In the past few months, we have made lots of incremental upgrades to com_api, our REST API extension for Joomla. For those who are not aware, com_api is a quick and easy way to add REST APIs to Joomla. Extensible via plugins, you can easily add support for more Joomla extensions.
With com_api v2.4, we allow the calling user to impersonate another user by using the X-Impersonate header. This can be done by using a Super User’s token in the Authorization header and passing a second X-Impersonate header with the user id whom to impersonate. Detailed documentation about this feature is available on our docs site.
This feature can come in handy in cases where you do not want to create and manage tokens for individual users and want to use a single token to read or write data on behalf of other users.
Note: When using this feature we recommend to create a new token to be used for impersonation to improve the security of your setup. It is also recommended that this token not be used on the client side. Use it only in server-side communication.