAccessBranchType]*JSONAccessNode
 
@@ -104,7 +106,7 @@ type planBuilder struct {
 	paths      []string // cumulative paths for type cache lookups
 	segments   []string // individual path segments for node names
 	isPromoted bool
-	typeCache  map[string][]FieldDataType
+	typeCache  map[string][]JSONDataType
 }
 
 // buildPlan recursively builds the path plan tree.
@@ -136,41 +138,34 @@ func (pb *planBuilder) buildPlan(index int, parent *JSONAccessNode, isDynArrChil
 		}
 	}
 
+	// Use cached types from the batched metadata query
+	types, ok := pb.typeCache[pathSoFar]
+	if !ok {
+		return nil, errors.NewInternalf(errors.CodeInvalidInput, "types missing for path %s", pathSoFar)
+	}
+
 	// Create node for this path segment
 	node := &JSONAccessNode{
 		Name:            segmentName,
 		IsTerminal:      isTerminal,
+		AvailableTypes:  types,
 		Branches:        make(map[JSONAccessBranchType]*JSONAccessNode),
 		Parent:          parent,
 		MaxDynamicTypes: maxTypes,
 		MaxDynamicPaths: maxPaths,
 	}
 
+	hasJSON := slices.Contains(node.AvailableTypes, ArrayJSON)
+	hasDynamic := slices.Contains(node.AvailableTypes, ArrayDynamic)
+
 	// Configure terminal if this is the last part
 	if isTerminal {
-		// fielddatatype must not be unspecified else expression can not be generated
-		if pb.key.FieldDataType == FieldDataTypeUnspecified {
-			return nil, errors.NewInternalf(CodePlanFieldDataTypeMissing, "field data type is missing for path %s", pathSoFar)
-		}
-
 		node.TerminalConfig = &TerminalConfig{
 			Key:      pb.key,
-			ElemType: pb.key.GetJSONDataType(),
+			ElemType: *pb.key.JSONDataType,
 		}
 	} else {
 		var err error
-		// Use cached types from the batched metadata query
-		types, ok := pb.typeCache[pathSoFar]
-		if !ok {
-			return nil, errors.NewInternalf(errors.CodeInvalidInput, "types missing for path %s", pathSoFar)
-		}
-
-		hasJSON := slices.Contains(types, FieldDataTypeArrayJSON)
-		hasDynamic := slices.Contains(types, FieldDataTypeArrayDynamic)
-		if !hasJSON && !hasDynamic {
-			return nil, errors.NewInternalf(CodePlanFieldDataTypeMissing, "array data type missing for path %s", pathSoFar)
-		}
-
 		if hasJSON {
 			node.Branches[BranchJSON], err = pb.buildPlan(index+1, node, false)
 			if err != nil {
@@ -190,7 +185,7 @@ func (pb *planBuilder) buildPlan(index int, parent *JSONAccessNode, isDynArrChil
 
 // buildJSONAccessPlan builds a tree structure representing the complete JSON path traversal
 // that precomputes all possible branches and their types.
-func (key *TelemetryFieldKey) SetJSONAccessPlan(columnInfo JSONColumnMetadata, typeCache map[string][]FieldDataType,
+func (key *TelemetryFieldKey) SetJSONAccessPlan(columnInfo JSONColumnMetadata, typeCache map[string][]JSONDataType,
 ) error {
 	// if path is empty, return nil
 	if key.Name == "" {

pkg/types/telemetrytypes/json_access_plan_test.go

@@ -19,11 +19,11 @@ const (
 // ============================================================================
 
 // makeKey creates a TelemetryFieldKey for testing.
-func makeKey(name string, dataType FieldDataType, materialized bool) *TelemetryFieldKey {
+func makeKey(name string, dataType JSONDataType, materialized bool) *TelemetryFieldKey {
 	return &TelemetryFieldKey{
-		Name:          name,
-		FieldDataType: dataType,
-		Materialized:  materialized,
+		Name:         name,
+		JSONDataType: &dataType,
+		Materialized: materialized,
 	}
 }
 
@@ -65,6 +65,14 @@ func toTestNode(n *JSONAccessNode) *jsonAccessTestNode {
 		out.Column = n.Parent.Name
 	}
 
+	// AvailableTypes as strings (using StringValue for stable representation)
+	if len(n.AvailableTypes) > 0 {
+		out.AvailableTypes = make([]string, 0, len(n.AvailableTypes))
+		for _, t := range n.AvailableTypes {
+			out.AvailableTypes = append(out.AvailableTypes, t.StringValue())
+		}
+	}
+
 	// Terminal config
 	if n.TerminalConfig != nil {
 		out.ElemType = n.TerminalConfig.ElemType.StringValue()
@@ -234,10 +242,12 @@ func TestPlanJSON_BasicStructure(t *testing.T) {
 	}{
 		{
 			name: "Simple path not promoted",
-			key:  makeKey("user.name", FieldDataTypeString, false),
+			key:  makeKey("user.name", String, false),
 			expectedYAML: fmt.Sprintf(`
 - name: user.name
   column: %s
+  availableTypes:
+    - String
   maxDynamicTypes: 16
   isTerminal: true
   elemType: String
@@ -245,15 +255,19 @@ func TestPlanJSON_BasicStructure(t *testing.T) {
 		},
 		{
 			name: "Simple path promoted",
-			key:  makeKey("user.name", FieldDataTypeString, true),
+			key:  makeKey("user.name", String, true),
 			expectedYAML: fmt.Sprintf(`
 - name: user.name
   column: %s
+  availableTypes:
+    - String
   maxDynamicTypes: 16
   isTerminal: true
   elemType: String
 - name: user.name
   column: %s
+  availableTypes:
+    - String
   maxDynamicTypes: 16
   maxDynamicPaths: 256
   isTerminal: true
@@ -262,7 +276,7 @@ func TestPlanJSON_BasicStructure(t *testing.T) {
 		},
 		{
 			name:         "Empty path returns error",
-			key:          makeKey("", FieldDataTypeString, false),
+			key:          makeKey("", String, false),
 			expectErr:    true,
 			expectedYAML: "",
 		},
@@ -300,10 +314,14 @@ func TestPlanJSON_ArrayPaths(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: name
+      availableTypes:
+        - String
       maxDynamicTypes: 8
       isTerminal: true
       elemType: String
@@ -315,19 +333,28 @@ func TestPlanJSON_ArrayPaths(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: awards
+      availableTypes:
+        - Array(Dynamic)
+        - Array(JSON)
       maxDynamicTypes: 8
       branches:
         json:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 4
           isTerminal: true
           elemType: String
         dynamic:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 16
           maxDynamicPaths: 256
           isTerminal: true
@@ -340,29 +367,43 @@ func TestPlanJSON_ArrayPaths(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: interests
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: entities
+      availableTypes:
+        - Array(JSON)
       maxDynamicTypes: 8
       branches:
         json:
           name: reviews
+          availableTypes:
+            - Array(JSON)
           maxDynamicTypes: 4
           branches:
             json:
               name: entries
+              availableTypes:
+                - Array(JSON)
               maxDynamicTypes: 2
               branches:
                 json:
                   name: metadata
+                  availableTypes:
+                    - Array(JSON)
                   maxDynamicTypes: 1
                   branches:
                     json:
                       name: positions
+                      availableTypes:
+                        - Array(JSON)
                       branches:
                         json:
                           name: name
+                          availableTypes:
+                            - String
                           isTerminal: true
                           elemType: String
 `, bodyV2Column),
@@ -373,10 +414,14 @@ func TestPlanJSON_ArrayPaths(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: name
+      availableTypes:
+        - String
       maxDynamicTypes: 8
       isTerminal: true
       elemType: String
@@ -386,7 +431,7 @@ func TestPlanJSON_ArrayPaths(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			key := makeKey(tt.path, FieldDataTypeString, false)
+			key := makeKey(tt.path, String, false)
 			err := key.SetJSONAccessPlan(JSONColumnMetadata{
 				BaseColumn:     bodyV2Column,
 				PromotedColumn: bodyPromotedColumn,
@@ -405,7 +450,7 @@ func TestPlanJSON_PromotedVsNonPromoted(t *testing.T) {
 	path := "education[].awards[].type"
 
 	t.Run("Non-promoted plan", func(t *testing.T) {
-		key := makeKey(path, FieldDataTypeString, false)
+		key := makeKey(path, String, false)
 		err := key.SetJSONAccessPlan(JSONColumnMetadata{
 			BaseColumn:     bodyV2Column,
 			PromotedColumn: bodyPromotedColumn,
@@ -416,19 +461,28 @@ func TestPlanJSON_PromotedVsNonPromoted(t *testing.T) {
 		expectedYAML := fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: awards
+      availableTypes:
+        - Array(Dynamic)
+        - Array(JSON)
       maxDynamicTypes: 8
       branches:
         json:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 4
           isTerminal: true
           elemType: String
         dynamic:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 16
           maxDynamicPaths: 256
           isTerminal: true
@@ -439,7 +493,7 @@ func TestPlanJSON_PromotedVsNonPromoted(t *testing.T) {
 	})
 
 	t.Run("Promoted plan", func(t *testing.T) {
-		key := makeKey(path, FieldDataTypeString, true)
+		key := makeKey(path, String, true)
 		err := key.SetJSONAccessPlan(JSONColumnMetadata{
 			BaseColumn:     bodyV2Column,
 			PromotedColumn: bodyPromotedColumn,
@@ -450,41 +504,59 @@ func TestPlanJSON_PromotedVsNonPromoted(t *testing.T) {
 		expectedYAML := fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: awards
+      availableTypes:
+        - Array(Dynamic)
+        - Array(JSON)
       maxDynamicTypes: 8
       branches:
         json:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 4
           isTerminal: true
           elemType: String
         dynamic:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 16
           maxDynamicPaths: 256
           isTerminal: true
           elemType: String
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   maxDynamicPaths: 256
   branches:
     json:
       name: awards
+      availableTypes:
+        - Array(Dynamic)
+        - Array(JSON)
       maxDynamicTypes: 8
       maxDynamicPaths: 64
       branches:
         json:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 4
           maxDynamicPaths: 16
           isTerminal: true
           elemType: String
         dynamic:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 16
           maxDynamicPaths: 256
           isTerminal: true
@@ -506,7 +578,7 @@ func TestPlanJSON_EdgeCases(t *testing.T) {
 	}{
 		{
 			name:      "Path with no available types",
-			path:      "unknown[].path",
+			path:      "unknown.path",
 			expectErr: true,
 		},
 		{
@@ -515,29 +587,43 @@ func TestPlanJSON_EdgeCases(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: interests
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: entities
+      availableTypes:
+        - Array(JSON)
       maxDynamicTypes: 8
       branches:
         json:
           name: reviews
+          availableTypes:
+            - Array(JSON)
           maxDynamicTypes: 4
           branches:
             json:
               name: entries
+              availableTypes:
+                - Array(JSON)
               maxDynamicTypes: 2
               branches:
                 json:
                   name: metadata
+                  availableTypes:
+                    - Array(JSON)
                   maxDynamicTypes: 1
                   branches:
                     json:
                       name: positions
+                      availableTypes:
+                        - Array(JSON)
                       branches:
                         json:
                           name: name
+                          availableTypes:
+                            - String
                           isTerminal: true
                           elemType: String
 `, bodyV2Column),
@@ -548,10 +634,15 @@ func TestPlanJSON_EdgeCases(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: type
+      availableTypes:
+        - String
+        - Int64
       maxDynamicTypes: 8
       isTerminal: true
       elemType: String
@@ -563,6 +654,8 @@ func TestPlanJSON_EdgeCases(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   isTerminal: true
   elemType: Array(JSON)
@@ -573,12 +666,12 @@ func TestPlanJSON_EdgeCases(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			// Choose key type based on path; operator does not affect the tree shape asserted here.
-			keyType := FieldDataTypeString
+			keyType := String
 			switch tt.path {
 			case "education":
-				keyType = FieldDataTypeArrayJSON
+				keyType = ArrayJSON
 			case "education[].type":
-				keyType = FieldDataTypeString
+				keyType = String
 			}
 			key := makeKey(tt.path, keyType, false)
 			err := key.SetJSONAccessPlan(JSONColumnMetadata{
@@ -599,7 +692,7 @@ func TestPlanJSON_EdgeCases(t *testing.T) {
 func TestPlanJSON_TreeStructure(t *testing.T) {
 	types, _ := TestJSONTypeSet()
 	path := "education[].awards[].participated[].team[].branch"
-	key := makeKey(path, FieldDataTypeString, false)
+	key := makeKey(path, String, false)
 	err := key.SetJSONAccessPlan(JSONColumnMetadata{
 		BaseColumn:     bodyV2Column,
 		PromotedColumn: bodyPromotedColumn,
@@ -610,59 +703,86 @@ func TestPlanJSON_TreeStructure(t *testing.T) {
 	expectedYAML := fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: awards
+      availableTypes:
+        - Array(Dynamic)
+        - Array(JSON)
       maxDynamicTypes: 8
       branches:
         json:
           name: participated
+          availableTypes:
+            - Array(Dynamic)
+            - Array(JSON)
           maxDynamicTypes: 4
           branches:
             json:
               name: team
+              availableTypes:
+                - Array(JSON)
               maxDynamicTypes: 2
               branches:
                 json:
                   name: branch
+                  availableTypes:
+                    - String
                   maxDynamicTypes: 1
                   isTerminal: true
                   elemType: String
             dynamic:
               name: team
+              availableTypes:
+                - Array(JSON)
               maxDynamicTypes: 16
               maxDynamicPaths: 256
               branches:
                 json:
                   name: branch
+                  availableTypes:
+                    - String
                   maxDynamicTypes: 8
                   maxDynamicPaths: 64
                   isTerminal: true
                   elemType: String
         dynamic:
           name: participated
+          availableTypes:
+            - Array(Dynamic)
+            - Array(JSON)
           maxDynamicTypes: 16
           maxDynamicPaths: 256
           branches:
             json:
               name: team
+              availableTypes:
+                - Array(JSON)
               maxDynamicTypes: 8
               maxDynamicPaths: 64
               branches:
                 json:
                   name: branch
+                  availableTypes:
+                    - String
                   maxDynamicTypes: 4
                   maxDynamicPaths: 16
                   isTerminal: true
                   elemType: String
             dynamic:
               name: team
+              availableTypes:
+                - Array(JSON)
               maxDynamicTypes: 16
               maxDynamicPaths: 256
               branches:
                 json:
                   name: branch
+                  availableTypes:
+                    - String
                   maxDynamicTypes: 8
                   maxDynamicPaths: 64
                   isTerminal: true

pkg/types/telemetrytypes/json_datatype.go

@@ -46,6 +46,14 @@ var MappingStringToJSONDataType = map[string]JSONDataType{
 	"Array(JSON)":              ArrayJSON,
 }
 
+var ScalerTypeToArrayType = map[JSONDataType]JSONDataType{
+	String:  ArrayString,
+	Int64:   ArrayInt64,
+	Float64: ArrayFloat64,
+	Bool:    ArrayBool,
+	Dynamic: ArrayDynamic,
+}
+
 var MappingFieldDataTypeToJSONDataType = map[FieldDataType]JSONDataType{
 	FieldDataTypeString:       String,
 	FieldDataTypeInt64:        Int64,
@@ -55,8 +63,18 @@ var MappingFieldDataTypeToJSONDataType = map[FieldDataType]JSONDataType{
 	FieldDataTypeArrayString:  ArrayString,
 	FieldDataTypeArrayInt64:   ArrayInt64,
 	FieldDataTypeArrayFloat64: ArrayFloat64,
-	FieldDataTypeArrayNumber:  ArrayFloat64,
 	FieldDataTypeArrayBool:    ArrayBool,
-	FieldDataTypeArrayDynamic: ArrayDynamic,
-	FieldDataTypeArrayJSON:    ArrayJSON,
+}
+
+var MappingJSONDataTypeToFieldDataType = map[JSONDataType]FieldDataType{
+	String:       FieldDataTypeString,
+	Int64:        FieldDataTypeInt64,
+	Float64:      FieldDataTypeFloat64,
+	Bool:         FieldDataTypeBool,
+	ArrayString:  FieldDataTypeArrayString,
+	ArrayInt64:   FieldDataTypeArrayInt64,
+	ArrayFloat64: FieldDataTypeArrayFloat64,
+	ArrayBool:    FieldDataTypeArrayBool,
+	ArrayDynamic: FieldDataTypeArrayDynamic,
+	ArrayJSON:    FieldDataTypeArrayObject,
 }

pkg/types/telemetrytypes/test_data.go

@@ -4,69 +4,69 @@ package telemetrytypes
 // Test JSON Type Set Data Setup
 // ============================================================================
 
-// TestJSONTypeSet returns a map of path->field data types for testing.
+// TestJSONTypeSet returns a map of path->types for testing.
 // This represents the type information available in the test JSON structure.
-func TestJSONTypeSet() (map[string][]FieldDataType, MetadataStore) {
-	types := map[string][]FieldDataType{
+func TestJSONTypeSet() (map[string][]JSONDataType, MetadataStore) {
+	types := map[string][]JSONDataType{
 
 		// ── user (primitives) ─────────────────────────────────────────────
-		"user.name":        {FieldDataTypeString},
-		"user.permissions": {FieldDataTypeArrayString},
-		"user.age":         {FieldDataTypeInt64, FieldDataTypeString}, // Int64/String ambiguity
-		"user.height":      {FieldDataTypeFloat64},
-		"user.active":      {FieldDataTypeBool}, // Bool — not IndexSupported
+		"user.name":        {String},
+		"user.permissions": {ArrayString},
+		"user.age":         {Int64, String}, // Int64/String ambiguity
+		"user.height":      {Float64},
+		"user.active":      {Bool}, // Bool — not IndexSupported
 
 		// Deeper non-array nesting (a.b.c — no array hops)
-		"user.address.zip": {FieldDataTypeInt64},
+		"user.address.zip": {Int64},
 
 		// ── education[] ───────────────────────────────────────────────────
 		// Pattern: x[].y
-		"education":              {FieldDataTypeArrayJSON},
-		"education[].name":       {FieldDataTypeString},
-		"education[].type":       {FieldDataTypeString, FieldDataTypeInt64},
-		"education[].year":       {FieldDataTypeInt64},
-		"education[].scores":     {FieldDataTypeArrayInt64},
-		"education[].parameters": {FieldDataTypeArrayFloat64, FieldDataTypeArrayDynamic},
+		"education":              {ArrayJSON},
+		"education[].name":       {String},
+		"education[].type":       {String, Int64},
+		"education[].year":       {Int64},
+		"education[].scores":     {ArrayInt64},
+		"education[].parameters": {ArrayFloat64, ArrayDynamic},
 
 		// Pattern: x[].y[]
-		"education[].awards": {FieldDataTypeArrayDynamic, FieldDataTypeArrayJSON},
+		"education[].awards": {ArrayDynamic, ArrayJSON},
 
 		// Pattern: x[].y[].z
-		"education[].awards[].name":     {FieldDataTypeString},
-		"education[].awards[].type":     {FieldDataTypeString},
-		"education[].awards[].semester": {FieldDataTypeInt64},
+		"education[].awards[].name":     {String},
+		"education[].awards[].type":     {String},
+		"education[].awards[].semester": {Int64},
 
 		// Pattern: x[].y[].z[]
-		"education[].awards[].participated": {FieldDataTypeArrayDynamic, FieldDataTypeArrayJSON},
+		"education[].awards[].participated": {ArrayDynamic, ArrayJSON},
 
 		// Pattern: x[].y[].z[].w
-		"education[].awards[].participated[].members": {FieldDataTypeArrayString},
+		"education[].awards[].participated[].members": {ArrayString},
 
 		// Pattern: x[].y[].z[].w[]
-		"education[].awards[].participated[].team": {FieldDataTypeArrayJSON},
+		"education[].awards[].participated[].team": {ArrayJSON},
 
 		// Pattern: x[].y[].z[].w[].v
-		"education[].awards[].participated[].team[].branch": {FieldDataTypeString},
+		"education[].awards[].participated[].team[].branch": {String},
 
 		// ── interests[] ───────────────────────────────────────────────────
-		"interests":                                                                 {FieldDataTypeArrayJSON},
-		"interests[].entities":                                                      {FieldDataTypeArrayJSON},
-		"interests[].entities[].reviews":                                            {FieldDataTypeArrayJSON},
-		"interests[].entities[].reviews[].entries":                                  {FieldDataTypeArrayJSON},
-		"interests[].entities[].reviews[].entries[].metadata":                       {FieldDataTypeArrayJSON},
-		"interests[].entities[].reviews[].entries[].metadata[].positions":           {FieldDataTypeArrayJSON},
-		"interests[].entities[].reviews[].entries[].metadata[].positions[].name":    {FieldDataTypeString},
-		"interests[].entities[].reviews[].entries[].metadata[].positions[].ratings": {FieldDataTypeArrayInt64, FieldDataTypeArrayString},
-		"http-events":                     {FieldDataTypeArrayJSON},
-		"http-events[].request-info.host": {FieldDataTypeString},
-		"ids":                             {FieldDataTypeArrayDynamic},
+		"interests":                                                                 {ArrayJSON},
+		"interests[].entities":                                                      {ArrayJSON},
+		"interests[].entities[].reviews":                                            {ArrayJSON},
+		"interests[].entities[].reviews[].entries":                                  {ArrayJSON},
+		"interests[].entities[].reviews[].entries[].metadata":                       {ArrayJSON},
+		"interests[].entities[].reviews[].entries[].metadata[].positions":           {ArrayJSON},
+		"interests[].entities[].reviews[].entries[].metadata[].positions[].name":    {String},
+		"interests[].entities[].reviews[].entries[].metadata[].positions[].ratings": {ArrayInt64, ArrayString},
+		"http-events":                     {ArrayJSON},
+		"http-events[].request-info.host": {String},
+		"ids":                             {ArrayDynamic},
 
 		// ── top-level primitives ──────────────────────────────────────────
-		"message":     {FieldDataTypeString},
-		"http-status": {FieldDataTypeInt64, FieldDataTypeString}, // hyphen in root key, ambiguous
+		"message":     {String},
+		"http-status": {Int64, String}, // hyphen in root key, ambiguous
 
 		// ── top-level nested objects (no array hops) ───────────────────────
-		"response.time-taken": {FieldDataTypeFloat64}, // hyphen inside nested key
+		"response.time-taken": {Float64}, // hyphen inside nested key
 	}
 
 	return types, nil

pkg/types/user.go

@@ -284,6 +284,7 @@ type UserStore interface {
 	GetPasswordByUserID(ctx context.Context, userID valuer.UUID) (*FactorPassword, error)
 	GetResetPasswordToken(ctx context.Context, token string) (*ResetPasswordToken, error)
 	GetResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) (*ResetPasswordToken, error)
+	GetResetPasswordTokenByOrgIDAndUserID(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) (*ResetPasswordToken, error)
 	DeleteResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) error
 	UpdatePassword(ctx context.Context, password *FactorPassword) error
 

tests/integration/src/passwordauthn/03_password.py

@@ -91,17 +91,42 @@ def test_reset_password(
     # Get the user id via v2
     found_user = find_user_by_email(signoz, admin_token, PASSWORD_USER_EMAIL)
 
-    response = requests.get(
+    # Create a reset password token via v2 POST
+    response = requests.post(
         signoz.self.host_configs["8080"].get(
-            f"/api/v1/getResetPasswordToken/{found_user['id']}"
+            f"/api/v2/users/{found_user['id']}/reset_password_tokens"
         ),
         headers={"Authorization": f"Bearer {admin_token}"},
         timeout=2,
     )
 
-    assert response.status_code == HTTPStatus.OK
+    assert response.status_code == HTTPStatus.CREATED, response.text
+    token_data = response.json()["data"]
+    assert "token" in token_data
+    assert "expiresAt" in token_data
+    token = token_data["token"]
 
-    token = response.json()["data"]["token"]
+    # Calling POST again should return the same token (still valid)
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v2/users/{found_user['id']}/reset_password_tokens"
+        ),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.CREATED, response.text
+    assert response.json()["data"]["token"] == token
+
+    # GET should also return the same token
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v2/users/{found_user['id']}/reset_password_tokens"
+        ),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.OK, response.text
+    assert response.json()["data"]["token"] == token
 
     # Reset the password with a bad password which should fail
     response = requests.post(
@@ -140,18 +165,29 @@ def test_reset_password_with_no_password(
         )
         assert result.rowcount == 1
 
-    # Generate a new reset password token
+    # GET should return 404 since there's no password (and thus no token)
     response = requests.get(
         signoz.self.host_configs["8080"].get(
-            f"/api/v1/getResetPasswordToken/{found_user['id']}"
+            f"/api/v2/users/{found_user['id']}/reset_password_tokens"
+        ),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.NOT_FOUND, response.text
+
+    # Generate a new reset password token via v2 POST
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v2/users/{found_user['id']}/reset_password_tokens"
         ),
         headers={"Authorization": f"Bearer {admin_token}"},
         timeout=2,
     )
 
-    assert response.status_code == HTTPStatus.OK
-
-    token = response.json()["data"]["token"]
+    assert response.status_code == HTTPStatus.CREATED, response.text
+    token_data = response.json()["data"]
+    assert "expiresAt" in token_data
+    token = token_data["token"]
 
     # Reset the password with a good password
     response = requests.post(
@@ -262,32 +298,22 @@ def test_forgot_password_creates_reset_token(
     )
     assert response.status_code == HTTPStatus.NO_CONTENT
 
-    # Verify reset password token was created by querying the database
+    # Verify reset password token was created via the v2 GET endpoint
     found_user = find_user_by_email(signoz, admin_token, forgot_email)
 
-    reset_token = None
-    # Query the database directly to get the reset password token
-    # First get the password_id from factor_password, then get the token
-    with signoz.sqlstore.conn.connect() as conn:
-        result = conn.execute(
-            sql.text(
-                """
-                SELECT rpt.token
-                FROM reset_password_token rpt
-                JOIN factor_password fp ON rpt.password_id = fp.id
-                WHERE fp.user_id = :user_id
-            """
-            ),
-            {"user_id": found_user["id"]},
-        )
-        row = result.fetchone()
-        assert (
-            row is not None
-        ), "Reset password token should exist after calling forgotPassword"
-        reset_token = row[0]
-
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v2/users/{found_user['id']}/reset_password_tokens"
+        ),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.OK, response.text
+    token_data = response.json()["data"]
+    reset_token = token_data["token"]
     assert reset_token is not None
     assert reset_token != ""
+    assert "expiresAt" in token_data
 
     # Reset password with a valid strong password
     response = requests.post(