diff --git a/api/auth/center.go b/api/auth/center.go
index bd851df1..1a7a82ea 100644
--- a/api/auth/center.go
+++ b/api/auth/center.go
@@ -15,6 +15,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	v4 "github.com/aws/aws-sdk-go/aws/signer/v4"
 	sdk "github.com/nspcc-dev/cdn-neofs-sdk"
+	"github.com/nspcc-dev/cdn-neofs-sdk/creds/bearer"
 	"github.com/nspcc-dev/cdn-neofs-sdk/creds/hcs"
 	"github.com/nspcc-dev/neofs-api-go/pkg/object"
 	"github.com/nspcc-dev/neofs-api-go/pkg/token"
@@ -30,9 +31,8 @@ type (
 	}
 
 	center struct {
-		cli sdk.Client
-		key hcs.PrivateKey
 		reg *regexpSubmatcher
+		cli bearer.Credentials
 	}
 
 	Params struct {
@@ -43,10 +43,9 @@ type (
 )
 
 // New creates an instance of AuthCenter.
-func New(cli sdk.Client, key hcs.PrivateKey) Center {
+func New(obj sdk.ObjectClient, key hcs.PrivateKey) Center {
 	return &center{
-		cli: cli,
-		key: key,
+		cli: bearer.New(obj, key),
 		reg: &regexpSubmatcher{re: authorizationFieldRegexp},
 	}
 }
@@ -84,7 +83,7 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) {
 		return nil, errors.Wrapf(err, "could not parse AccessBox address: %s", accessKeyID)
 	}
 
-	tkn, err := c.cli.Credentials().BearerToken(r.Context(), address, c.key)
+	tkn, err := c.cli.Get(r.Context(), address)
 	if err != nil {
 		return nil, err
 	}
diff --git a/cmd/gate/app.go b/cmd/gate/app.go
index 4dcc4485..bc183bfc 100644
--- a/cmd/gate/app.go
+++ b/cmd/gate/app.go
@@ -157,7 +157,7 @@ func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
 	obj = layer.NewLayer(l, cli)
 
 	// prepare auth center
-	ctr = auth.New(cli, hcsCred.PrivateKey())
+	ctr = auth.New(cli.Object(), hcsCred.PrivateKey())
 
 	if caller, err = handler.New(l, obj); err != nil {
 		l.Fatal("could not initialize API handler", zap.Error(err))