Impersonate a user

Please be sure of your agent type and version and pick the right documentation accordingly.

This is the documentation of the forest-express-sequelize and forest-express-mongoose Node.js agents that will soon reach end-of-support.

forest-express-sequelize v9 and forest-express-mongoose v9 are replaced by @forestadmin/agent v1.

Please check your agent type and version and read on or switch to the right documentation.

Impersonate a user

This example shows you how to create a Smart Action "Impersonate" to login as one of your customers.

It can be useful to help your customers debug an issue or to get a better understanding of what they see on their account (in your app).


  • An admin backend running on forest-express-sequelize/forest-express-mongoose

How it works

Directory: /models

This directory contains the users.js file where the model is declared.

module.exports = (sequelize, DataTypes) => {
  const { Sequelize } = sequelize;
  const Users = sequelize.define('users', {
    email: {
      type: DataTypes.STRING,
    createdAt: {
      type: DataTypes.DATE,
  }, {
    tableName: 'users',
    timestamps: false,
    schema: process.env.DATABASE_SCHEMA,

  Users.associate = (models) => {

  return Users;

Directory: /forest

This directory contains the users.js file where the Smart Action Impersonateis declared.

const { collection } = require('forest-express-sequelize');

collection('users', {
  actions: [
      name: 'Impersonate',
      type: 'single',

Directory: /routes

This directory contains the users.js file where the implementation of the route is handled. The POST /forest/actions/impersonate API call is triggered when you click on the Smart Action in the Forest UI.

  (req, res) => {
    let userId =[0];

      webhook: { // This is the object that will be used to fire http calls.
        url: 'https://my-app-url/login', // The url of the company providing the service.
        method: 'POST', // The method you would like to use (typically a POST).
        headers: { }, // You can add some headers if needed (you can remove it).
        body: { // A body to send to the url (only JSON supported).
          adminToken: 'your-admin-token',
      success: `Impersonating user ${userId}`, // The success message that will be toasted.
      redirectTo: 'https://my-app-url/', // Force the redirection to your app if needed.


module.exports = router;

This is useful for authentication using cookies. By using this example, you're performing the login request directly from the browser. Thus, the cookies will be automatically sent from your own service to the browser (as you'd normally do with your own app).

Last updated