Skip to main content
POST
/
v1
/
impersonation
/
authenticate
C#
// POST /v1/impersonation/authenticate
const stytch = require('stytch');

const client = new stytch.Client({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  impersonation_token: "${token}",
};

client.Impersonation.Authenticate(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });
{
  "request_id": "<string>",
  "user_id": "<string>",
  "user": {
    "user_id": "<string>",
    "emails": [
      {
        "email_id": "<string>",
        "email": "<string>",
        "verified": true
      }
    ],
    "status": "<string>",
    "phone_numbers": [
      {
        "phone_id": "<string>",
        "phone_number": "<string>",
        "verified": true
      }
    ],
    "webauthn_registrations": [
      {
        "webauthn_registration_id": "<string>",
        "domain": "<string>",
        "user_agent": "<string>",
        "verified": true,
        "authenticator_type": "<string>",
        "name": "<string>"
      }
    ],
    "providers": [
      {
        "provider_type": "<string>",
        "provider_subject": "<string>",
        "profile_picture_url": "<string>",
        "locale": "<string>",
        "oauth_user_registration_id": "<string>"
      }
    ],
    "totps": [
      {
        "totp_id": "<string>",
        "verified": true
      }
    ],
    "crypto_wallets": [
      {
        "crypto_wallet_id": "<string>",
        "crypto_wallet_address": "<string>",
        "crypto_wallet_type": "<string>",
        "verified": true
      }
    ],
    "biometric_registrations": [
      {
        "biometric_registration_id": "<string>",
        "verified": true
      }
    ],
    "is_locked": true,
    "roles": [
      "<string>"
    ],
    "name": {
      "first_name": "<string>",
      "middle_name": "<string>",
      "last_name": "<string>"
    },
    "created_at": "<string>",
    "trusted_metadata": {},
    "untrusted_metadata": {},
    "external_id": "<string>",
    "lock_created_at": "<string>",
    "lock_expires_at": "<string>"
  },
  "session_token": "<string>",
  "session_jwt": "<string>",
  "status_code": 123
}
Authenticate an impersonation token to impersonate a User. This endpoint requires an impersonation token that is not expired or previously used. A Stytch session will be created for the impersonated user with a 60 minute duration. Impersonated sessions cannot be extended. Prior to this step, you can generate an impersonation token by visiting the Stytch Dashboard, viewing a user, and clicking the Impersonate User button.

Authorizations

Authorization
string
header
required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Body

application/json

Request type

impersonation_token
string
required

The User Impersonation token to authenticate. Expires in 5 minutes by default.

Response

Successful response

request_id
string
required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

user_id
string
required

The unique ID of the affected User.

user
object
required

The user object affected by this API call. See the Get user endpoint for complete response field details.

session_token
string
required

A secret token for a given Stytch Session.

session_jwt
string
required

The JSON Web Token (JWT) for a given Stytch Session.

status_code
integer<int32>
required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

session
object

If you initiate a Session, by including session_duration_minutes in your authenticate call, you'll receive a full Session object in the response.

See Session object for complete response fields.