If the oAuthed user is the coin's creator, let them provide either the rnbUserId or an email/social media ID to view the amount of coin held by that user. Return 0 if "not found"; that should cover most security concerns, I think.