diff --git a/core/server/web/api/canary/admin/routes.js b/core/server/web/api/canary/admin/routes.js
index 4986a0deb5..efb3510321 100644
--- a/core/server/web/api/canary/admin/routes.js
+++ b/core/server/web/api/canary/admin/routes.js
@@ -218,12 +218,12 @@ module.exports = function apiRoutes() {
     router.get('/identities', mw.authAdminApi, http(api.identities.read));
 
     // ## Authentication
-    router.post('/authentication/passwordreset',
+    router.post('/authentication/password_reset',
         shared.middleware.brute.globalReset,
         shared.middleware.brute.userReset,
         http(api.authentication.generateResetToken)
     );
-    router.put('/authentication/passwordreset', shared.middleware.brute.globalBlock, http(api.authentication.resetPassword));
+    router.put('/authentication/password_reset', shared.middleware.brute.globalBlock, http(api.authentication.resetPassword));
     router.post('/authentication/invitation', http(api.authentication.acceptInvitation));
     router.get('/authentication/invitation', http(api.authentication.isInvitation));
     router.post('/authentication/setup', http(api.authentication.setup));
diff --git a/test/regression/api/admin/authentication.test.js b/test/regression/api/admin/authentication.test.js
index ddddad3171..2507efdbd5 100644
--- a/test/regression/api/admin/authentication.test.js
+++ b/test/regression/api/admin/authentication.test.js
@@ -347,7 +347,7 @@ describe('Authentication API', function () {
                 password: ownerUser.get('password')
             });
 
-            await agent.put('authentication/passwordreset')
+            await agent.put('authentication/password_reset')
                 .header('Accept', 'application/json')
                 .body({
                     passwordreset: [{
@@ -365,7 +365,7 @@ describe('Authentication API', function () {
 
         it('reset password: invalid token', async function () {
             await agent
-                .put('authentication/passwordreset')
+                .put('authentication/password_reset')
                 .header('Accept', 'application/json')
                 .body({
                     passwordreset: [{
@@ -397,7 +397,7 @@ describe('Authentication API', function () {
             });
 
             await agent
-                .put('authentication/passwordreset')
+                .put('authentication/password_reset')
                 .header('Accept', 'application/json')
                 .body({
                     passwordreset: [{
@@ -426,7 +426,7 @@ describe('Authentication API', function () {
             });
 
             await agent
-                .put('authentication/passwordreset')
+                .put('authentication/password_reset')
                 .header('Accept', 'application/json')
                 .body({
                     passwordreset: [{
@@ -448,7 +448,7 @@ describe('Authentication API', function () {
 
         it('reset password: generate reset token', async function () {
             await agent
-                .post('authentication/passwordreset')
+                .post('authentication/password_reset')
                 .header('Accept', 'application/json')
                 .body({
                     passwordreset: [{