Administrators of applications and/or services may evaluate a customer issue by debugging the customer's application. For example, an administrator may be issued an authorization token for accessing a customer's account associated with the application. The authorization token gives the administrator certain access permissions and/or rights to the customer's account. Current techniques for issuing and/or creating an authorization token include applying the authorization token to headers of HTTPS requests to a service to indicate that the incoming caller has rights to impersonate a customer for a given session. However, this technique requires custom work on every client and/or client application to support the ingestion. As such, current techniques for issuing and/or creating an authorization token for an administrator to impersonate a customer may be inefficient, time consuming, and require many resources.