Skip to content
Paylent Docs

Users & Roles

Paylent provides role-based access control (RBAC) scoped to each environment. Define permissions, group them into roles, and assign roles to users.

Users

Section titled “Users”

Users are scoped to an environment. Each user has:

  • Email (unique within the environment)
  • First and last name
  • Password (Argon2 hashed)
  • Email confirmation status

Creating Users

Section titled “Creating Users”
Terminal window
curl -X POST https://acme-test.paylent.com/api/users \
  -H "Content-Type: application/vnd.api+json" \
  -d '{
    "data": {
      "type": "user",
      "attributes": {
        "email": "[email protected]",
        "first_name": "Jane",
        "last_name": "Doe",
        "password": "secure_password",
        "password_confirmation": "secure_password"
      }
    }
  }'

Permissions

Section titled “Permissions”

Permissions follow a resource:action naming convention:

PermissionDescription
users:createCreate user accounts
users:readView user details
users:updateUpdate user profiles
roles:createCreate roles
roles:readView roles
clients:readView OAuth clients
clients:createRegister OAuth clients

Permissions are defined per environment and can be customized for your application’s needs.

Roles

Section titled “Roles”

Roles are named groups of permissions. Common patterns:

  • Admin — Full access to all resources
  • Viewer — Read-only access
  • Developer — Manage clients and keys, read users

Creating a Role

Section titled “Creating a Role”
Terminal window
curl -X POST https://acme-test.paylent.com/api/roles \
  -H "Content-Type: application/vnd.api+json" \
  -d '{
    "data": {
      "type": "role",
      "attributes": {
        "name": "Developer",
        "description": "Can manage OAuth clients and signing keys"
      }
    }
  }'

Assigning Permissions to a Role

Section titled “Assigning Permissions to a Role”
Terminal window
curl -X POST https://acme-test.paylent.com/api/role-permissions \
  -H "Content-Type: application/vnd.api+json" \
  -d '{
    "data": {
      "type": "role_permission",
      "attributes": {},
      "relationships": {
        "role": { "data": { "type": "role", "id": "ROLE_ID" } },
        "permission": { "data": { "type": "permission", "id": "PERMISSION_ID" } }
      }
    }
  }'

Assigning Roles to Users

Section titled “Assigning Roles to Users”
Terminal window
curl -X POST https://acme-test.paylent.com/api/user-roles \
  -H "Content-Type: application/vnd.api+json" \
  -d '{
    "data": {
      "type": "user_role",
      "attributes": {},
      "relationships": {
        "user": { "data": { "type": "user", "id": "USER_ID" } },
        "role": { "data": { "type": "role", "id": "ROLE_ID" } }
      }
    }
  }'

Platform Authorization (ReBAC)

Section titled “Platform Authorization (ReBAC)”

Beyond environment-level RBAC, Paylent uses relationship-based access control for platform-level authorization. This controls which dashboard users can manage which environments.

Two platform roles exist:

RelationAccess
adminFull read/write/delete access to all resources in an environment
viewerRead-only access to all resources in an environment

Platform authorization is managed automatically — account creators receive owner access, and environment-level tuples are created when environments are provisioned.