diff --git a/api/router.go b/api/router.go
index 9699a381..af42ce04 100644
--- a/api/router.go
+++ b/api/router.go
@@ -6,8 +6,8 @@ import (
 
 	"github.com/google/uuid"
 	"github.com/gorilla/mux"
+	"github.com/nspcc-dev/neofs-s3-gate/api/auth"
 	"github.com/nspcc-dev/neofs-s3-gate/api/metrics"
-	"github.com/nspcc-dev/neofs-s3-gate/auth"
 	"go.uber.org/zap"
 	"google.golang.org/grpc/metadata"
 )
@@ -160,7 +160,7 @@ func GetRequestID(v interface{}) string {
 	}
 }
 
-func Attach(r *mux.Router, m MaxClients, h Handler, center *auth.Center, log *zap.Logger) {
+func Attach(r *mux.Router, m MaxClients, h Handler, center auth.Center, log *zap.Logger) {
 	api := r.PathPrefix(SlashSeparator).Subrouter()
 
 	api.Use(
diff --git a/api/user-auth.go b/api/user-auth.go
index 396d1cb3..a97810bf 100644
--- a/api/user-auth.go
+++ b/api/user-auth.go
@@ -4,22 +4,24 @@ import (
 	"net/http"
 
 	"github.com/gorilla/mux"
-	"github.com/nspcc-dev/neofs-s3-gate/auth"
+	sdk "github.com/nspcc-dev/cdn-neofs-sdk"
+	"github.com/nspcc-dev/neofs-s3-gate/api/auth"
 	"go.uber.org/zap"
 )
 
-func AttachUserAuth(router *mux.Router, center *auth.Center, log *zap.Logger) {
-	uamw := func(h http.Handler) http.Handler {
+func AttachUserAuth(router *mux.Router, center auth.Center, log *zap.Logger) {
+	router.Use(func(h http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			bearerToken, err := center.AuthenticationPassed(r)
+			token, err := center.Authenticate(r)
 			if err != nil {
 				log.Error("failed to pass authentication", zap.Error(err))
 				WriteErrorResponse(r.Context(), w, GetAPIError(ErrAccessDenied), r.URL)
 				return
 			}
-			h.ServeHTTP(w, r.WithContext(auth.SetBearerToken(r.Context(), bearerToken)))
+
+			h.ServeHTTP(w, r.WithContext(
+				sdk.SetBearerToken(r.Context(), token)))
 
 		})
-	}
-	router.Use(uamw)
+	})
 }