You will need to have some kind of service account with permissions to update the user (there is a permissions setting within the users-permissions plugin to allow this).
Effectively you need to send a PUT request to localhost:1337/users/:userID with the content of the body being something like:
{
"role": thePremiumRoleID
}
Alternatively within the Strapi backend you would do this via strapi.query('user', 'users-permissions').update({ id: userID }, { role: roleID }) So you could build a custom route/controller to do this as well.