User PIN
Overview
The user PIN locks your driver profile on the vehicle. When enabled, personal in-cabin services — Rivian Assistant, Google Calendar, media apps, and similar profile-linked apps — cannot be used by other drivers unless they enter your PIN or have your digital key present.
PIN settings are managed in the mobile app via five GraphQL operations on the gateway endpoint.
Typical flow observed in the mobile app:
GetUserPinAuth— read PIN lock settings (lock_profile,always_required)GetUserPinExists— check whether a PIN is setSetUserPin— create or change the PIN (6-digit string)SetPinAuth— update when the PIN is required (lock_profile,always_required)DeleteUserPin— remove the PIN
After SetUserPin, SetPinAuth, or DeleteUserPin, the app re-fetches GetUserPinAuth and GetUserPinExists.
POST https://rivian.com/api/gql/gateway/graphql
Required Headers
a-sess: <your app session token>
u-sess: <your user session token>
csrf-token: <your CSRF token>
apollographql-client-name: com.rivian.android.consumer
GetUserPinAuth
Returns PIN authentication settings for the current user.
Request Body
{
"operationName": "GetUserPinAuth",
"variables": {},
"query": "query GetUserPinAuth { currentUser { settings { pinAuth { lock_profile always_required timestamp } } } }"
}
Example Response
{
"data": {
"currentUser": {
"settings": {
"pinAuth": {
"lock_profile": true,
"always_required": false,
"timestamp": 1700000000000
}
}
}
}
}
| Field | Description |
|---|---|
lock_profile | When true, the in-vehicle driver profile is locked behind the PIN (or digital key) |
always_required | When true, the PIN is required even when a digital key is present |
timestamp | Last update time (epoch ms) |
GetUserPinExists
Returns whether the account has a PIN configured.
Request Body
{
"operationName": "GetUserPinExists",
"variables": {},
"query": "query GetUserPinExists { userPinExists }"
}
Example Response
{
"data": {
"userPinExists": true
}
}
SetUserPin
Creates or updates the 6-digit PIN entered on the vehicle to unlock your driver profile.
Request Body
{
"operationName": "SetUserPin",
"variables": {
"pin": "<6-digit-pin>"
},
"query": "mutation SetUserPin($pin: String!) { setUserPin(pin: $pin) }"
}
Example Response
{
"data": {
"setUserPin": true
}
}
SetPinAuth
Updates profile lock settings without changing the PIN itself.
Request Body
{
"operationName": "SetPinAuth",
"variables": {
"lock_profile": true,
"always_required": false
},
"query": "mutation SetPinAuth($lock_profile: Boolean!, $always_required: Boolean!) { setPinAuth(lock_profile: $lock_profile, always_required: $always_required) }"
}
Example Response
{
"data": {
"setPinAuth": true
}
}
DeleteUserPin
Removes the profile PIN from the account.
Request Body
{
"operationName": "DeleteUserPin",
"variables": {},
"query": "mutation DeleteUserPin { deleteUserPin }"
}
Example Response
{
"data": {
"deleteUserPin": true
}
}