Skip to main content
GET
/
api
/
public
/
coworkers
/
{coworkerId}
/
impersonate
{
  "token": "<string>",
  "401 Unauthorized": {},
  "403 Forbidden": {},
  "404 Not Found": {}
}

Impersonate Customer

Returns a short-lived token that can be exchanged for a full auth session as the target customer. Used in the portal when a team administrator chooses to sign in on behalf of a team member — both from the sign-in profile selection flow and from the team permissions page.

Authentication

Requires a valid customer bearer token. The authenticated customer must have the necessary permission (e.g. team admin rights) to impersonate the target customer.

Path Parameters

coworkerId
number
required
The numeric identifier of the customer profile to impersonate. Obtain this from GET /api/public/coworkers/profiles (Profiles[].Id).

Response

Returns a JSON object containing a single token field. Pass this token to the token-exchange endpoint (POST /api/public/auth/login/{token}) to obtain a full auth session as the target customer.
token
string
required
A short-lived token string. Exchange it via exchangeToken() (which calls the login endpoint) to start an impersonated session.

Examples

Impersonate a team member

GET /api/public/coworkers/42/impersonate
Authorization: Bearer {token}

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

TypeScript Integration

import endpoints from '@/api/endpoints'
import { useSignIn } from '@/views/auth/SignIn/useSignIn'

// useSignIn exposes the impersonate helper
const { impersonate } = useSignIn()

// Internally this does:
// 1. GET /api/public/coworkers/{id}/impersonate  → { token }
// 2. POST /api/public/auth/login/{token}         → full session
const response = await httpClient.get<{ token: string }>(endpoints.coworkers.impersonate(coworkerId))
await exchangeToken(response.data.token, true)
await queryContext.invalidateQueries()

Usage in Portal

ContextSource file
Sign-in profile selection flowsrc/views/auth/SignIn/useSignIn.ts
Team permissions — “Impersonate account”src/views/user/team/permissions/components/TeamPermissionTable.tsx

Error Responses

401 Unauthorized
error
The bearer token is missing, expired, or invalid.
403 Forbidden
error
The authenticated customer does not have permission to impersonate the specified profile.
404 Not Found
error
No customer with the given coworkerId was found.
MethodEndpointDescription
GET/api/public/coworkers/profilesList all profiles for the current session
PUT/api/public/coworkers/profiles/currentSwitch the active profile without impersonation
GET/api/sys/users/impersonateAdmin-level impersonation (requires operator access)