Impersonation mode

If you offer a way for your employees to log in as your customers, you need to inform Castle to ignore this activity to avoid false alerts being triggered.

You need to call impersonate before the employee logs into your customer’s account, which means it needs to go before the $login.succeeded event is tracked.

Example

# request from your admin UI e.g. ActiveAdmin

member_action :become, method: :get do
  user = User.find(params[:id])
  response = castle.impersonate(
    user_id: '1234',
    impersonator: 'optional_admin_id_or_email'
  )
  sign_in(:user, user, bypass: true)
  redirect_to root_path
end
castle.impersonate({
  'user_id': '1234',
  'impersonator': 'optional_admin_id_or_email'
})
curl https://api.castle.io/v1/impersonate \
  -X POST \
  -u ":YOUR-API-SECRET" \
  -H "Content-Type: application/json" \
  -d '
    {
      "user_id": "1234",
      "impersonator": "optional_admin_id_or_email",
      "context": {
        "client_id": "a97b492d-dcc3-4fc1-87d6-65682955afa5",
        "ip": "37.46.187.90",
        "user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko"
      }
    }'
Field Type Description
user_id String identifier of the impersonated user.
impersonator String (optional) identifier of the admin user.
context Object request context (client_id, ip, user-agent are required) - autogenerated by SDKs

Note

impersonate request should be made before you login your support engineer into a end-user account.

Impersonation Reset

Impersonation is by default canceled by calling $logout.succeeded event.

Additionally, there is an option to cancel it by calling castle.impersonate with reset: true option

Example

  castle.impersonate(
    user_id: '1234',
    reset: 'true'
  )
castle.impersonate({
  'user_id': '1234',
  'reset': 'true'
})
curl https://api.castle.io/v1/impersonate \
  -X DELETE \
  -u ":YOUR-API-SECRET" \
  -H "Content-Type: application/json" \
  -d '
    {
      "user_id": "1234",
      "context": {
        "client_id": "a97b492d-dcc3-4fc1-87d6-65682955afa5",
        "ip": "37.46.187.90",
        "user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko"
      }
    }'
Field Type Description
user_id String identifier of the impersonated user.
context Object request context (client_id, ip, user-agent are required) - autogenerated by SDKs