Start an impersonation session
Admin Impersonation
Start an impersonation session
Mints a short-lived JWT access token subjected on the target
POST
Start an impersonation session
Description
TenantUser. The target identifier may be either aTenantUser.id
(preferred — supports roster-only rows without a linked User) or a
User.id (UUID); both are resolved automatically.
Denial reasons logged to AuditLogs.metadata.denialReason:
caller_not_admin, self_impersonation, target_not_found,
no_shared_workspace, target_is_admin.
Code Examples
Authorizations
JWT Authorization header using the Bearer scheme. Format: "Bearer {token}"
Path Parameters
TenantUser.id (preferred) or User.id (UUID) of the target