Skip to main content
PATCH
/
auth
/
role
Update User Role
curl --request PATCH \
  --url https://api.royalti.io/auth/role \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "user_id": "4e42729e-f14d-48e7-b4cb-c189b6d158e6",
  "role": "admin",
  "isActive": true,
  "reason": "Promoted to admin for project management"
}
'
import requests

url = "https://api.royalti.io/auth/role"

payload = {
"user_id": "4e42729e-f14d-48e7-b4cb-c189b6d158e6",
"role": "admin",
"isActive": True,
"reason": "Promoted to admin for project management"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}

response = requests.patch(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'PATCH',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
user_id: '4e42729e-f14d-48e7-b4cb-c189b6d158e6',
role: 'admin',
isActive: true,
reason: 'Promoted to admin for project management'
})
};

fetch('https://api.royalti.io/auth/role', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://api.royalti.io/auth/role",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PATCH",
CURLOPT_POSTFIELDS => json_encode([
'user_id' => '4e42729e-f14d-48e7-b4cb-c189b6d158e6',
'role' => 'admin',
'isActive' => true,
'reason' => 'Promoted to admin for project management'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://api.royalti.io/auth/role"

payload := strings.NewReader("{\n \"user_id\": \"4e42729e-f14d-48e7-b4cb-c189b6d158e6\",\n \"role\": \"admin\",\n \"isActive\": true,\n \"reason\": \"Promoted to admin for project management\"\n}")

req, _ := http.NewRequest("PATCH", url, payload)

req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.patch("https://api.royalti.io/auth/role")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"user_id\": \"4e42729e-f14d-48e7-b4cb-c189b6d158e6\",\n \"role\": \"admin\",\n \"isActive\": true,\n \"reason\": \"Promoted to admin for project management\"\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://api.royalti.io/auth/role")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Patch.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"user_id\": \"4e42729e-f14d-48e7-b4cb-c189b6d158e6\",\n \"role\": \"admin\",\n \"isActive\": true,\n \"reason\": \"Promoted to admin for project management\"\n}"

response = http.request(request)
puts response.read_body
{
  "status": "success",
  "message": "User role updated successfully",
  "data": {
    "userId": "4e42729e-f14d-48e7-b4cb-c189b6d158e6",
    "newRole": "admin"
  }
}
This endpoint requires authentication. Include your Bearer token in the Authorization header.

Description

/auth/role Description: Update a user’s role within the workspace. This endpoint allows changing user roles for access control purposes. Authorization:
  • Required role: admin or higher
Important Notes:
  • Super admin roles (super_admin, main_super_admin) cannot be assigned via this endpoint
  • Valid roles: guest, user, admin, owner
  • Role hierarchy (lowest to highest): guest < user < admin < owner < super_admin < main_super_admin
  • Per-user permission overrides are not supported; use role-based access control
Method: PATCH Request Payload:
ParameterTypeRequiredDescription
user_idstring (UUID)YesThe unique identifier of the user in this workspace
rolestringYesThe new role to assign (guest, user, admin, or owner)
isActivebooleanNoWhether the user account is active
reasonstringNoReason for the role change (for audit logging)

Code Examples

const response = await fetch('https://api.royalti.io/auth/role', {
  method: 'PATCH',
  headers: {
    'Authorization': `Bearer ${token}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    "user_id": "sample-user_id",
    "role": "sample-role",
    "isActive": true,
    "reason": "sample-reason"
  })
});

const data = await response.json();
console.log(data);
import requests

response = requests.patch(
  'https://api.royalti.io/auth/role',
  headers={
    'Authorization': f'Bearer {token}'
  },
  json={"user_id":"sample-user_id","role":"sample-role","isActive":true,"reason":"sample-reason"}
)

data = response.json()
print(data)
curl -X PATCH https://api.royalti.io/auth/role \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"user_id":"sample-user_id","role":"sample-role","isActive":true,"reason":"sample-reason"}'

Authorizations

Authorization
string
header
required

JWT Authorization header using the Bearer scheme. Format: "Bearer {token}"

Body

application/json
user_id
string<uuid>
required

The unique identifier of the user in this workspace

role
enum<string>
required

The role to assign (restricted roles blocked)

Available options:
guest,
user,
admin,
owner
isActive
boolean

Whether the user account is active

reason
string

Reason for the role change (for audit logging)

Response

Role updated successfully

status
string
Example:

"success"

message
string
data
object