This document describes how impersonation works using the REST Api.


Impersonation allows a system or user that interacts with the REST Api to act as another user.


For impersonation the IMPERSONATE right is required.


First, the user that will request the impersonation token needs to be authenticated using one of the authentication mechanisms described here.

Code sample

$basicCredentials = "USERNAME:PASSWORD";
$base64EncodedCredentials = $basicCredentials | ConvertTo-Base64;
$basicAuthHeaderValue = "Basic {0}" -f $base64EncodedCredentials;

$headers = @{
    Authorization = $basicAuthHeaderValue;
    "Content-Type" = "application/json";

Invoke-RestMethod -Method Post -Uri "http://appclusive/api/Core/Authentications/BasicLogin" -Headers $headers;

After successful authentication a JSON Web Token (JWT) for the user to be impersonated can be requested as follows.

Code sample


$body = @{ UserId = $userId } | ConvertTo-Json;

$result = Invoke-RestMethod -Method Post -Uri "http://appclusive/api/Core/Authentications/Impersonate" -Headers $headers -Body $body;
$jwt = $result.Token;

The JSON Web Token returned by the /Impersonate action can now be used to interact with the API as the specified user.

Code sample

$bearerAuthHeader = "Bearer {0}" -f $jwt;
$headers = @{
    Authorization = $bearerAuthHeader;

Invoke-RestMethod -Method Get -Uri "http://appclusive/api/Core/Users" -Headers $headers;