# Key Manager Authenticate (Cert)

{% openapi src="<https://544392450-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F909t04Fk8FiEI7fBcmlw%2Fuploads%2Fgit-blob-419162d50a87f510738956b4563b2497b773594d%2Fkm-cert-api-public.yaml?alt=media>" path="/v1/authenticate" method="post" %}
[km-cert-api-public.yaml](https://544392450-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F909t04Fk8FiEI7fBcmlw%2Fuploads%2Fgit-blob-419162d50a87f510738956b4563b2497b773594d%2Fkm-cert-api-public.yaml?alt=media)
{% endopenapi %}

> #### ❗️ Key Manager Token Management
>
> The token you receive is valid for the lifetime of a session that is defined by your pod's administration team. This ranges from 1 hour to 2 weeks.
>
> You should keep using the same token until you receive a HTTP 401, at which you should re-authenticate and get a new token for a new session.
>
> [Datafeeds](https://rest-api.symphony.com/main/datafeed) survive session expiration, you do not need to re-create your datafeed if your session expires.

> #### 🚧
>
> Before calling the Pod endpoints, the caller must be authenticated with the pod (the dedicated Symphony cloud service) by calling the [Session Authenticate](https://rest-api.symphony.com/main/bot-authentication/rsa-session-authenticate) endpoint, followed by this one.

To call the Key Manager Authenticate endpoint, you must provide a certificate where the Common Name of the certificate matches the username of an active Service User account on your pod.