For user management you need [SCIM](https://tools.ietf.org/html/rfc7644#section-3.2)
You can see the scim endpoints on the config url:
There is a [node client](https://github.com/GluuFederation/SCIM-Node)
Also, please read the docs:
2. My recommendation is not to use the built-in password reset. The risk of priviledge escalation is too high. For example, if there is an attack against `/identity` and the hacker can escalate privledge, then the hack could configure the OpenID or SAML components. First, you could build your own reset mechanism and use SCIM to set the data. Second, there is a [registration](https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/registration) and [forgot password](https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/forgot_password) custom authn script you can look at. For example, when you send an [OpenID Authn Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) use the `acr_values` param, which corresponds to the name of the script.
3. I think oxAuth has an SMTP server also. It might not have an API for config in oxTrust, in which case you could also write the config using LDIF and an ldapmodify command.