# Service Accounts Service Accounts can be viewed as "Machine Users" in your Dfns organisation. They are often used authenticate and interact with Dfns API from your server, on behalf of your organisation. As any user, they must sign their API requests (cf [User Action Signing](/d/api-docs/authentication/user-action-signing.md)). So before creating a Service Account, an asymmetric keypair must be created. It will be used as the Service Account [Credential](/d/api-docs/authentication/credential-management/credentials-overview.md). The public part of this key is passed during the Service Account creation. Service Accounts also have configurable TTL of anywhere from 1 to 730 days. When created, the Service Account will return the Service Account access token. Make sure to keep both the signing secret (private part of the asymmetric keypair) and the Service Account access token secure. {% hint style="info" %} Dfns recommends using services like AWS Secrets Manager or comparable services on other public cloud platforms {% endhint %} As any user, Service Accounts can also be assigned [permissions](/d/api-docs/permissions/permissions.md) in order to use API endpoints. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs-legacy.dfns.co/d/api-docs/authentication/service-account-management.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.