Skip to main content
GET
/
api
/
sys
/
users
/
impersonate
Get Impersonation Token
curl --request GET \
  --url https://spaces.nexudus.com/api/sys/users/impersonate \
  --header 'Authorization: Basic <encoded-value>'
{
  "token": "<string>",
  "401 Unauthorized": {},
  "404 Not Found": {}
}

Documentation Index

Fetch the complete documentation index at: https://learn.nexudus.com/llms.txt

Use this file to discover all available pages before exploring further.

Get Impersonation Token

Generates a short-lived token that an operator or admin can use to sign in as a specific customer without knowing their password. This is useful for customer support scenarios where an operator needs to view the portal exactly as a member sees it.
This endpoint requires elevated (admin/operator) privileges. It is not available to standard customer sessions.

Authentication

Requires a valid admin or operator bearer token. Standard customer sessions will receive a 401 Unauthorized response.

Query Parameters

coworkerId
number
required
The numeric identifier of the customer to impersonate.

Response

This endpoint is registered in endpoints.ts but not invoked anywhere in the portal frontend. The response shape below is inferred from the sibling endpoint GET /api/public/coworkers/{coworkerId}/impersonate, which returns the same structure and is actively used.
Returns a JSON object containing a short-lived impersonation token. Pass the token to the /api/sys/users/exchange endpoint to obtain a full bearer session.
token
string
required
A short-lived JWT that can be exchanged for a full authentication session via the token exchange endpoint.

Example Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

TypeScript Integration

The endpoint is defined in endpoints.ts but has no callers in the portal. The public sibling endpoint (/api/public/coworkers/{coworkerId}/impersonate) is used instead for team-admin impersonation flows: 
import endpoints from '@/api/endpoints'

// Admin-level URL builder (defined but unused in the portal)
const adminUrl = endpoints.system.getImpersonationToken(coworkerId)
// => '/api/sys/users/impersonate?coworkerId=42'

// The portal uses the public impersonation endpoint instead:
const response = await httpClient.get<{ token: string }>(endpoints.coworkers.impersonate(coworkerId))
await exchangeToken(response.data.token, true)

Usage in Portal

This endpoint has no active callers in the portal codebase. Team-admin impersonation is handled by GET /api/public/coworkers/{coworkerId} /impersonate via useSignIn().impersonate().
ContextSource file
Endpoint definition (unused)src/api/endpoints.ts
Team member impersonation (public sibling)src/views/auth/SignIn/useSignIn.ts
Impersonate button in team managementsrc/views/user/team/permissions/components/TeamPermissionTable.tsx

Error Responses

401 Unauthorized
error
The caller does not have admin or operator privileges.
404 Not Found
error
No customer with the given coworkerId was found in this location.
MethodEndpointDescription
GET/api/public/coworkers/{coworkerId}/impersonatePublic impersonation — used by team admins in the portal
POST/api/sys/users/exchangeExchange a JWT for a bearer token
GET/api/public/coworkers/profilesList all profiles for the current session (source of coworkerId)
PUT/api/public/coworkers/profiles/currentSwitch the active profile without impersonation