Exit impersonation and restore original admin session

curl --request POST \ --url https://your-instance.example.com/api/auth/exit-impersonation \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data ' { "originalAdminToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI1Zjdi...", "originalAdminUser": { "id": "5f7b1c2e8a1d4e0012c3b4a5", "email": "admin@acme.example", "fullName": "Acme Admin", "organizationId": "5f7b1c2e8a1d4e0012c3b4a5", "accessRole": "ADMIN" } } '

{ "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "user": { "id": "5f7b1c2e8a1d4e0012c3b4a5", "email": "admin@acme.example", "organizationId": "64a1b2c3d4e5f60012345678", "accessRole": "ADMIN" }, "message": "Impersonation exited successfully" }

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

originalAdminToken

string

required

Original admin JWT captured at impersonation start; re-verified server-side and must resolve to a SUPERADMIN/ADMIN role matching originalAdminUser.

originalAdminUser

object

required

Original admin payload (id, email, …) captured at impersonation start. Its id/email must match the verified originalAdminToken payload — guards against tampering.

Response

Impersonation exited

Returned by /api/auth/exit-impersonation after the original admin session is restored.

token

string

required

Original-admin access token to swap back into.

user

object

required

Compact User payload returned with auth tokens.

Show child attributes

Example:

{
  "id": "5f7b1c2e8a1d4e0012c3b4a5",
  "email": "admin@acme.example",
  "fullName": "Acme Admin",
  "organizationId": "64a1b2c3d4e5f60012345678",
  "accessRole": "ADMIN",
  "conversationOpenPreference": "split"
}

message

string

required