diff --git a/docs/object.md b/docs/object.md
index 4ec32fc..27e4bcf 100644
--- a/docs/object.md
+++ b/docs/object.md
@@ -149,7 +149,6 @@ calculated for XORed data.
 | ----- | ---- | ----- | ----------- |
 | Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
 | OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
-| Token | [session.Token](#session.Token) |  | Token with session public key and user's signature |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
 
@@ -228,7 +227,6 @@ in distributed system.
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
-| Raw | [bool](#bool) |  | Raw is the request flag of a physically stored representation of an object |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
 
@@ -256,7 +254,6 @@ in distributed system.
 | ----- | ---- | ----- | ----------- |
 | Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
 | FullHeaders | [bool](#bool) |  | FullHeaders can be set true for extended headers in the object |
-| Raw | [bool](#bool) |  | Raw is the request flag of a physically stored representation of an object |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
 
@@ -296,7 +293,6 @@ in distributed system.
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Object | [Object](#object.Object) |  | Object with at least container id and owner id fields |
-| Token | [session.Token](#session.Token) |  | Token with session public key and user's signature |
 | CopiesNumber | [uint32](#uint32) |  | Number of the object copies to store within the RPC call (zero is processed according to the placement rules) |
 
 
@@ -378,7 +374,7 @@ in distributed system.
 | UserHeader | [UserHeader](#object.UserHeader) |  | UserHeader is a set of KV headers defined by user |
 | Transform | [Transform](#object.Transform) |  | Transform defines transform operation (e.g. payload split) |
 | Tombstone | [Tombstone](#object.Tombstone) |  | Tombstone header that set up in deleted objects |
-| Verify | [session.VerificationHeader](#session.VerificationHeader) |  | Verify header that contains session public key and user's signature |
+| Token | [service.Token](#service.Token) |  | Token header contains token of the session within which the object was created |
 | HomoHash | [bytes](#bytes) |  | HomoHash is a homomorphic hash of original object payload |
 | PayloadChecksum | [bytes](#bytes) |  | PayloadChecksum of actual object's payload |
 | Integrity | [IntegrityHeader](#object.IntegrityHeader) |  | Integrity header with checksum of all above headers in the object |
diff --git a/docs/service.md b/docs/service.md
index 90e1bd2..eef1e49 100644
--- a/docs/service.md
+++ b/docs/service.md
@@ -14,8 +14,9 @@
 
   - Messages
     - [RequestVerificationHeader](#service.RequestVerificationHeader)
-    - [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign)
     - [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
+    - [Token](#service.Token)
+    - [Token.Info](#service.Token.Info)
     
 
 - [service/verify_test.proto](#service/verify_test.proto)
@@ -49,6 +50,7 @@ RequestMetaHeader contains information about request meta headers
 | TTL | [uint32](#uint32) |  | TTL must be larger than zero, it decreased in every NeoFS Node |
 | Epoch | [uint64](#uint64) |  | Epoch for user can be empty, because node sets epoch to the actual value |
 | Version | [uint32](#uint32) |  | Version defines protocol version TODO: not used for now, should be implemented in future |
+| Raw | [bool](#bool) |  | Raw determines whether the request is raw or not |
 
 
 <a name="service.ResponseMetaHeader"></a>
@@ -88,18 +90,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node |
-
-
-<a name="service.RequestVerificationHeader.Sign"></a>
-
-### Message RequestVerificationHeader.Sign
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| Sign | [bytes](#bytes) |  | Sign is signature of the request or session key. |
-| Peer | [bytes](#bytes) |  | Peer is compressed public key used for signature. |
+| Token | [Token](#service.Token) |  | Token is a token of the session within which the request is sent |
 
 
 <a name="service.RequestVerificationHeader.Signature"></a>
@@ -110,11 +101,57 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
 
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Sign | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) |  | Sign is a signature and public key of the request. |
-| Origin | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) |  | Origin used for requests, when trusted node changes it and re-sign with session key. If session key used for signature request, then Origin should contain public key of user and signed session key. |
+| Sign | [bytes](#bytes) |  | Sign is signature of the request or session key. |
+| Peer | [bytes](#bytes) |  | Peer is compressed public key used for signature. |
+
+
+<a name="service.Token"></a>
+
+### Message Token
+User token granting rights for object manipulation
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| TokenInfo | [Token.Info](#service.Token.Info) |  | TokenInfo is a grouped information about token |
+| Signature | [bytes](#bytes) |  | Signature is a signature of session token information |
+
+
+<a name="service.Token.Info"></a>
+
+### Message Token.Info
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ID | [bytes](#bytes) |  | ID is a token identifier. valid UUIDv4 represented in bytes |
+| OwnerID | [bytes](#bytes) |  | OwnerID is an owner of manipulation object |
+| verb | [Token.Info.Verb](#service.Token.Info.Verb) |  | Verb is a type of request for which the token is issued |
+| Address | [refs.Address](#refs.Address) |  | Address is an object address for which token is issued |
+| Created | [uint64](#uint64) |  | Created is an initial epoch of token lifetime |
+| ValidUntil | [uint64](#uint64) |  | ValidUntil is a last epoch of token lifetime |
+| SessionKey | [bytes](#bytes) |  | SessionKey is a public key of session key |
 
  <!-- end messages -->
 
+
+<a name="service.Token.Info.Verb"></a>
+
+### Token.Info.Verb
+Verb is an enumeration of session request types
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Put | 0 | Put refers to object.Put RPC call |
+| Get | 1 | Get refers to object.Get RPC call |
+| Head | 2 | Head refers to object.Head RPC call |
+| Search | 3 | Search refers to object.Search RPC call |
+| Delete | 4 | Delete refers to object.Delete RPC call |
+| Range | 5 | Range refers to object.GetRange RPC call |
+| RangeHash | 6 | RangeHash refers to object.GetRangeHash RPC call |
+
+
  <!-- end enums -->
 
 
diff --git a/docs/session.md b/docs/session.md
index ba615c3..4a537e6 100644
--- a/docs/session.md
+++ b/docs/session.md
@@ -12,13 +12,6 @@
     - [CreateResponse](#session.CreateResponse)
     
 
-- [session/types.proto](#session/types.proto)
-
-  - Messages
-    - [Token](#session.Token)
-    - [VerificationHeader](#session.VerificationHeader)
-    
-
 - [Scalar Value Types](#scalar-value-types)
 
 
@@ -68,8 +61,8 @@ session key. Session is established during 4-step handshake in one gRPC stream
 
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Init | [Token](#session.Token) |  | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
-| Signed | [Token](#session.Token) |  | Signed Init message response (Unsigned) from server with user private key |
+| Init | [service.Token](#service.Token) |  | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
+| Signed | [service.Token](#service.Token) |  | Signed Init message response (Unsigned) from server with user private key |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
 
@@ -82,52 +75,8 @@ session key. Session is established during 4-step handshake in one gRPC stream
 
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Unsigned | [Token](#session.Token) |  | Unsigned token with token ID and session public key generated on server side |
-| Result | [Token](#session.Token) |  | Result is a resulting token which can be used for object placing through an trusted intermediary |
-
- <!-- end messages -->
-
- <!-- end enums -->
-
-
-
-<a name="session/types.proto"></a>
-<p align="right"><a href="#top">Top</a></p>
-
-## session/types.proto
-
-
- <!-- end services -->
-
-
-<a name="session.Token"></a>
-
-### Message Token
-User token granting rights for object manipulation
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| Header | [VerificationHeader](#session.VerificationHeader) |  | Header carries verification data of session key |
-| OwnerID | [bytes](#bytes) |  | OwnerID is an owner of manipulation object |
-| FirstEpoch | [uint64](#uint64) |  | FirstEpoch is an initial epoch of token lifetime |
-| LastEpoch | [uint64](#uint64) |  | LastEpoch is a last epoch of token lifetime |
-| ObjectID | [bytes](#bytes) | repeated | ObjectID is an object identifier of manipulation object |
-| Signature | [bytes](#bytes) |  | Signature is a token signature, signed by owner of manipulation object |
-| ID | [bytes](#bytes) |  | ID is a token identifier. valid UUIDv4 represented in bytes |
-| PublicKeys | [bytes](#bytes) | repeated | PublicKeys associated with owner |
-
-
-<a name="session.VerificationHeader"></a>
-
-### Message VerificationHeader
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| PublicKey | [bytes](#bytes) |  | PublicKey is a session public key |
-| KeySignature | [bytes](#bytes) |  | KeySignature is a session public key signature. Signed by trusted side |
+| Unsigned | [service.Token](#service.Token) |  | Unsigned token with token ID and session public key generated on server side |
+| Result | [service.Token](#service.Token) |  | Result is a resulting token which can be used for object placing through an trusted intermediary |
 
  <!-- end messages -->