Impersonate a user using the Microsoft Dynamics Web API in Dynamics CRM 2016

I have been exploring the Dynamics CRM Web API features and frankly speaking it never ceases to amaze me. So today I am going to explain how you can impersonate a user to create a record from the client side. Wondering how can we impersonate from the client side. After all, till this time, plugins were the privileged objects to do something in impersonation. Well, then Web API has come to shatter many establishments in the CRM society.

I have two users in my CRM system. System Administrator and my account.


I am going to login with the System Administrator account and then create an account on behalf of my account (Debajit Dutta).

Below is the code to do the same.

var organizationUrl = Xrm.Page.context.getClientUrl();
var data = { "name": "Sample Account – Impersonation Test" };

var query = "accounts";
var req = new XMLHttpRequest();"POST", organizationUrl + "/api/data/v8.0/" + query, true);
req.setRequestHeader("Accept", "application/json");
req.setRequestHeader("Content-Type", "application/json; charset=utf-8");
req.setRequestHeader("OData-MaxVersion", "4.0");
req.setRequestHeader("OData-Version", "4.0");
req.setRequestHeader("MSCRMCallerID", "28888439-85AF-E511-80EB-3863BB35AD90");
req.onreadystatechange = function () {
    if (this.readyState == 4) {
        req.onreadystatechange = null;
        if (this.status == 200) {
            // do your stuffs

        } else {
            var error = JSON.parse(this.response).error;


Let me explain the code a bit here. Here I am creating a account named “Sample Account – Impersonation Test”. However I am creating the record under impersonation. The GUID of the person whom I am impersonating is passed as the MSCRMCallerID in the request header. “28888439-85AF-E511-80EB-3863BB35AD90” is the guid of the user – Debajit Dutta.

So how do I run the code? If you are thinking, a new webresource needs to be created and uploaded in CRM and then the code is to bee fired based on some event, I am not going to do nothing like that. After all we have the very powerful developer tools of modern browsers at our disposal. So why go the traditional way to try your piece of code?

I opened CRM in Chrome and then pull up the Developer tools in Chrome. In the console I copy-paste the above code.


I press enter and voila! the new account is created. Now If I pull up the record in Advanced Find. Below is the screenshot of the same.


So as you can see the Created by is the user whom I impersonated and the Created By Behalf is the user who actually performed the operation.

The power of Web API allows you to do this impersonation in just 10 mins or so and that too from the client side. Isn’t it great!

Hope this helps!

Author: Debajit

I am a Dynamics CRM Most Valuable Professional (MVP) with 12 years of experience in Microsoft .NET Technologies and 9 years of dedicated experience in Microsoft Dynamics CRM. I have worked with companies like Microsoft, SanDisk, PwC, TMF Group and have extensive experience of implementing complex CRM solutions from both offshore and client side. Currently the face of with significant experience in delivering corporate training on Dynamics CRM and have already delivered multiple projects to client through Author of multiple tools on codeplex including the 'Role Based Views' and 'CRM-Sharepoint Metadata manager & Attachment Extractor' which are available for commercial use under For consulting/ training, drop me a note at or visit our website

4 thoughts on “Impersonate a user using the Microsoft Dynamics Web API in Dynamics CRM 2016”

  1. An issue we had with Web API impersonation about two months ago is once you make any call with impersonation, all other api calls will be impersonated no matter what you do. The only way to “turn off” impersonation was by logging out and logging back in. Do you have the same issue?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s