Custom Roles API

Control pin visibility on shared pinboards using custom roles. Create role-based access control (RBAC) where only users with specific roles can see certain pins.

Overview

Custom roles enable advanced permission control:

Create up to 5 custom roles per pinboard
Assign multiple roles to each collaborator
Set role requirements on individual pins
Only users with required roles can see protected pins
Owner always sees all pins regardless of requirements

Create Custom Role

Create a new custom role for a pinboard:

Client-JS


import { PindownClient } from '@pindownai/client-js'
 
const client = new PindownClient({
  apiKey: process.env.PINDOWN_API_KEY
})
 
// Create custom role
const role = await client.pinboards.createRole('pb-abc123', {
  name: 'VIP Members',
  color: '#FFD700'
})
 
console.log('Role created:', role.roleId)

cURL


curl -X POST https://api.pindown.ai/api/pinboards/pb-abc123/roles \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "VIP Members",
    "color": "#FFD700",
    "permissions": {}
  }'

Response:


{
  "success": true,
  "roleId": "role-xyz789",
  "message": "Role created successfully"
}

Node.js Fetch


const response = await fetch('https://api.pindown.ai/api/pinboards/pb-abc123/roles', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    name: 'VIP Members',
    color: '#FFD700'
  })
})
 
const { roleId } = await response.json()

Request Body:

name (string, required) - Role name (e.g. “VIP Members”)
color (string, required) - Hex color code (e.g. “#FFD700”)
permissions (object, optional) - Future permission settings

Limits:

Maximum 5 roles per pinboard
Only owner can create roles

List Custom Roles

Get all custom roles for a pinboard:

Client-JS


import { PindownClient } from '@pindownai/client-js'
 
const client = new PindownClient({
  apiKey: process.env.PINDOWN_API_KEY
})
 
// List all custom roles
const roles = await client.pinboards.listRoles('pb-abc123')
 
Object.entries(roles).forEach(([roleId, role]) => {
  console.log(`${roleId}: ${role.name} (${role.color})`)
})

cURL


curl https://api.pindown.ai/api/pinboards/pb-abc123/roles \
  -H "Authorization: Bearer YOUR_API_KEY"

Response:


{
  "success": true,
  "roles": [
    {
      "roleId": "role-xyz789",
      "name": "VIP Members",
      "color": "#FFD700"
    },
    {
      "roleId": "role-abc456",
      "name": "Premium Users",
      "color": "#9333EA"
    }
  ]
}

Node.js Fetch


const response = await fetch('https://api.pindown.ai/api/pinboards/pb-abc123/roles', {
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY'
  }
})
 
const { roles } = await response.json()

Permissions:

Owner, Editors, Viewers can list roles
Required to see which roles exist before assigning

Update Custom Role

Update a role’s name or color:

Client-JS


import { PindownClient } from '@pindownai/client-js'
 
const client = new PindownClient({
  apiKey: process.env.PINDOWN_API_KEY
})
 
// Update a role
await client.pinboards.updateRole('pb-abc123', 'role-xyz789', {
  name: 'Premium VIP Members',
  color: '#FF6B00'
})
 
console.log('Role updated successfully')

cURL


curl -X PUT https://api.pindown.ai/api/pinboards/pb-abc123/roles/role-xyz789 \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Premium VIP Members",
    "color": "#FF6B00"
  }'

Response:


{
  "success": true,
  "message": "Role updated successfully"
}

Node.js Fetch


await fetch('https://api.pindown.ai/api/pinboards/pb-abc123/roles/role-xyz789', {
  method: 'PUT',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    name: 'Premium VIP Members',
    color: '#FF6B00'
  })
})

Permissions:

Only owner can update roles

Delete Custom Role

Delete a role and remove it from all users and pins:

Client-JS


import { PindownClient } from '@pindownai/client-js'
 
const client = new PindownClient({
  apiKey: process.env.PINDOWN_API_KEY
})
 
// Delete a role
await client.pinboards.deleteRole('pb-abc123', 'role-xyz789')
 
console.log('Role deleted successfully')
// Role is automatically removed from:
// - All users who had this role
// - All pins that required this role

cURL


curl -X DELETE https://api.pindown.ai/api/pinboards/pb-abc123/roles/role-xyz789 \
  -H "Authorization: Bearer YOUR_API_KEY"

Response:


{
  "success": true,
  "message": "Role deleted and removed from all users and pins"
}

Node.js Fetch


await fetch('https://api.pindown.ai/api/pinboards/pb-abc123/roles/role-xyz789', {
  method: 'DELETE',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY'
  }
})

Automatic Cleanup:

Removes role from all user assignments
Removes role from all pin requirements
If pin had only this role, it becomes visible to all

Permissions:

Only owner can delete roles

Assign Roles to User

Assign one or more custom roles to a collaborator:

Client-JS


import { PindownClient } from '@pindownai/client-js'
 
const client = new PindownClient({
  apiKey: process.env.PINDOWN_API_KEY
})
 
// User must be invited first as editor or viewer
const userId = 'user-123'
 
// Assign custom roles to user
await client.pinboards.assignUserRoles('pb-abc123', userId, [
  'role-xyz789',
  'role-abc456'
])
 
console.log('User roles assigned successfully')
 
// To remove all roles, pass empty array:
// await client.pinboards.assignUserRoles('pb-abc123', userId, [])

cURL


# Assign multiple roles
curl -X PUT https://api.pindown.ai/api/pinboards/pb-abc123/users/user-123/custom-roles \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "roleIds": ["role-xyz789", "role-abc456"]
  }'
 
# Remove all roles
curl -X PUT https://api.pindown.ai/api/pinboards/pb-abc123/users/user-123/custom-roles \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "roleIds": []
  }'

Response:


{
  "success": true,
  "message": "User roles updated"
}

Node.js Fetch


const userId = 'user-123'
 
await fetch(`https://api.pindown.ai/api/pinboards/pb-abc123/users/${userId}/custom-roles`, {
  method: 'PUT',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    roleIds: ['role-xyz789', 'role-abc456']
  })
})

Requirements:

User must already be a collaborator (editor or viewer)
Only owner can assign roles
Pass empty array [] to remove all roles

Set Pin Role Requirements

Control which roles are required to see a specific pin:

Client-JS


import { PindownClient } from '@pindownai/client-js'
 
const client = new PindownClient({
  apiKey: process.env.PINDOWN_API_KEY
})
 
// Require VIP role to see this pin
await client.pinboards.setPinRoleRequirements('pb-abc123', 'p-pin123', [
  'role-xyz789' // Only VIP Members can see
])
 
// Require MULTIPLE roles (user needs ALL)
await client.pinboards.setPinRoleRequirements('pb-abc123', 'p-pin456', [
  'role-xyz789',
  'role-abc456' // Needs BOTH roles
])
 
// Make pin visible to everyone
await client.pinboards.setPinRoleRequirements('pb-abc123', 'p-pin789', [])
 
console.log('Pin role requirements updated')

cURL


# Require single role
curl -X PUT https://api.pindown.ai/api/pinboards/pb-abc123/pins/p-pin123/required-roles \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "roleIds": ["role-xyz789"]
  }'
 
# Require multiple roles (AND logic)
curl -X PUT https://api.pindown.ai/api/pinboards/pb-abc123/pins/p-pin456/required-roles \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "roleIds": ["role-xyz789", "role-abc456"]
  }'
 
# Remove restrictions
curl -X PUT https://api.pindown.ai/api/pinboards/pb-abc123/pins/p-pin789/required-roles \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "roleIds": []
  }'

Response:


{
  "success": true,
  "message": "Pin roles updated"
}

Node.js Fetch


const pinId = 'p-pin123'
 
// Single role requirement
await fetch(`https://api.pindown.ai/api/pinboards/pb-abc123/pins/${pinId}/required-roles`, {
  method: 'PUT',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    roleIds: ['role-xyz789']
  })
})
 
// Multiple roles (user needs ALL)
await fetch(`https://api.pindown.ai/api/pinboards/pb-abc123/pins/p-pin456/required-roles`, {
  method: 'PUT',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    roleIds: ['role-xyz789', 'role-abc456']
  })
})

Logic:

Multiple roles = AND (user needs ALL specified roles)
Empty array = No restrictions (everyone can see)
Owner always sees all pins regardless of requirements

Permissions:

Only owner can set pin requirements

Complete Workflow Example

Client-JS


import { PindownClient } from '@pindownai/client-js'
 
const client = new PindownClient({
  apiKey: process.env.PINDOWN_API_KEY
})
 
// 1. Create pinboard
const board = await client.pinboards.create({
  title: 'VIP Dashboard'
})
const boardId = board.id
 
// 2. Create VIP role
const role = await client.pinboards.createRole(boardId, {
  name: 'VIP Members',
  color: '#FFD700'
})
const roleId = role.roleId
 
// 3. Create pins
const publicPin = await client.pins.create({ metadata: { title: 'Public Content' } })
const vipPin = await client.pins.create({ metadata: { title: 'VIP Only' } })
 
await client.pinboards.addPin(boardId, { pin_id: publicPin.id })
await client.pinboards.addPin(boardId, { pin_id: vipPin.id })
 
// 4. Protect VIP pin
await client.pinboards.setPinRoleRequirements(boardId, vipPin.id, [roleId])
 
// 5. Invite VIP user
await client.collaborators.inviteToPinboard(boardId, {
  email: 'vip@example.com',
  role: 'viewer'
})
 
// 6. Assign VIP role (after user accepts)
const vipUserId = 'user-vip123'
await client.pinboards.assignUserRoles(boardId, vipUserId, [roleId])
 
console.log('✅ VIP user can now see VIP-only pins!')

cURL


#!/bin/bash
 
# 1. Create pinboard
BOARD_ID=$(curl -X POST https://api.pindown.ai/v1/pinboards \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"metadata":{"title":"VIP Dashboard"}}' \
  | jq -r '.pinboard_id')
 
# 2. Create VIP role
ROLE_ID=$(curl -X POST https://api.pindown.ai/api/pinboards/$BOARD_ID/roles \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"VIP Members","color":"#FFD700"}' \
  | jq -r '.roleId')
 
# 3. Create pins
PUBLIC_PIN=$(curl -X POST https://api.pindown.ai/v1/pins \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"metadata":{"title":"Public"}}' \
  | jq -r '.pin_id')
 
VIP_PIN=$(curl -X POST https://api.pindown.ai/v1/pins \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"metadata":{"title":"VIP Only"}}' \
  | jq -r '.pin_id')
 
curl -X POST https://api.pindown.ai/v1/pinboards/$BOARD_ID/pins \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"pin_id\":\"$PUBLIC_PIN\"}"
 
curl -X POST https://api.pindown.ai/v1/pinboards/$BOARD_ID/pins \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"pin_id\":\"$VIP_PIN\"}"
 
# 4. Protect VIP pin
curl -X PUT https://api.pindown.ai/api/pinboards/$BOARD_ID/pins/$VIP_PIN/required-roles \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"roleIds\":[\"$ROLE_ID\"]}"
 
# 5. Invite and assign role
curl -X POST https://api.pindown.ai/v1/pinboards/$BOARD_ID/collaborators \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email":"vip@example.com","role":"viewer"}'
 
# After user accepts:
curl -X PUT https://api.pindown.ai/api/pinboards/$BOARD_ID/users/user-vip123/custom-roles \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"roleIds\":[\"$ROLE_ID\"]}"
 
echo "✅ Setup complete!"

Node.js Fetch


async function setupVIPPinboard() {
  // 1. Create pinboard
  const boardRes = await fetch('https://api.pindown.ai/v1/pinboards', {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ metadata: { title: 'VIP Dashboard' } })
  })
  const { pinboard_id: boardId } = await boardRes.json()
 
  // 2. Create VIP role
  const roleRes = await fetch(`https://api.pindown.ai/api/pinboards/${boardId}/roles`, {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ name: 'VIP Members', color: '#FFD700' })
  })
  const { roleId } = await roleRes.json()
 
  // 3. Create pins
  const publicPinRes = await fetch('https://api.pindown.ai/v1/pins', {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ metadata: { title: 'Public' } })
  })
  const { pin_id: publicPinId } = await publicPinRes.json()
 
  const vipPinRes = await fetch('https://api.pindown.ai/v1/pins', {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ metadata: { title: 'VIP Only' } })
  })
  const { pin_id: vipPinId } = await vipPinRes.json()
 
  // Add pins to board
  await fetch(`https://api.pindown.ai/v1/pinboards/${boardId}/pins`, {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ pin_id: publicPinId })
  })
 
  await fetch(`https://api.pindown.ai/v1/pinboards/${boardId}/pins`, {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ pin_id: vipPinId })
  })
 
  // 4. Protect VIP pin
  await fetch(`https://api.pindown.ai/api/pinboards/${boardId}/pins/${vipPinId}/required-roles`, {
    method: 'PUT',
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ roleIds: [roleId] })
  })
 
  console.log('✅ Setup complete!')
}
 
setupVIPPinboard()

API Reference Summary

Endpoint	Method	Description	Who Can Access
`/api/pinboards/:pbid/roles`	POST	Create custom role	Owner
`/api/pinboards/:pbid/roles`	GET	List all roles	Owner, Editors, Viewers
`/api/pinboards/:pbid/roles/:roleId`	PUT	Update role	Owner
`/api/pinboards/:pbid/roles/:roleId`	DELETE	Delete role	Owner
`/api/pinboards/:pbid/users/:userId/custom-roles`	PUT	Assign roles to user	Owner
`/api/pinboards/:pbid/pins/:pinId/required-roles`	PUT	Set pin requirements	Owner

Important Notes

Maximum 5 roles per pinboard
Owner always sees all pins regardless of requirements
Multiple role requirements = AND logic (user needs ALL roles)
Users must be invited first before assigning custom roles
Deleting a role removes it from all users and pins automatically
Empty roleIds array removes all restrictions

Custom Roles API

Overview

Create Custom Role

Client-JS

cURL

Node.js Fetch

List Custom Roles

Client-JS

cURL

Node.js Fetch

Update Custom Role

Client-JS

cURL

Node.js Fetch

Delete Custom Role

Client-JS

cURL

Node.js Fetch

Assign Roles to User

Client-JS

cURL

Node.js Fetch

Set Pin Role Requirements

Client-JS

cURL

Node.js Fetch

Complete Workflow Example

Client-JS

cURL

Node.js Fetch

API Reference Summary

Important Notes

See Also