Compliance & Governance
Dashboard endpoints require a JWT Bearer token.
Base URL: https://rach-caas-api-dx75yvdhaq-nw.a.run.app
Compliance Controls
Freeze User SCW
Hard-freezes a user's account, preventing all further transactions from their SCW. Use when a suspicious activity investigation is required or a regulatory hold is placed.
POST /v1/dashboard/users/{blind_index}/freeze
POST /v1/dashboard/users/blind_abc123/freeze
Authorization: Bearer <jwt>| Parameter | Type | Required | Description |
|---|---|---|---|
blind_index | string (path) | ✅ | User's privacy-preserving blind index |
Response 200 OK
{
"blind_index": "blind_abc123",
"account_status": "FROZEN",
"message": "User account frozen successfully."
}Once frozen, all
POST /v1/transfers/sendandPOST /v1/users/withdrawcalls for this user will be rejected. Contact support@rach.finance to unfreeze.
Admin: Update User Phone Hash (SCW Recovery)
Allows an admin to update the phone hash for a user after a mobile number change. The blind_index and wallet_address remain unchanged, preserving the user's SCW and on-chain history.
The new_phone_hash must be the server-side HMAC of the new phone number (Rach will provide the HMAC key on onboarding).
POST /v1/dashboard/users/{blind_index}/update-phone
POST /v1/dashboard/users/blind_abc123/update-phone
Authorization: Bearer <jwt>
Content-Type: application/json
{
"new_phone_hash": "hmac_sha256_of_new_phone..."
}| Field | Type | Required | Description |
|---|---|---|---|
blind_index | string (path) | ✅ | Existing user blind index |
new_phone_hash | string (body) | ✅ | Server-side HMAC of new phone number |
Team Management (RBAC)
Manage team access with role-based permissions.
List Team Members
GET /v1/dashboard/team
Returns current RBAC configurations for all team members.
GET /v1/dashboard/team
Authorization: Bearer <jwt>Invite Team Member
POST /v1/dashboard/team
POST /v1/dashboard/team
Authorization: Bearer <jwt>
Content-Type: application/json
{
"email": "devteam@yourcompany.com",
"role": "Developer"
}| Field | Type | Required | Description |
|---|---|---|---|
email | string | ✅ | Team member's email address |
role | string | ✅ | Role: Admin, Developer, Finance, or Viewer |
Role Permissions
| Role | Dashboard | Treasury | Compliance | Developer Tools |
|---|---|---|---|---|
Admin | ✅ Full | ✅ Full | ✅ Full | ✅ Full |
Developer | ✅ Read | ❌ | ❌ | ✅ Full |
Finance | ✅ Read | ✅ Full | ❌ | ❌ |
Viewer | ✅ Read | ❌ | ❌ | ❌ |
Remove Team Member
DELETE /v1/dashboard/team/{id}
Revokes access for a specific team member.
DELETE /v1/dashboard/team/member_abc123
Authorization: Bearer <jwt>API Key Management
List API Keys
GET /v1/dashboard/apikeys
GET /v1/dashboard/apikeys
Authorization: Bearer <jwt>Generate API Key
POST /v1/dashboard/apikeys
POST /v1/dashboard/apikeys
Authorization: Bearer <jwt>
Content-Type: application/json
{
"mode": "live"
}| Field | Type | Description |
|---|---|---|
mode | string | "test" or "live" (defaults to "live") |
Response 201 Created
{
"key_id": "key_abc123",
"key_prefix": "rach_sk_live_",
"key_secret": "rach_sk_live_xxxxxxxxxxxxxxxx",
"mode": "live",
"created_at": "2026-06-25T12:00:00Z"
}⚠️ The
key_secretis returned only once. Store it immediately in a secure secrets manager.
Revoke API Key
DELETE /v1/dashboard/apikeys/{id}
Hard-revokes an active API key. All subsequent requests using this key will receive 401 Unauthorized.
DELETE /v1/dashboard/apikeys/key_abc123
Authorization: Bearer <jwt>