# Key Manager Authenticate

{% openapi src="<https://544392450-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F909t04Fk8FiEI7fBcmlw%2Fuploads%2Fgit-blob-b6d63f640faf8ffd4c3cb7d5da4b3f6866387e25%2Fkm-api-public.yaml?alt=media>" path="/pubkey/authenticate" method="post" %}
[km-api-public.yaml](https://544392450-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F909t04Fk8FiEI7fBcmlw%2Fuploads%2Fgit-blob-b6d63f640faf8ffd4c3cb7d5da4b3f6866387e25%2Fkm-api-public.yaml?alt=media)
{% endopenapi %}

To know more about RSA authentication process, refer to [RSA Bot Authentication Workflow](https://docs.developers.symphony.com/building-bots-on-symphony/authentication/rsa-authentication).

For more information on creating and using an RSA key manager token, refer to [RSA Bot Authentication Workflow](https://docs.developers.symphony.com/building-bots-on-symphony/authentication/rsa-authentication).

> #### ❗️ Key Manager Token Management
>
> The token you receive is valid for the lifetime of a session that is defined by your pod's administration team. This ranges from 1 hour to 2 weeks.
>
> You should keep using the same token until you receive a HTTP 401, at which you should re-authenticate and get a new token for a new session.
>
> [Datafeeds](https://rest-api.symphony.com/main/datafeed) survive session expiration, you do not need to re-create your datafeed if your session expires.

> #### 🚧 Important
>
> * The following restrictions apply:
>   * The JWT must have an expiration date between the current time and five minutes from the current time.
>   * The JWT must be signed by a private key matching the public key saved for its subject ("sub").
> * For more information on creating and using an RSA session token, refer to [RSA Bot Authentication Workflow](https://docs.developers.symphony.com/building-bots-on-symphony/authentication/rsa-authentication).