Reference / Governance

mint an audited impersonation session for a user (returns a real end-user token set carrying an `act` claim naming the operator).

POST /v1/users/{id}/impersonate
Secret API key operationId: impersonate_user

Authorization

Server-to-server. Send a secret key as a Bearer token plus the x-application-id header.

Path parameters

  • id string<uuid> required

    User id

Responses

201 Impersonation session minted
404 No such user

Request

curl -X POST "http://localhost:8080/v1/users/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/impersonate" \

Try it

live request
POST http://localhost:8080/v1/users/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/impersonate

Path parameters