Impersonating another user
Feature available since 2.4.0
Using the impersonation feature it is possible for a Super Admin user to impersonate another user. To use this feature, the token being used for an API call should be belonging to a Super Admin user (specifically, any user having the
To impersonate another user, pass the header
X-Impersonate. The value of the header is the user id of the user to impersonate eg:
It is also possible to use the username or email of the user eg:
Security Note : When using this feature, we recommend the below steps to improve the security of your setup
- Create a new token to be used only for impersonation instead of using an existing token.
- Absolutely avoid using this token for client side requests. Use it only in server side communication.