**Source URL:** https://general.veevavault.dev/vault-api/getting-started/authenticating.md

# Authenticate to Vault API



Your first API call will be an authentication request, which provides your session ID for other API calls. To do this, call the `auth` endpoint.

The `auth` endpoint (`/api/{version}/auth`) expects two URL-encoded form parameters (`x-www-form-urlencoded`): `username` and `password`.

#### Request {#request}

```
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" \
-d 'username={username}&password={password}' \
"https://{server}/api/{version}/auth"

```

This call returns a JSON response that contains the session ID.

#### Response {#response}

```
{
  "responseStatus": "SUCCESS",
  "sessionId": "3B3C45FD240E26F0C3DB4F82BBB0C15C7EFE4B29EF9916AF41AF7E44B170BAA01F232B462BE5C2BE2ACB82F6704FDA216EBDD69996EB23A6050723D1EFE6FA2B",
  "userId": 12021,
  "vaultIds": [
    {
      "id": 1776,
      "name": "PromoMats",
      "url": "https://promo-vee.veevavault.com/api"
    },
    {
      "id": 1782,
      "name": "Platform",
      "url": "https://platform-vee.veevavault.com/api"
    }
  ],
  "vaultId": 1776
}

```

Congratulations, you've authenticated to Vault API!

Similar to logging in with the Vault UI, your API user has all the permissions your Vault UI user has.

Your session ID expires after a period of inactivity. This period of time is configured by your Vault Admin. When this happens, you need to run the `/api` API to authenticate again.

Even if you keep your session active, the maximum session duration for a single session is 48 hours. After 48 hours, you will need to authenticate again.

<Aside type="tip" title="Tip">Rarely, you can authenticate against a different Vault if the intended Vault is inactive. In this situation, you’ll authenticate against the last Vault you accessed or the oldest Vault in your domain. As a best practice, you should always check the returned `vaultId` against the `vaultIds` in the list to ensure that it’s the Vault you intended. Learn more about [authentication defaulting](/vault-api/explanation/auth-defaulting/).</Aside>

## Continued Learning {#continued-learning}

* To keep your session active without compromising performance, learn more about [best practices for session management](/vault-api/explanation/session-management/).

* To understand what happens if you try to authenticate to an inactive Vault, learn more about [authentication defaulting](/vault-api/explanation/auth-defaulting/).

* If you're a Vault Admin, learn how to [configure *Session Duration* in Vault Help](https://platform.veevavault.help/en/gr/63061/#default-session-duration).



---

**Previous:** [Endpoint Structure & Versioning](/vault-api/getting-started/endpoint-structure)  
**Next:** [Upload a Document](/vault-api/getting-started/upload-document)