Skip to main content
Rinne provides a comprehensive user management system with role-based access control (RBAC). Organizations and merchants can create users with specific permissions.

User basics

Users are individuals who can access the Rinne platform through your organization or merchant account. Each user:
  • Has one or more identifiers (email, phone)
  • Can belong to multiple companies
  • Has roles that define their permissions
  • Can authenticate using password or OAuth

Creating users

For your organization

curl -X POST https://api-sandbox.rinne.com.br/core/v1/users \
  -H "Authorization: Bearer JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "identifiers": [
      {
        "type": "EMAIL",
        "value": "user@company.com"
      }
    ],
    "first_name": "John",
    "last_name": "Doe",
    "auth_methods": ["PASSWORD"],
    "roles": ["admin"]
  }'

For a specific merchant

curl -X POST https://api-sandbox.rinne.com.br/core/v1/merchants/MERCHANT_ID/users \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "identifiers": [
      {
        "type": "EMAIL",
        "value": "merchant.user@store.com"
      }
    ],
    "first_name": "Jane",
    "last_name": "Smith",
    "auth_methods": ["PASSWORD"],
    "roles": ["merchant-admin"]
  }'

User identifiers

Users can have multiple identifiers for authentication:

Email identifier

{
  "type": "EMAIL",
  "value": "user@company.com"
}

Phone identifier

{
  "type": "PHONE",
  "value": "+5511999999999"
}
Users must verify their identifiers before they can log in.

Authentication methods

Users can authenticate using:
  • PASSWORD: Email/phone and password
  • GOOGLE: Google OAuth
  • CLIENT_PLATFORM: Platform-specific authentication

Roles and permissions

Built-in roles

Rinne provides default roles:
  • admin: Full access to all resources
  • user: Basic access to view resources
  • merchant-admin: Full access to merchant resources

Custom roles

Create custom roles with specific permissions: 
curl -X POST https://api-sandbox.rinne.com.br/core/v1/roles \
  -H "Authorization: Bearer JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "finance-manager",
    "description": "Can manage transactions and banking",
    "permissions": [
      "transaction.list",
      "transaction.read",
      "banking.balance.read",
      "banking.statement.read"
    ]
  }'

Permission format

Permissions follow the format: resource.action Examples:
  • transaction.list: List transactions
  • transaction.create: Create transactions
  • user.edit: Edit users
  • role.delete: Delete roles

Listing available permissions

curl https://api-sandbox.rinne.com.br/core/v1/permissions \
  -H "Authorization: Bearer JWT_TOKEN"
Filter by resource: 
curl "https://api-sandbox.rinne.com.br/core/v1/permissions?resource=transaction" \
  -H "Authorization: Bearer JWT_TOKEN"

User lifecycle

1. User creation

Admin creates user with email/phone identifier. User receives verification code.

2. Verification

User verifies their identifier and sets password: 
curl -X POST https://api-sandbox.rinne.com.br/core/v1/auth/verify \
  -H "Content-Type: application/json" \
  -d '{
    "identifier": "user@company.com",
    "code": "123456",
    "password": "SecurePassword123"
  }'

3. Active user

User can now log in and access resources based on their roles.

4. Suspension

Admins can suspend users temporarily: 
curl -X POST https://api-sandbox.rinne.com.br/core/v1/users/USER_ID/suspend \
  -H "Authorization: Bearer JWT_TOKEN"

5. Reactivation

Suspended users can be reactivated: 
curl -X POST https://api-sandbox.rinne.com.br/core/v1/users/USER_ID/activate \
  -H "Authorization: Bearer JWT_TOKEN"

Updating users

Update user information and roles: 
curl -X PATCH https://api-sandbox.rinne.com.br/core/v1/users/USER_ID \
  -H "Authorization: Bearer JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "first_name": "John",
    "last_name": "Updated",
    "roles": ["admin", "finance-manager"]
  }'
Providing the roles array replaces all existing roles. Pass an empty array [] to remove all roles.

Multi-company access

Users can belong to multiple companies. When logging in, they select which company context to use: 
# Login returns available companies
POST /v1/auth/login
{
  "requires_company_selection": true,
  "available_companies": [
    { "id": "company-1", "name": "Company A" },
    { "id": "company-2", "name": "Company B" }
  ]
}

# Select company
POST /v1/auth/select-company
{
  "company_id": "company-1"
}

Listing users

Organization users

curl "https://api-sandbox.rinne.com.br/core/v1/users?page=1&limit=20" \
  -H "Authorization: Bearer JWT_TOKEN"

Merchant users

curl "https://api-sandbox.rinne.com.br/core/v1/merchants/MERCHANT_ID/users" \
  -H "x-api-key: YOUR_API_KEY"

Next steps

Authentication

Learn about authentication methods

API Reference

Explore user management endpoints