API User's Guide

Performing operations on behalf of other users

Introduced in 8.7.3

The API supports user impersonation, i.e., it can retrieve information about users and perform workflow actions to create or update Alloy Navigator objects on behalf of other persons. This article describes how to do that.

In order to perform impersonated requests, the API leverages access tokens obtained using technician accounts or application accounts. Impersonated users have the same set of rights and permissions that Alloy Navigator grants for regular Self Service Portal users. Namely, they can perform only the workflow actions available in the Self Service Portal and see only their own Incidents and Service Requests.

INFO: For details on user access levels in the Self Service Portal, see Administration Guide: Understanding User Access Level.

HTTP methods

The table below provides an overview of available functions and methods:

Function Method Endpoint

Retrieving information about the current user



Creating objects



Running Step Actions on objects



Setting impersonation header

In order to impersonate users, you should pass their object id values with the http header: Impersonating-User-Id.


Here is an example of how you can update the Vendor record with OID=V0000006) by calling Step Action #1631 and updating the Activity.Time_Spent and Comment fields. The operation will be performed on behalf of Edward Rider (the user with an object id 65AA594E-2252-4FF4-B301-BB7F6E9E3803.)


(POST) http://www.example.com/api/v2/object/V000006/action/1631 

HTTP header:


POST Body:

	"Activity.Time_Spent": 84,
	"Comment": "Updated with the API"


	"success": true,
	"errorCode": 0,
	"errorText": "",
	"responseObject": {
		"Succeed": true,
		"ObjectID": "326624be-4271-46bd-b070-7a47b0f5ee54",
		"ObjectOID": "V000006"

NOTE: In case of an invalid request the server returns an error message. For more information about error messages, see Getting started.