API keys can be used to authenticate requests in Core while impersonating another non-admin user; however, note the following:
- Impersonation can only be enabled by a super admin at the time the key was created. Should you wish to enable impersonation, contact Resolver Support to create a new API key.
- Any non-admin user can be impersonated, provided you've obtained their user ID and the user is active in the org the API key was created for.
- Actions performed while impersonating using an API key are captured in the audit trail as "[API User's Name] impersonating [Impersonated User's Name]".
- If a user is impersonated using an external system (integration), the Modified By property on an object will show "[API User's Name]", but would still be captured in the audit trail as "[API User's Name] impersonating [Impersonated User's Name]".
To impersonate a user with an API key, open a supported endpoint in Swagger, enter the API key in the x-api-key field and the ID of the user to be impersonated in the impersonate-user-id field. The user ID can be obtained from the address bar of your browser after navigating to the Edit User page for the user (e.g., 1732).