Customer Task via Admin API

🔁 Perform Customer Tasks via Admin API Key

Allow admins to perform any customer-level operation by reusing existing customer endpoints. This is done securely using X-ADMIN-API-KEY and X-CUSTOMER-ID headers.

🔹 How It Works

Admin can call any customer API endpoint like API-URL/lists, API-URL/contacts, etc., by sending:

• X-ADMIN-API-KEY in the header (for admin authentication)

• X-CUSTOMER-ID in the header (to impersonate customer context)

The system detects these headers, validates them, and routes the request through existing customer workflows.

📥 Example: Get Contact Lists as Admin

🔹 HTTP Request

GET API-URL/lists

🔐 Authorization Header

💻 PHP Example

$response = Http::withHeaders([
  'X-ADMIN-API-KEY' => 'admin-abc-123',
  'X-CUSTOMER-ID' => 'ab382plq98zr7'
])->get('API-URL/lists');

print_r($response->json());

📦 Sample JSON Response

{
  "status": "success",
  "lists": [
    {
      "uid": "xj35478ymfe15",
      "name": "Newsletter Subscribers"
    },
    {
      "uid": "lm451q7h7j3e2",
      "name": "Event Attendees"
    }
  ]
}

📝 Example: Create a List as Admin

🔹 HTTP Request

POST API-URL/lists

🔐 Authorization Header

🔸 POST Parameters

💻 PHP Example

$response = Http::withHeaders([
  'X-ADMIN-API-KEY' => 'admin-abc-123',
  'X-CUSTOMER-ID' => 'ab382plq98zr7'
])->post('API-URL/lists', [
  'name' => 'New Customers List',
  'description' => 'Imported from CRM'
]);

print_r($response->json());

📦 Sample JSON Response

{
  "status": "success",
  "message": "List created successfully",
  "list": {
    "uid": "ls35478ymfe15",
    "name": "New Customers List"
  }
}

🛠 Notes

• Works for all HTTP verbs: GET, POST, PUT, DELETE

• Admin access is controlled strictly via headers

• Always log admin impersonation actions