Impersonate a user
You can add information in your HTTP header to any GraphQL API request to impersonate the specified user. However, this method doesn't work with the OAuth 2.0 API.
Approved use cases
- Act as the legal representative to perform server-to-server consent operations.
- Get updated or refreshed user data with a webhook notification on the
user
object. - Illustrate a user's problem to Partners and Swan support teams.
- Use the Swan API on behalf of a user:
- Without a user access token,
- Without asking the user to reconnect, and
- Without using the refresh token.
Guide
To impersonate a user with a project access token:
- Verify the user has signed into your project at least one time.
- Collect the Swan
userId
from the OAuth 2.0 process to get a user access token. - Bind it with your own
userId
in your system. - Add the HTTP header
x-swan-user-id
with theuserId
(sample HTTP header line 2).
Then, you'll experience the environment as if you had used a user access token.
HTTP header sample
curl --location 'https://api.swan.io/live-partner/graphql' \
--header 'x-swan-user-id: 4d102f73-cc4a-4f2e-8734-e2885df95abd' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer $PROJECT_ACCESS_TOKEN' \
--data '{"query":"query accounts {\n user {\n firstName\n lastName\n mobilePhoneNumber\n id\n }\n \n \n}\n","variables":{}}'