> ## Documentation Index
> Fetch the complete documentation index at: https://learn.nexudus.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Impersonate Customer

> Generate an impersonation token so a team administrator can sign in as another team member.

# Impersonate Customer

Returns a short-lived token that can be exchanged for a full auth session as the target customer. Used in the portal when a team administrator chooses to sign in on behalf of a team member — both from the sign-in profile selection flow and from the team permissions page.

## Authentication

Requires a valid customer bearer token. The authenticated customer must have the necessary permission (e.g. team admin rights) to impersonate the target customer.

## Path Parameters

<ParamField path="coworkerId" type="number" required>
  The numeric identifier of the customer profile to impersonate. Obtain this from `GET /api/public/coworkers/profiles` (`Profiles[].Id`).
</ParamField>

## Response

Returns a JSON object containing a single `token` field. Pass this token to the token-exchange endpoint (`POST /api/public/auth/login/{token}`) to obtain a full auth session as the target customer.

<ResponseField name="token" type="string" required>
  A short-lived token string. Exchange it via `exchangeToken()` (which calls the login endpoint) to start an impersonated session.
</ResponseField>

## Examples

### Impersonate a team member

```http theme={null}
GET /api/public/coworkers/42/impersonate
Authorization: Bearer {token}
```

```json theme={null}
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
```

## TypeScript Integration

```typescript theme={null}
import endpoints from '@/api/endpoints'
import { useSignIn } from '@/views/auth/SignIn/useSignIn'

// useSignIn exposes the impersonate helper
const { impersonate } = useSignIn()

// Internally this does:
// 1. GET /api/public/coworkers/{id}/impersonate  → { token }
// 2. POST /api/public/auth/login/{token}         → full session
const response = await httpClient.get<{ token: string }>(endpoints.coworkers.impersonate(coworkerId))
await exchangeToken(response.data.token, true)
await queryContext.invalidateQueries()
```

## Usage in Portal

| Context                                  | Source file                                                          |
| ---------------------------------------- | -------------------------------------------------------------------- |
| Sign-in profile selection flow           | `src/views/auth/SignIn/useSignIn.ts`                                 |
| Team permissions — "Impersonate account" | `src/views/user/team/permissions/components/TeamPermissionTable.tsx` |

## Error Responses

<ResponseField name="401 Unauthorized" type="error">
  The bearer token is missing, expired, or invalid.
</ResponseField>

<ResponseField name="403 Forbidden" type="error">
  The authenticated customer does not have permission to impersonate the specified profile.
</ResponseField>

<ResponseField name="404 Not Found" type="error">
  No customer with the given `coworkerId` was found.
</ResponseField>

## Related Endpoints

| Method | Endpoint                                 | Description                                          |
| ------ | ---------------------------------------- | ---------------------------------------------------- |
| `GET`  | `/api/public/coworkers/profiles`         | List all profiles for the current session            |
| `PUT`  | `/api/public/coworkers/profiles/current` | Switch the active profile without impersonation      |
| `GET`  | `/api/sys/users/impersonate`             | Admin-level impersonation (requires operator access) |