as-user Header

as-user Header

It is possible to for a JWT application to act on behalf of another user by leveraging the as-user header.

curl \
    -H "as-user: [USER_ID]"
    -H "authorization: Bearer [ACCESS_TOKEN]"

In this situation the user ID is the Box identifier for a user. User IDs can found for any user via the GET /users endpoint, which is only available to admins, or by calling the GET /users/me endpoint with an authenticated user session.


The application must be configured to perform actions as users in the Developer Console.

Advanced Features

Additionally, the authenticated user needs to be a user with Admin permissions, meaning either an Admin or Co-Admin. See our guide on User Types for more details.

You cannot use the user_id of Service Accounts in the as-user header.

as-user using SDKs

All of the official Box SDKs support acting on behalf of a user using the as-user header.

var user_client = new BoxClient(config, session, asUser: '[USER_ID]');
// client.asSelf();
user_to_impersonate = client.user(user_id='[USER_ID]')
user_client = client.as_user(user_to_impersonate)
// client.asSelf();

Please note that some of our SDKs create new clients for the other user, while others modify the existing client and provide a way to return to a state where the client authenticates for the original user itself.