yeah, first send
<Envelope xmlns="http://www.w3.org/2003/05/soap-envelope">
<Body>
<AuthRequest xmlns="urn:zimbraAccount">
<account by="name">user1</account>
<password>****</password>
</AuthRequest>
</Body>
</Envelope>
you'll get back
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header>...stuff...
</soap:Header>
<soap:Body>
<AuthResponse xmlns="urn:zimbraAccount">
<authToken>...auth_token...</authToken>
<lifetime>172800000</lifetime>
<sessionId id="55">55</sessionId>
</AuthResponse>
</soap:Body>
</soap:Envelope>
You must save the auth_token and sessionId and pass it back to the server in subsequent requests.