diff --git a/app/controllers/api/v1/registrant/base_controller.rb b/app/controllers/api/v1/registrant/base_controller.rb
index 043d93948..4497d68e6 100644
--- a/app/controllers/api/v1/registrant/base_controller.rb
+++ b/app/controllers/api/v1/registrant/base_controller.rb
@@ -37,7 +37,7 @@ module Api
           decryptor.decrypt_token
 
           if decryptor.valid?
-            sign_in decryptor.user
+            sign_in(:registrant_user, decryptor.user)
           else
             render json: { errors: [{ base: ['Not authorized'] }] },
                    status: :unauthorized
@@ -47,7 +47,7 @@ module Api
         # This controller does not inherit from ApplicationController,
         # so user_for_paper_trail method is not usable.
         def set_paper_trail_whodunnit
-          ::PaperTrail.whodunnit = current_user.id_role_username
+          ::PaperTrail.whodunnit = current_registrant_user.id_role_username
         end
       end
     end
diff --git a/app/controllers/api/v1/registrant/registry_locks_controller.rb b/app/controllers/api/v1/registrant/registry_locks_controller.rb
index 8274f5754..27c98cc9f 100644
--- a/app/controllers/api/v1/registrant/registry_locks_controller.rb
+++ b/app/controllers/api/v1/registrant/registry_locks_controller.rb
@@ -26,7 +26,7 @@ module Api
         private
 
         def set_domain
-          domain_pool = current_user.domains
+          domain_pool = current_registrant_user.domains
           @domain = domain_pool.find_by(uuid: params[:domain_uuid])
 
           return if @domain
@@ -35,7 +35,7 @@ module Api
         end
 
         def authorized_to_manage_locks?
-          return if current_user.administered_domains.include?(@domain)
+          return if current_registrant_user.administered_domains.include?(@domain)
 
           render json: { errors: [
             { base: ['Only administrative contacts can manage registry locks'] }