> ## Documentation Index
> Fetch the complete documentation index at: https://learn.nexudus.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Get Impersonation Token
> Issue an impersonation token that allows an admin user to act as a specific customer within the portal.
# Get Impersonation Token
Generates a short-lived token that an operator or admin can use to sign in as a specific customer without knowing their password. This is useful for customer support scenarios where an operator needs to view the portal exactly as a member sees it.
This endpoint requires elevated (admin/operator) privileges. It is not available to standard customer sessions.
## Authentication
Requires a valid admin or operator bearer token. Standard customer sessions will receive a `401 Unauthorized` response.
## Query Parameters
The numeric identifier of the customer to impersonate.
## Response
This endpoint is registered in `endpoints.ts` but **not invoked** anywhere in the portal frontend. The response shape below is inferred from the
sibling endpoint `GET /api/public/coworkers/{coworkerId}/impersonate`, which returns the same structure and is actively used.
Returns a JSON object containing a short-lived impersonation token. Pass the token to the `/api/sys/users/exchange` endpoint to obtain a full bearer session.
A short-lived JWT that can be exchanged for a full authentication session via the token exchange endpoint.
### Example Response
```json theme={null}
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
```
## TypeScript Integration
The endpoint is defined in `endpoints.ts` but has no callers in the portal. The public sibling endpoint (`/api/public/coworkers/{coworkerId}/impersonate`) is used instead for team-admin impersonation flows:
```typescript theme={null}
import endpoints from '@/api/endpoints'
// Admin-level URL builder (defined but unused in the portal)
const adminUrl = endpoints.system.getImpersonationToken(coworkerId)
// => '/api/sys/users/impersonate?coworkerId=42'
// The portal uses the public impersonation endpoint instead:
const response = await httpClient.get<{ token: string }>(endpoints.coworkers.impersonate(coworkerId))
await exchangeToken(response.data.token, true)
```
## Usage in Portal
This endpoint has **no active callers** in the portal codebase. Team-admin impersonation is handled by `GET /api/public/coworkers/{coworkerId}
/impersonate` via `useSignIn().impersonate()`.
| Context | Source file |
| ------------------------------------------ | -------------------------------------------------------------------- |
| Endpoint definition (unused) | `src/api/endpoints.ts` |
| Team member impersonation (public sibling) | `src/views/auth/SignIn/useSignIn.ts` |
| Impersonate button in team management | `src/views/user/team/permissions/components/TeamPermissionTable.tsx` |
## Error Responses
The caller does not have admin or operator privileges.
No customer with the given `coworkerId` was found in this location.
## Related Endpoints
| Method | Endpoint | Description |
| ------ | ------------------------------------------------ | ------------------------------------------------------------------ |
| `GET` | `/api/public/coworkers/{coworkerId}/impersonate` | Public impersonation — used by team admins in the portal |
| `POST` | `/api/sys/users/exchange` | Exchange a JWT for a bearer token |
| `GET` | `/api/public/coworkers/profiles` | List all profiles for the current session (source of `coworkerId`) |
| `PUT` | `/api/public/coworkers/profiles/current` | Switch the active profile without impersonation |