/impersonate/consent - Enable impersonation consent

POST /impersonate/consent
Bearer auth

Allows a user to enable consent for being impersonated by authorized users (Super Admin role or Owner organization users). This is a privacy-friendly approach where users explicitly control if and for how long they can be impersonated.

Key Features:

  • User controls their own impersonation consent
  • Custom duration (1-168 hours)
  • Only active while consent is valid
  • Complete audit trail of all impersonation activities
application/json

Body Required

  • duration_hours integer

    How many hours the consent should be active (max 1 week, defaults to 1 hour)

    Minimum value is 1, maximum value is 168. Default value is 1.

Responses

  • 200 application/json

    Impersonation consent enabled successfully

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object
      Hide data attribute Show data attribute object
      • consent object
        Hide consent attributes Show consent attributes object
        • id string

          Consent ID

        • user_id string

          User ID who grants consent

        • expires_at string(date-time)

          Consent expiration timestamp

        • max_duration_minutes integer

          Maximum duration for each impersonation session in minutes

        • created_at string(date-time)

          Consent creation timestamp
  • 400 application/json

    Bad request (invalid duration)

    Hide response attributes Show response attributes object
    • code integer

      HTTP error code

    • message string

      Error message

    • data object
      Hide data attributes Show data attributes object
      • type string

        Type of error

        Values are validation_error or external_api_error.

      • errors array[object]
        Hide errors attributes Show errors attributes object
        • key string

          Field name that failed validation

        • message string

          Error code or message

        • value string

          Value that failed validation

      • details

        Additional error details
  • 401 application/json

    Unauthorized - invalid or missing token

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
POST /impersonate/consent 
curl \
 --request POST 'https://api.your-domain.com/api/impersonate/consent' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{"duration_hours":24}'
Request examples 
{
  "duration_hours": 24
}
Response examples (200) 
{
  "code": 200,
  "message": "impersonation consent enabled successfully",
  "data": {
    "consent": {
      "id": "consent_123",
      "user_id": "usr_456",
      "expires_at": "2025-09-04T14:30:00Z",
      "max_duration_minutes": 60,
      "created_at": "2025-09-03T14:30:00Z"
    }
  }
}
Response examples (400) 
{
  "code": 400,
  "message": "Duration must be between 1 and 168 hours"
}
Response examples (401) 
{
  "code": 401,
  "message": "invalid token",
  "data": {}
}