When i'm logged in as sysadmin in the Gui, i can use Tenants → Manage Tenant Admins → Login as Tenant Admin to become a specific tenant admin.
How can i accomplish this, using the REST API?
I need to add/remove/modify devices on behalf of serveral tenants.
I tried to authenticate as sysadmin and use /api/tenant/devices hoping to have access to all devices. But this doesn't do the trick.
You have to login via REST API with E-Mail & Password of the desired Tenant Admin: https://thingsboard.io/docs/reference/rest-api/
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{"username":"tenant@thingsboard.org", "password":"tenant"}' 'http://THINGSBOARD_URL/api/auth/login'
This will return the JWT Token needed for further API requests e.g. deleting devices:
Now, you should set ‘X-Authorization’ header to “Bearer $YOUR_JWT_TOKEN”. Make sure you use main JWT token and not the refresh token.
Sysadmin is not allowed to manage devices, tenant admins are allowed to mange them. Therefore, you need to impersonate a tenant admin. Assuming that you already know the user_id of the tenant admin, you can call to
curl -X 'GET' \
'https://thingsboard.cloud:443/api/user/{user_id_to_impersonate}/token' \
-H 'accept: application/json'
Extract of Thingsboard documentation: https://thingsboard.cloud/swagger-ui/#/user-controller/getUserTokenUsingGET
Returns the token of the User based on the provided User Id. If the user who performs the request has the authority of 'SYS_ADMIN', it is possible to get the token of any tenant administrator. If the user who performs the request has the authority of 'TENANT_ADMIN', it is possible to get the token of any customer user that belongs to the same tenant.
Then you can use this token for accessing as another user.
Notice those restrictions: you can impersonate a tenant admin from a System administrator and a user from a tenant admin.
I hope this helps.
