This document describes how impersonation works using the REST Api.

Impersonation

Impersonation allows a system or user that interacts with the REST Api to act as another user.

Prerequisites

For impersonation the IMPERSONATE right is required.

Example

First, the user that will request the impersonation token needs to be authenticated using one of the authentication mechanisms described here.

Code sample

$basicCredentials = "USERNAME:PASSWORD";
$base64EncodedCredentials = $basicCredentials | ConvertTo-Base64;
$basicAuthHeaderValue = "Basic {0}" -f $base64EncodedCredentials;

$headers = @{
    Authorization = $basicAuthHeaderValue;
    "Content-Type" = "application/json";
};

Invoke-RestMethod -Method Post -Uri "http://appclusive/api/Core/Authentications/BasicLogin" -Headers $headers;

After successful authentication a JSON Web Token (JWT) for the user to be impersonated can be requested as follows.

Code sample

$userId = "ID_OF_THE_USER_TO_BE_IMPERSONATED";

$body = @{ UserId = $userId } | ConvertTo-Json;

$result = Invoke-RestMethod -Method Post -Uri "http://appclusive/api/Core/Authentications/Impersonate" -Headers $headers -Body $body;
$jwt = $result.Token;

The JSON Web Token returned by the /Impersonate action can now be used to interact with the API as the specified user.

Code sample

$bearerAuthHeader = "Bearer {0}" -f $jwt;
$headers = @{
    Authorization = $bearerAuthHeader;
};

Invoke-RestMethod -Method Get -Uri "http://appclusive/api/Core/Users" -Headers $headers;