---
title: "User Authentication"
slug: "user-authentication"
updated: 2026-05-26T06:37:44Z
published: 2026-05-26T06:37:44Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# User Authentication

## 1.0 Overview

The method used to configure authentication varies depending on what type of authentication you wish to perform. *For more information, refer to*[*Authentication*](/v1/docs/authentication)*.*

Every authentication creates a session that grants a bearer token which can be passed for any other API requests. Please note that the bearer token expires if the session remains inactive for a long period of time. Please check with Fortanix DSM admin for the expiration values. By default, user sessions expire after 24 hours and app sessions expire after 10 min if remained idle.

The sample code below authenticates using provided credentials and then saves the bearer token in the API Client for subsequent use by other API requests.

## 2.0 User Authentication

This example describes user authentication using a user’s email and password.

> [!NOTE]
> NOTE
> 
> If a user is part of multiple accounts, you must first select a particular account, before proceeding to key management operations.

How to get account Id: Go to **Account Settings**. Copy the **Account ID** displayed on the right.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Screenshot (2811).png)

**Figure 1: Account ID**

- [C#](/docs/user-authentication#tabs-1)
- [Go](/docs/user-authentication#tabs-2)
- [Java](/docs/user-authentication#tabs-3)
- [Python](/docs/user-authentication#tabs-4)
- [REST API using curl](/docs/user-authentication#tabs-5)

### C#

```bash
Configuration.Default.BasePath = ""<Endpoint URL>";
Configuration.Default.Username = <user email>;
Configuration.Default.Password = <user password>;

AuthenticationApi authenticationApi = new AuthenticationApi();
AuthResponse response = authenticationApi.Authorize();
Configuration.Default.AddApiKey("Authorization", response.AccessToken);
Configuration.Default.AddApiKeyPrefix("Authorization", "Bearer");

//Select account
SelectAccountRequest request = new SelectAccountRequest().acctId(<Account Id>);
authenticationApi.SelectAccount(request);
```

### Go

```bash
client := sdkms.Client{
       Endpoint: "<Endpoint URL>",
       HTTPClient: http.DefaultClient,
 }
ctx := context.Background()
_, err := client. AuthenticateWithUserPass(ctx, <user email>, <user password>)

#Select account
request := sdkms.SelectAccountRequest {
            AcctId: <Account Id>
}
_, err = client.SelectAccount(ctx, request)
```

### Java

```bash
ApiClient apiClient = new ApiClient();
apiClient.setBasePath(<Endpoint URL>);
apiClient.setUsername(<user email>);
apiClient.setPassword(<user password>);
AuthenticationApi authenticationApi = new AuthenticationApi(apiClient);
AuthResponse authResponse = authenticationApi.authorize();
ApiKeyAuth bearerTokenAuth = (ApiKeyAuth) apiClient.getAuthentication("bearerToken");
bearerTokenAuth.setApiKey(authResponse.getAccessToken());
bearerTokenAuth.setApiKeyPrefix("Bearer");

//Select account
SelectAccountRequest request = new SelectAccountRequest().acctId(<Account Id>);
authenticationApi.selectAccount(request);
```

### Python

```plaintext
config = sdkms.v1.Configuration()
config.host = "<Endpoint URL>"
config.username = <user email>
config.password = <user password>
client = sdkms.v1.ApiClient(configuration=config)
auth_instance = sdkms.v1.AuthenticationApi(api_client=client)
auth = auth_instance.authorize()
config.api_key['Authorization'] = auth.access_token
config.api_key_prefix['Authorization'] = 'Bearer'

#Select account
request = sdkms.v1.SelectAccountRequest(<account id>)
auth_instance.select_account(request)
```

### REST API using curl

```bash
$ curl <Endpoint URL>/sys/v1/session/auth -X POST -u <user email>:<user password>
{"token_type":"Bearer","expires_in":600,"access_token":"YhXwwa- 6C...L9kRxswmPZkEFQ2ig5g","entity_id":"7916b324-33a1-4a06-8778-59ec0492bb10"}
#select account
$ curl <Endpoint URL>/sys/v1/session/select_account -H 'Authorization: Bearer YhXwwa- 6C...L9kRxswmPZkEFQ2ig5g ' -d '{"acct_id": "<account id>"}'
#use the "access_token" as Bearer Auth in other API requests. E.g: 
$ curl <Endpoint URL>/other_apis -H 'Authorization: Bearer YhXwwa- 6C...L9kRxswmPZkEFQ2ig5g ' ...
```

Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.

## Related

- [PKCS#11 Library](/clients-pkcs11-library.md)
- [Authentication - App and User](/fortanix-authentication-app-and-user.md)
- [Authentication](/users-guide-authentication.md)
- [Key Operations](/key-operations.md)