Impersonate a user using the Microsoft Dynamics Web API in Dynamics CRM 2016

I have been exploring the Dynamics CRM Web API features and frankly speaking it never ceases to amaze me. So today I am going to explain how you can impersonate a user to create a record from the client side. Wondering how can we impersonate from the client side. After all, till this time, plugins were the privileged objects to do something in impersonation. Well, then Web API has come to shatter many establishments in the CRM society.

I have two users in my CRM system. System Administrator and my account.


I am going to login with the System Administrator account and then create an account on behalf of my account (Debajit Dutta).

Below is the code to do the same.

var organizationUrl = Xrm.Page.context.getClientUrl();
var data = { "name": "Sample Account – Impersonation Test" };

var query = "accounts";
var req = new XMLHttpRequest();"POST", organizationUrl + "/api/data/v8.0/" + query, true);
req.setRequestHeader("Accept", "application/json");
req.setRequestHeader("Content-Type", "application/json; charset=utf-8");
req.setRequestHeader("OData-MaxVersion", "4.0");
req.setRequestHeader("OData-Version", "4.0");
req.setRequestHeader("MSCRMCallerID", "28888439-85AF-E511-80EB-3863BB35AD90");
req.onreadystatechange = function () {
    if (this.readyState == 4) {
        req.onreadystatechange = null;
        if (this.status == 200) {
            // do your stuffs

        } else {
            var error = JSON.parse(this.response).error;


Let me explain the code a bit here. Here I am creating a account named “Sample Account – Impersonation Test”. However I am creating the record under impersonation. The GUID of the person whom I am impersonating is passed as the MSCRMCallerID in the request header. “28888439-85AF-E511-80EB-3863BB35AD90” is the guid of the user – Debajit Dutta.

So how do I run the code? If you are thinking, a new webresource needs to be created and uploaded in CRM and then the code is to bee fired based on some event, I am not going to do nothing like that. After all we have the very powerful developer tools of modern browsers at our disposal. So why go the traditional way to try your piece of code?

I opened CRM in Chrome and then pull up the Developer tools in Chrome. In the console I copy-paste the above code.


I press enter and voila! the new account is created. Now If I pull up the record in Advanced Find. Below is the screenshot of the same.


So as you can see the Created by is the user whom I impersonated and the Created By Behalf is the user who actually performed the operation.

The power of Web API allows you to do this impersonation in just 10 mins or so and that too from the client side. Isn’t it great!

Hope this helps!

4 thoughts on “Impersonate a user using the Microsoft Dynamics Web API in Dynamics CRM 2016”

  1. An issue we had with Web API impersonation about two months ago is once you make any call with impersonation, all other api calls will be impersonated no matter what you do. The only way to “turn off” impersonation was by logging out and logging back in. Do you have the same issue?

Leave a Reply