diff --git a/apps/api/internal/api/api.go b/apps/api/internal/api/api.go
index 82afbc6a..bc3ba63a 100644
--- a/apps/api/internal/api/api.go
+++ b/apps/api/internal/api/api.go
@@ -87,6 +87,7 @@ func (api *API) setupRoutes(mw *mw.Middleware) {
 
 		r.Get("/events/{eventId}/redeemables", api.Handlers.Redeemables.GetRedeemables)
 		r.Post("/redeemables/{redeemableId}/users/{userId}", api.Handlers.Redeemables.RedeemRedeemable)
+		r.Post("/events/{eventId}/users/{userId}/update-rfid", api.Handlers.Event.UpdateUserRFID)
 	})
 
 	// Health check
diff --git a/apps/api/internal/api/handlers/events.go b/apps/api/internal/api/handlers/events.go
index 6a4a52c2..bc99041c 100644
--- a/apps/api/internal/api/handlers/events.go
+++ b/apps/api/internal/api/handlers/events.go
@@ -903,3 +903,57 @@ func (h *EventHandler) GetCheckedInStatusByIds(w http.ResponseWriter, r *http.Re
 		"checked_in_status": strconv.FormatBool(result),
 	})
 }
+
+type UpdateRFID struct {
+	RFID string `json:"rfid"`
+}
+
+// UpdateUserRFID
+//
+//	@Summary		Updates a user's RFID tag
+//	@Description	Associates a new RFID string with a specific user for the given event. This overwrites any existing RFID association.
+//	@Tags			Event
+//	@Accept			json
+//	@Produce		json
+//	@Param			eventId	path		string			true	"Event ID"	Format(uuid)
+//	@Param			userId	path		string			true	"User ID"	Format(uuid)
+//	@Param			body	body		UpdateRFID		true	"New RFID data"
+//	@Success		204		"No Content - RFID updated successfully"
+//	@Failure		400		{object}	response.ErrorResponse	"Invalid request body or UUID format"
+//	@Failure		404		{object}	response.ErrorResponse	"User or Event not found"
+//	@Failure		500		{object}	response.ErrorResponse	"Internal server error"
+//	@Router			/events/{eventId}/users/{userId}/update-rfid [post]
+func (h *EventHandler) UpdateUserRFID(w http.ResponseWriter, r *http.Request) {
+	eventId, err := web.PathParamToUUID(r, "eventId")
+	if err != nil {
+		res.SendError(w, http.StatusBadRequest, res.NewError("missing_event_id", "The event ID is missing from the URL!"))
+		return
+	}
+
+	userId, err := web.PathParamToUUID(r, "userId")
+	if err != nil {
+		res.SendError(w, http.StatusBadRequest, res.NewError("missing_user_id", "The user ID is missing from the URL!"))
+		return
+	}
+
+	var payload UpdateRFID
+	err = json.NewDecoder(r.Body).Decode(&payload)
+	if err != nil {
+		res.SendError(w, http.StatusBadRequest, res.NewError("body_malformed", "Invalid body"))
+		return
+	}
+	defer r.Body.Close()
+
+	if payload.RFID == "" {
+		res.SendError(w, http.StatusBadRequest, res.NewError("body_malformed", "Invalid body"))
+		return
+	}
+
+	err = h.eventService.UpdateEventRoleByIds(r.Context(), userId, eventId, nil, nil, &payload.RFID)
+	if err != nil {
+		res.SendError(w, http.StatusNotFound, res.NewError("error", "Something went wrong internally."))
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}