Skip to main content
POST
Exit impersonation and restore original admin session

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json
originalAdminToken
string
required

Original admin JWT captured at impersonation start; re-verified server-side and must resolve to a SUPERADMIN/ADMIN role matching originalAdminUser.

originalAdminUser
object
required

Original admin payload (id, email, …) captured at impersonation start. Its id/email must match the verified originalAdminToken payload — guards against tampering.

Response

Impersonation exited

Returned by /api/auth/exit-impersonation after the original admin session is restored.

token
string
required

Original-admin access token to swap back into.

user
object
required

Compact User payload returned with auth tokens.

Example:
message
string
required