Obviously, I’m going to say that using the Neon password reset is going to be the most reliable and secure way to handle it. The password reset mechanism used by NeonCRM is not exposed through the API; you cannot trigger those emails without using the Neon password reset forms.
If you’re interested in rolling your own password reset system, it’s theoretically possible to do so using the existing API methods. The Update Individual Account or Update Organization Account methods do allow you to overwrite a user’s password using the login.password parameter. If you go this route, be sure to heed the warnings associated with using those API methods.
I’m hesitant to recommend this approach, though, because you’re going to need to create your own emails and figure out how to set up single-use tokens to make the whole thing secure.