diff --git a/backend/app/Http/Controllers/AuthController.php b/backend/app/Http/Controllers/AuthController.php
index d2d7fe2..cfdecb8 100644
--- a/backend/app/Http/Controllers/AuthController.php
+++ b/backend/app/Http/Controllers/AuthController.php
@@ -136,6 +136,14 @@ class AuthController extends Controller
         }
 
         $request->user()->leaveImpersonation();
-        return;
+
+        $impersonator = User::find(app('impersonate')->getImpersonatorId());
+
+        $token = $impersonator->createToken('auth_token')->plainTextToken;
+
+        return response()->json([
+            'access_token' => $token,
+            'token_type' => 'Bearer',
+        ]);
     }
 }
diff --git a/backend/routes/api.php b/backend/routes/api.php
index 601b084..e41f147 100644
--- a/backend/routes/api.php
+++ b/backend/routes/api.php
@@ -26,12 +26,13 @@ use Illuminate\Support\Facades\Artisan;
 */
 
 Route::post('/login', [AuthController::class, 'login']);
-Route::post('/impersonate/{user}', [AuthController::class, 'impersonate']);
-Route::post('/stop_impersonating', [AuthController::class, 'stopImpersonating']);
 
 Route::middleware('auth:sanctum')->group( function () {
     //Route::post('/register', [AuthController::class, 'register']); //TODO: replace with admin only route
 
+    Route::post('/impersonate/{user}', [AuthController::class, 'impersonate']);
+    Route::post('/stop_impersonating', [AuthController::class, 'stopImpersonating']);
+
     Route::get('/me', [AuthController::class, 'me']);
     Route::post('/me', [AuthController::class, 'me']);