Guides
Making Requests on Behalf of Users

Making Requests on Behalf of Users

The DealCloud API requires user-specific credentials and authentication tokens for access. In most cases, integrations authenticate using a dedicated API service account, and all subsequent API requests are made using that account’s credentials. However, some workflows need to make API calls on behalf of another “principal” user instead of the API service user. Common reasons include reflecting the principal user's data permissions, preserving correct audit trails, and performing user-scoped updates without the user's API credentials being actively used in the integration. This can be achieved through user proxying.

Use Cases

  • Honoring individual user's capability & data access permissions at the API integration level.
  • Enforce the principal user's permissions for reads and writes
  • Make modifications that must appear under the principal user's identity (audit history).
  • Enable support & service teams performing actions for a user (impersonation) while still applying the user's permission rules.
  • Third-party integrations that must operate within the bounds of a specific user's view.

User Proxying via the API

Similar to the web application, you are able to proxy as another user to indicate which (principal) user the action should executed on behalf of.

How it Works

  • User Proxy assignments must be created within the DealCloud application to authorize making proxied API aclls. This can be setup in Admin > User Management > under the User Proxy Assignments tab.
  • You may also use the GET Proxy Assignments API and Create Proxy Assignments API endpoints to manage this programmatically.
  • Once completed, proxy requests are serviced as if they were made by the princiapal user, consequently respecting their capabilities, permissions, data access, and auditability.

Request

Use the AS-USER header parameter to specificy the user ID of the principal user you want to act on behalf of (after ensuring a valid proxy assignment exists).

GET {host}/api/rest/v4/data/entrydata/rows/Deals
Authorization: Bearer {{token}}
AS-USER: 6045
Audit Trail for Read EventsSDKs