Skip to content
WhiteBeard

Impersonating Customer Accounts

This guide explains how to set up and use the customer impersonation feature. This feature is useful for customer service representatives and developers to debug problems with existing tokens on the frontend, without needing to know the customer’s password.

Setup

Section titled “Setup”

To enable this feature, you need to configure your frontend application.

  1. Create a route on your frontend at /account/impersonate. Your frontend domain is determined from the initial setup of the CMS.
  2. Ensure this route accepts a POST request (form-data) containing a token field.
  3. Save this as the user’s token in your session.

Important caveats

Section titled “Important caveats”
  • Since this process bypasses the standard OAuth2 authentication, you will not be provided with an access token and refresh token. Instead, use this token as it is in your Token header.
  • The generated token has the no scope defined, which is more permissive than the limited scope. This means you can perform any action on behalf of the user.
  • The generated token is valid for 2 hours only. Set your cookie expiration accordingly if possible.
  • Older CMS versions (released before February 2026) generate tokens that are valid for 200 days.

How to Impersonate a Customer

Section titled “How to Impersonate a Customer”

You can impersonate a customer through the backend interface.

  1. Navigate to Revenue -> Customers.
  2. Select a customer from the list to view their profile.
  3. Locate the Update customer information button.
  4. Open the actions dropdown menu (click the arrow next to the button).
  5. Click on Impersonate.