Skip to main content
GET
Get Impersonation Token

Get Impersonation Token

Generates a short-lived token that an operator or admin can use to sign in as a specific customer without knowing their password. This is useful for customer support scenarios where an operator needs to view the portal exactly as a member sees it.
This endpoint requires elevated (admin/operator) privileges. It is not available to standard customer sessions.

Authentication

Requires a valid admin or operator bearer token. Standard customer sessions will receive a 401 Unauthorized response.

Query Parameters

coworkerId
number
required
The numeric identifier of the customer to impersonate.

Response

This endpoint is registered in endpoints.ts but not invoked anywhere in the portal frontend. The response shape below is inferred from the sibling endpoint GET /api/public/coworkers/{coworkerId}/impersonate, which returns the same structure and is actively used.
Returns a JSON object containing a short-lived impersonation token. Pass the token to the /api/sys/users/exchange endpoint to obtain a full bearer session.
token
string
required
A short-lived JWT that can be exchanged for a full authentication session via the token exchange endpoint.

Example Response

TypeScript Integration

The endpoint is defined in endpoints.ts but has no callers in the portal. The public sibling endpoint (/api/public/coworkers/{coworkerId}/impersonate) is used instead for team-admin impersonation flows:

Usage in Portal

This endpoint has no active callers in the portal codebase. Team-admin impersonation is handled by GET /api/public/coworkers/{coworkerId} /impersonate via useSignIn().impersonate().

Error Responses

401 Unauthorized
error
The caller does not have admin or operator privileges.
404 Not Found
error
No customer with the given coworkerId was found in this location.