Create workspace impersonation login token (v1)

Method & Path

POST /api/v1/admin/workspaces/:workspaceId/impersonation-login-token

Description

Creates a single-use opaque token (short TTL) that the client-system exchanges for a normal workspace-owner JWT via Exchange workspace impersonation session.

Use this for super-admin support: open the client app as the workspace owner without knowing the owner password.

Persona access

Persona	Access
Admin	No (`403` unless super-admin)
Super-admin	Yes
Workspace Owner / Staff / Customer	No (admin API)

Authentication

Required: Admin JWT with businesses.manage and role super-admin.

Authorization: Bearer <admin_access_token>

Headers

Authorization: Bearer <admin_access_token>
Content-Type: application/json

Path Parameters

Parameter	Type	Required	Description
`workspaceId`	string	Yes	Target workspace ID

Request Body

None.

Response 201 Created

{
  "token": "opaque-one-time-token",
  "expiresAt": "2026-04-10T12:20:00.000Z",
  "expiresInMs": 600000
}

Common Errors

400 Bad Request: Invalid workspaceId format
401 Unauthorized: Missing or invalid admin token
403 Forbidden: Authenticated admin is not a super-admin
404 Not Found: Workspace does not exist
422 Unprocessable Entity: Validation failed

Method & Path​

Description​

Persona access​

Authentication​

Headers​

Path Parameters​

Request Body​

Response 201 Created​

Common Errors​