Merge pull request #67 from nspcc-dev/update-to-neofs-api-0.7.2

Update to neofs api 0.7.2
2020-04-28 14:33:50 +03:00 · 2020-04-28 14:33:50 +03:00 · 6c705e079f
commit 6c705e079f
parent 0cf8e19f36 4ac17201b7
29 changed files with 1121 additions and 1919 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-PROTO_VERSION=v0.7.1
+PROTO_VERSION=v0.7.2
 PROTO_URL=https://github.com/nspcc-dev/neofs-api/archive/$(PROTO_VERSION).tar.gz
 B=\033[0;1m
--- a/docs/object.md
+++ b/docs/object.md
@ -149,7 +149,6 @@ calculated for XORed data.
 | ----- | ---- | ----- | ----------- |
 | Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
 | OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
 | Token | [session.Token](#session.Token) |  | Token with session public key and user's signature |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@ -228,7 +227,6 @@ in distributed system.
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
 | Raw | [bool](#bool) |  | Raw is the request flag of a physically stored representation of an object |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@ -256,7 +254,6 @@ in distributed system.
 | ----- | ---- | ----- | ----------- |
 | Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
 | FullHeaders | [bool](#bool) |  | FullHeaders can be set true for extended headers in the object |
 | Raw | [bool](#bool) |  | Raw is the request flag of a physically stored representation of an object |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@ -296,7 +293,6 @@ in distributed system.
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Object | [Object](#object.Object) |  | Object with at least container id and owner id fields |
 | Token | [session.Token](#session.Token) |  | Token with session public key and user's signature |
 | CopiesNumber | [uint32](#uint32) |  | Number of the object copies to store within the RPC call (zero is processed according to the placement rules) |
@ -378,7 +374,7 @@ in distributed system.
 | UserHeader | [UserHeader](#object.UserHeader) |  | UserHeader is a set of KV headers defined by user |
 | Transform | [Transform](#object.Transform) |  | Transform defines transform operation (e.g. payload split) |
 | Tombstone | [Tombstone](#object.Tombstone) |  | Tombstone header that set up in deleted objects |
-| Verify | [session.VerificationHeader](#session.VerificationHeader) |  | Verify header that contains session public key and user's signature |
+| Token | [service.Token](#service.Token) |  | Token header contains token of the session within which the object was created |
 | HomoHash | [bytes](#bytes) |  | HomoHash is a homomorphic hash of original object payload |
 | PayloadChecksum | [bytes](#bytes) |  | PayloadChecksum of actual object's payload |
 | Integrity | [IntegrityHeader](#object.IntegrityHeader) |  | Integrity header with checksum of all above headers in the object |
--- a/docs/service.md
+++ b/docs/service.md
@ -14,8 +14,9 @@
  - Messages
    - [RequestVerificationHeader](#service.RequestVerificationHeader)
    - [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign)
    - [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
    - [Token](#service.Token)
    - [Token.Info](#service.Token.Info)
 - [service/verify_test.proto](#service/verify_test.proto)
@ -49,6 +50,7 @@ RequestMetaHeader contains information about request meta headers
 | TTL | [uint32](#uint32) |  | TTL must be larger than zero, it decreased in every NeoFS Node |
 | Epoch | [uint64](#uint64) |  | Epoch for user can be empty, because node sets epoch to the actual value |
 | Version | [uint32](#uint32) |  | Version defines protocol version TODO: not used for now, should be implemented in future |
 | Raw | [bool](#bool) |  | Raw determines whether the request is raw or not |
 <a name="service.ResponseMetaHeader"></a>
@ -88,18 +90,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node |
-
+| Token | [Token](#service.Token) |  | Token is a token of the session within which the request is sent |
 <a name="service.RequestVerificationHeader.Sign"></a>
 ### Message RequestVerificationHeader.Sign
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Sign | [bytes](#bytes) |  | Sign is signature of the request or session key. |
 | Peer | [bytes](#bytes) |  | Peer is compressed public key used for signature. |
 <a name="service.RequestVerificationHeader.Signature"></a>
@ -110,11 +101,57 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Sign | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) |  | Sign is a signature and public key of the request. |
+| Sign | [bytes](#bytes) |  | Sign is signature of the request or session key. |
-| Origin | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) |  | Origin used for requests, when trusted node changes it and re-sign with session key. If session key used for signature request, then Origin should contain public key of user and signed session key. |
+| Peer | [bytes](#bytes) |  | Peer is compressed public key used for signature. |
 <a name="service.Token"></a>
 ### Message Token
 User token granting rights for object manipulation
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | TokenInfo | [Token.Info](#service.Token.Info) |  | TokenInfo is a grouped information about token |
 | Signature | [bytes](#bytes) |  | Signature is a signature of session token information |
 <a name="service.Token.Info"></a>
 ### Message Token.Info
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | ID | [bytes](#bytes) |  | ID is a token identifier. valid UUIDv4 represented in bytes |
 | OwnerID | [bytes](#bytes) |  | OwnerID is an owner of manipulation object |
 | verb | [Token.Info.Verb](#service.Token.Info.Verb) |  | Verb is a type of request for which the token is issued |
 | Address | [refs.Address](#refs.Address) |  | Address is an object address for which token is issued |
 | Created | [uint64](#uint64) |  | Created is an initial epoch of token lifetime |
 | ValidUntil | [uint64](#uint64) |  | ValidUntil is a last epoch of token lifetime |
 | SessionKey | [bytes](#bytes) |  | SessionKey is a public key of session key |
 <!-- end messages -->
 <a name="service.Token.Info.Verb"></a>
 ### Token.Info.Verb
 Verb is an enumeration of session request types
 | Name | Number | Description |
 | ---- | ------ | ----------- |
 | Put | 0 | Put refers to object.Put RPC call |
 | Get | 1 | Get refers to object.Get RPC call |
 | Head | 2 | Head refers to object.Head RPC call |
 | Search | 3 | Search refers to object.Search RPC call |
 | Delete | 4 | Delete refers to object.Delete RPC call |
 | Range | 5 | Range refers to object.GetRange RPC call |
 | RangeHash | 6 | RangeHash refers to object.GetRangeHash RPC call |
 <!-- end enums -->
--- a/docs/session.md
+++ b/docs/session.md
@ -12,13 +12,6 @@
    - [CreateResponse](#session.CreateResponse)
 - [session/types.proto](#session/types.proto)
  - Messages
    - [Token](#session.Token)
    - [VerificationHeader](#session.VerificationHeader)
 - [Scalar Value Types](#scalar-value-types)
@ -68,8 +61,8 @@ session key. Session is established during 4-step handshake in one gRPC stream
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Init | [Token](#session.Token) |  | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
+| Init | [service.Token](#service.Token) |  | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
-| Signed | [Token](#session.Token) |  | Signed Init message response (Unsigned) from server with user private key |
+| Signed | [service.Token](#service.Token) |  | Signed Init message response (Unsigned) from server with user private key |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@ -82,52 +75,8 @@ session key. Session is established during 4-step handshake in one gRPC stream
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Unsigned | [Token](#session.Token) |  | Unsigned token with token ID and session public key generated on server side |
+| Unsigned | [service.Token](#service.Token) |  | Unsigned token with token ID and session public key generated on server side |
-| Result | [Token](#session.Token) |  | Result is a resulting token which can be used for object placing through an trusted intermediary |
+| Result | [service.Token](#service.Token) |  | Result is a resulting token which can be used for object placing through an trusted intermediary |
 <!-- end messages -->
 <!-- end enums -->
 <a name="session/types.proto"></a>
 <p align="right"><a href="#top">Top</a></p>
 ## session/types.proto
 <!-- end services -->
 <a name="session.Token"></a>
 ### Message Token
 User token granting rights for object manipulation
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Header | [VerificationHeader](#session.VerificationHeader) |  | Header carries verification data of session key |
 | OwnerID | [bytes](#bytes) |  | OwnerID is an owner of manipulation object |
 | FirstEpoch | [uint64](#uint64) |  | FirstEpoch is an initial epoch of token lifetime |
 | LastEpoch | [uint64](#uint64) |  | LastEpoch is a last epoch of token lifetime |
 | ObjectID | [bytes](#bytes) | repeated | ObjectID is an object identifier of manipulation object |
 | Signature | [bytes](#bytes) |  | Signature is a token signature, signed by owner of manipulation object |
 | ID | [bytes](#bytes) |  | ID is a token identifier. valid UUIDv4 represented in bytes |
 | PublicKeys | [bytes](#bytes) | repeated | PublicKeys associated with owner |
 <a name="session.VerificationHeader"></a>
 ### Message VerificationHeader
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | PublicKey | [bytes](#bytes) |  | PublicKey is a session public key |
 | KeySignature | [bytes](#bytes) |  | KeySignature is a session public key signature. Signed by trusted side |
 <!-- end messages -->
--- a/object/extensions.go
+++ b/object/extensions.go
@ -19,21 +19,6 @@ func (m Object) IsLinking() bool {
 	return false
 }
 // VerificationHeader returns verification header if it is presented in extended headers.
 func (m Object) VerificationHeader() (*VerificationHeader, error) {
 	_, vh := m.LastHeader(HeaderType(VerifyHdr))
 	if vh == nil {
 		return nil, ErrHeaderNotFound
 	}
 	return vh.Value.(*Header_Verify).Verify, nil
 }
 // SetVerificationHeader sets verification header in the object.
 // It will replace existing verification header or add a new one.
 func (m *Object) SetVerificationHeader(header *VerificationHeader) {
 	m.SetHeader(&Header{Value: &Header_Verify{Verify: header}})
 }
 // Links returns slice of ids of specified link type
 func (m *Object) Links(t Link_Type) []ID {
 	var res []ID
--- a/object/service.pb.go
+++ b/object/service.pb.go
@ -10,7 +10,6 @@ import (
 	proto "github.com/golang/protobuf/proto"
 	refs "github.com/nspcc-dev/neofs-api-go/refs"
 	service "github.com/nspcc-dev/neofs-api-go/service"
 	session "github.com/nspcc-dev/neofs-api-go/session"
 	grpc "google.golang.org/grpc"
 	codes "google.golang.org/grpc/codes"
 	status "google.golang.org/grpc/status"
@ -33,8 +32,6 @@ const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 type GetRequest struct {
 	// Address of object (container id + object id)
 	Address refs.Address `protobuf:"bytes,1,opt,name=Address,proto3" json:"Address"`
 	// Raw is the request flag of a physically stored representation of an object
 	Raw bool `protobuf:"varint,2,opt,name=Raw,proto3" json:"Raw,omitempty"`
 	// RequestMetaHeader contains information about request meta headers (should be embedded into message)
 	service.RequestMetaHeader `protobuf:"bytes,98,opt,name=Meta,proto3,embedded=Meta" json:"Meta"`
 	// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@ -80,13 +77,6 @@ func (m *GetRequest) GetAddress() refs.Address {
 	return refs.Address{}
 }
 func (m *GetRequest) GetRaw() bool {
 	if m != nil {
 		return m.Raw
 	}
 	return false
 }
 type GetResponse struct {
 	// Types that are valid to be assigned to R:
 	//	*GetResponse_Object
@ -264,10 +254,8 @@ func (*PutRequest) XXX_OneofWrappers() []interface{} {
 type PutRequest_PutHeader struct {
 	// Object with at least container id and owner id fields
 	Object *Object `protobuf:"bytes,1,opt,name=Object,proto3" json:"Object,omitempty"`
 	// Token with session public key and user's signature
 	Token *session.Token `protobuf:"bytes,2,opt,name=Token,proto3" json:"Token,omitempty"`
 	// Number of the object copies to store within the RPC call (zero is processed according to the placement rules)
-	CopiesNumber         uint32   `protobuf:"varint,3,opt,name=CopiesNumber,proto3" json:"CopiesNumber,omitempty"`
+	CopiesNumber         uint32   `protobuf:"varint,2,opt,name=CopiesNumber,proto3" json:"CopiesNumber,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@ -309,13 +297,6 @@ func (m *PutRequest_PutHeader) GetObject() *Object {
 	return nil
 }
 func (m *PutRequest_PutHeader) GetToken() *session.Token {
 	if m != nil {
 		return m.Token
 	}
 	return nil
 }
 func (m *PutRequest_PutHeader) GetCopiesNumber() uint32 {
 	if m != nil {
 		return m.CopiesNumber
@ -374,8 +355,6 @@ type DeleteRequest struct {
 	Address refs.Address `protobuf:"bytes,1,opt,name=Address,proto3" json:"Address"`
 	// OwnerID is a wallet address
 	OwnerID OwnerID `protobuf:"bytes,2,opt,name=OwnerID,proto3,customtype=OwnerID" json:"OwnerID"`
 	// Token with session public key and user's signature
 	Token *session.Token `protobuf:"bytes,3,opt,name=Token,proto3" json:"Token,omitempty"`
 	// RequestMetaHeader contains information about request meta headers (should be embedded into message)
 	service.RequestMetaHeader `protobuf:"bytes,98,opt,name=Meta,proto3,embedded=Meta" json:"Meta"`
 	// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@ -421,13 +400,6 @@ func (m *DeleteRequest) GetAddress() refs.Address {
 	return refs.Address{}
 }
 func (m *DeleteRequest) GetToken() *session.Token {
 	if m != nil {
 		return m.Token
 	}
 	return nil
 }
 // DeleteResponse is empty because we cannot guarantee permanent object removal
 // in distributed system.
 type DeleteResponse struct {
@ -472,8 +444,6 @@ type HeadRequest struct {
 	Address Address `protobuf:"bytes,1,opt,name=Address,proto3,customtype=Address" json:"Address"`
 	// FullHeaders can be set true for extended headers in the object
 	FullHeaders bool `protobuf:"varint,2,opt,name=FullHeaders,proto3" json:"FullHeaders,omitempty"`
 	// Raw is the request flag of a physically stored representation of an object
 	Raw bool `protobuf:"varint,3,opt,name=Raw,proto3" json:"Raw,omitempty"`
 	// RequestMetaHeader contains information about request meta headers (should be embedded into message)
 	service.RequestMetaHeader `protobuf:"bytes,98,opt,name=Meta,proto3,embedded=Meta" json:"Meta"`
 	// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@ -519,13 +489,6 @@ func (m *HeadRequest) GetFullHeaders() bool {
 	return false
 }
 func (m *HeadRequest) GetRaw() bool {
 	if m != nil {
 		return m.Raw
 	}
 	return false
 }
 type HeadResponse struct {
 	// Object without payload
 	Object *Object `protobuf:"bytes,1,opt,name=Object,proto3" json:"Object,omitempty"`
@ -906,65 +869,62 @@ func init() {
 func init() { proto.RegisterFile("object/service.proto", fileDescriptor_dfcdf610ade6a9ce) }
 var fileDescriptor_dfcdf610ade6a9ce = []byte{
-	// 924 bytes of a gzipped FileDescriptorProto
+	// 876 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x57, 0xcf, 0x6f, 0x1b, 0x45,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x56, 0x4b, 0x6f, 0x22, 0x47,
-	0x14, 0xce, 0x78, 0x9d, 0x4d, 0xfa, 0x6c, 0xa7, 0xd1, 0xc4, 0x14, 0x6b, 0x5b, 0x39, 0x91, 0x55,
+	0x10, 0xa6, 0x01, 0x8f, 0x71, 0x31, 0xd8, 0x56, 0x9b, 0x38, 0x68, 0x6c, 0x61, 0x0b, 0x45, 0x11,
-	0x21, 0x23, 0xe4, 0x75, 0x28, 0x12, 0x94, 0x13, 0xaa, 0x13, 0xa5, 0x89, 0x10, 0x4d, 0x3a, 0x41,
+	0x51, 0xc4, 0xe0, 0x38, 0x52, 0xe2, 0x9c, 0x22, 0x03, 0xb2, 0x41, 0x51, 0xfc, 0x18, 0x24, 0x47,
-	0x3d, 0x70, 0x5b, 0x6f, 0x5e, 0x9c, 0xa5, 0xc9, 0xae, 0xbb, 0xb3, 0x9b, 0x28, 0x07, 0xb8, 0x71,
+	0xca, 0x6d, 0x18, 0x1a, 0x98, 0x04, 0x66, 0xf0, 0x3c, 0x6c, 0xf9, 0x92, 0x5b, 0xce, 0xb9, 0xe6,
-	0xee, 0x95, 0x23, 0x67, 0xfe, 0x92, 0x5e, 0x90, 0x7a, 0x44, 0x1c, 0xa2, 0x2a, 0x1c, 0xf9, 0x07,
+	0xb8, 0xe7, 0xfd, 0x09, 0xbb, 0x7f, 0xc0, 0x47, 0x1f, 0x57, 0x7b, 0xb0, 0x56, 0xec, 0x69, 0xb5,
-	0x90, 0xb8, 0xa0, 0xf9, 0xb5, 0x3f, 0x52, 0x12, 0xc0, 0x3e, 0xb8, 0x27, 0xcf, 0x7c, 0xef, 0x7b,
+	0x7f, 0x60, 0x8f, 0xab, 0xe9, 0xee, 0x79, 0xd9, 0xcb, 0x3e, 0xe0, 0xc0, 0x69, 0xba, 0xbf, 0xfa,
-	0x6f, 0xe6, 0x7d, 0xf3, 0xe6, 0x8d, 0x17, 0x9a, 0xd1, 0xf0, 0x5b, 0xf4, 0x93, 0x3e, 0xc7, 0xf8,
+	0xaa, 0xba, 0xea, 0xeb, 0xea, 0xee, 0x81, 0xbc, 0xd9, 0xf9, 0x8b, 0x68, 0x4e, 0xd5, 0x26, 0xd6,
-	0x34, 0xf0, 0xd1, 0x1d, 0xc7, 0x51, 0x12, 0x51, 0x5b, 0xa1, 0xce, 0x72, 0x8c, 0x87, 0xbc, 0x9f,
+	0x95, 0xae, 0x11, 0x79, 0x6c, 0x99, 0x8e, 0x89, 0x05, 0x86, 0x4a, 0xeb, 0x16, 0xe9, 0xd9, 0x55,
-	0x9c, 0x8f, 0x91, 0x2b, 0x8b, 0x43, 0x35, 0xbf, 0x88, 0xad, 0x70, 0xe4, 0x3c, 0x88, 0xc2, 0x32,
+	0xe7, 0x66, 0x4c, 0x6c, 0x66, 0x91, 0x30, 0xe7, 0xc7, 0x30, 0xee, 0x5c, 0x1d, 0x11, 0x47, 0xe5,
-	0x51, 0x47, 0xec, 0x9f, 0x60, 0xe2, 0x69, 0xac, 0x69, 0xb0, 0x53, 0x8c, 0x83, 0xc3, 0x73, 0x8d,
+	0x58, 0xde, 0xc7, 0xae, 0x88, 0xa5, 0xf7, 0x6e, 0x38, 0x5a, 0xe9, 0xeb, 0xce, 0xc0, 0xed, 0xc8,
-	0xf6, 0x46, 0x41, 0x72, 0x94, 0x0e, 0x5d, 0x3f, 0x3a, 0xe9, 0x8f, 0xa2, 0x51, 0xd4, 0x97, 0xf0,
+	0x9a, 0x39, 0xaa, 0xf6, 0xcd, 0xbe, 0x59, 0xa5, 0x70, 0xc7, 0xed, 0xd1, 0x19, 0x9d, 0xd0, 0x11,
-	0x30, 0x3d, 0x94, 0x33, 0x39, 0x91, 0x23, 0x45, 0xef, 0xfc, 0x42, 0x00, 0x1e, 0x63, 0xc2, 0xf0,
+	0xa3, 0x97, 0x9e, 0x23, 0x80, 0x63, 0xe2, 0x28, 0xe4, 0xd2, 0x25, 0xb6, 0x83, 0x2b, 0xb0, 0x7c,
-	0x45, 0x8a, 0x3c, 0xa1, 0x3d, 0x58, 0x78, 0x74, 0x70, 0x10, 0x23, 0xe7, 0x2d, 0xb2, 0x46, 0xba,
+	0xd8, 0xed, 0x5a, 0xc4, 0xb6, 0x0b, 0x68, 0x17, 0x95, 0xb3, 0xfb, 0x39, 0xd9, 0xcb, 0x4f, 0xe6,
-	0xb5, 0x07, 0x0d, 0x57, 0x6c, 0xda, 0xd5, 0xe0, 0xa0, 0xfa, 0xea, 0x62, 0x75, 0x8e, 0x19, 0x0e,
+	0x60, 0x2d, 0x7d, 0x7b, 0xbf, 0x93, 0x50, 0x7c, 0x0e, 0x3e, 0x80, 0xf4, 0xef, 0xc4, 0x51, 0x0b,
-	0x5d, 0x06, 0x8b, 0x79, 0x67, 0xad, 0xca, 0x1a, 0xe9, 0x2e, 0x32, 0x31, 0xa4, 0x0f, 0xa1, 0xfa,
+	0x1d, 0xca, 0x95, 0x64, 0xbf, 0x44, 0x1e, 0xce, 0xb3, 0x35, 0x89, 0xda, 0x25, 0x56, 0x2d, 0xe3,
-	0x15, 0x26, 0x5e, 0x6b, 0x28, 0xbd, 0x1d, 0xd7, 0x28, 0xa1, 0x17, 0x10, 0xb6, 0x6d, 0xf4, 0x0e,
+	0x39, 0xde, 0xdd, 0xef, 0x20, 0x85, 0x7a, 0xe0, 0x06, 0x08, 0x17, 0x34, 0xed, 0x82, 0x46, 0x7d,
-	0x30, 0x1e, 0x2c, 0x8a, 0x50, 0xaf, 0x2f, 0x56, 0x09, 0x93, 0x1e, 0x74, 0x13, 0xec, 0x67, 0x32,
+	0x4b, 0x0f, 0x7d, 0xa9, 0x55, 0xd7, 0x54, 0x47, 0x37, 0x8d, 0x47, 0x31, 0xb8, 0x6f, 0xe9, 0x3f,
-	0x91, 0x96, 0x2f, 0x7d, 0x3b, 0x57, 0x7d, 0xa5, 0x35, 0xf0, 0xbd, 0x24, 0x88, 0xc2, 0xb7, 0x62,
+	0x04, 0x59, 0x9a, 0xbd, 0x3d, 0x36, 0x0d, 0x9b, 0xe0, 0x32, 0x70, 0x59, 0x79, 0xf6, 0xab, 0x32,
-	0x68, 0xdf, 0xce, 0x4b, 0x02, 0x35, 0x99, 0x0f, 0x1f, 0x47, 0x21, 0x47, 0xda, 0x05, 0xad, 0xbe,
+	0x9b, 0xca, 0xa7, 0xf4, 0xd3, 0x4c, 0x28, 0xdc, 0x8e, 0x37, 0x61, 0xa9, 0x3e, 0x70, 0x8d, 0xbf,
-	0xce, 0x67, 0xc9, 0x55, 0x53, 0x77, 0x57, 0xfe, 0x6c, 0xcf, 0x31, 0x6d, 0xa7, 0x77, 0x60, 0x7e,
+	0x0b, 0xc9, 0x5d, 0x54, 0x16, 0x9b, 0x09, 0x85, 0x4d, 0xf1, 0x2f, 0xbc, 0x22, 0x96, 0xd5, 0x56,
-	0xe3, 0x28, 0x0d, 0x9f, 0xcb, 0x6c, 0xea, 0xdb, 0x73, 0x4c, 0x4d, 0xe9, 0xe7, 0x3a, 0x23, 0xb5,
+	0x24, 0x2b, 0xb6, 0xc4, 0xf4, 0x92, 0x6a, 0x29, 0x40, 0x4a, 0xe9, 0x59, 0x12, 0xe0, 0xcc, 0x0d,
-	0xab, 0xbb, 0x85, 0x5d, 0xa9, 0x25, 0xae, 0x4f, 0x69, 0x60, 0x01, 0x61, 0x9d, 0x37, 0x15, 0x80,
+	0xf4, 0xfc, 0x09, 0x04, 0xc6, 0xe6, 0x09, 0x6d, 0xfb, 0x09, 0x85, 0x1c, 0x6f, 0xc8, 0x38, 0x5e,
-	0xbd, 0x34, 0x53, 0xf8, 0x53, 0xb0, 0x15, 0x5b, 0x6f, 0xe8, 0x9e, 0xd9, 0x50, 0xce, 0x11, 0x43,
+	0x7a, 0x6c, 0x34, 0x35, 0xbd, 0x05, 0x0b, 0x2e, 0xfd, 0x01, 0x2b, 0x41, 0xba, 0xf8, 0x5b, 0x10,
-	0xc5, 0x11, 0xdb, 0x53, 0xa3, 0x6b, 0xb7, 0x37, 0x63, 0xc1, 0x9d, 0xef, 0xe0, 0x56, 0xb6, 0x5d,
+	0x4e, 0x3f, 0xa2, 0xb6, 0xc2, 0xad, 0xb8, 0x04, 0x62, 0xdd, 0x1c, 0xeb, 0xc4, 0x3e, 0x71, 0x47,
-	0xfa, 0x01, 0xd8, 0xbb, 0x37, 0xa8, 0xcd, 0xb4, 0x95, 0xde, 0x87, 0xf9, 0xaf, 0xa3, 0xe7, 0x18,
+	0x1d, 0x62, 0xd1, 0x9a, 0x72, 0x4a, 0x0c, 0x63, 0xe2, 0x5d, 0x43, 0x96, 0xea, 0xc2, 0x77, 0xf3,
-	0xca, 0x64, 0x04, 0x4d, 0xd7, 0xbc, 0x2b, 0x51, 0xa6, 0x8c, 0xb4, 0x03, 0xf5, 0x8d, 0x68, 0x1c,
+	0x0b, 0x9b, 0x71, 0xf6, 0xad, 0x2b, 0xbd, 0x41, 0x90, 0x6b, 0x90, 0x21, 0x71, 0xc8, 0x8c, 0x07,
-	0x20, 0x7f, 0x92, 0x9e, 0x0c, 0x31, 0x6e, 0x59, 0x6b, 0xa4, 0xdb, 0x60, 0x25, 0x4c, 0x49, 0x7c,
+	0xe1, 0x3b, 0x58, 0x3e, 0xbd, 0x36, 0x88, 0xd5, 0x6a, 0xb0, 0x1d, 0xab, 0xad, 0x79, 0xf6, 0x97,
-	0x06, 0x35, 0xa9, 0x9e, 0x3e, 0xf3, 0xff, 0x59, 0xc4, 0x93, 0x1f, 0x70, 0xe7, 0x65, 0x05, 0x1a,
+	0xf7, 0x3b, 0x3e, 0xac, 0xf8, 0x83, 0x85, 0x9f, 0x99, 0xdf, 0x60, 0xd5, 0x2f, 0x95, 0xeb, 0x3c,
-	0x9b, 0x78, 0x8c, 0x09, 0x4e, 0x78, 0x81, 0x3e, 0x84, 0x85, 0xdd, 0xb3, 0x10, 0xe3, 0x9d, 0x4d,
+	0x9f, 0x70, 0x59, 0xcf, 0xe4, 0xcb, 0x76, 0xf0, 0x09, 0xd9, 0x02, 0x59, 0x38, 0x10, 0x2a, 0xb8,
-	0x75, 0xae, 0x83, 0xdb, 0xc2, 0xfe, 0xdb, 0xc5, 0xaa, 0x81, 0x99, 0x19, 0xe4, 0x9a, 0x59, 0x37,
+	0x0b, 0xd9, 0x23, 0x77, 0x38, 0x64, 0xeb, 0xd8, 0x54, 0xc5, 0x8c, 0x12, 0x85, 0x16, 0x2e, 0xdc,
-	0x69, 0x36, 0xeb, 0xfb, 0xf7, 0x25, 0x2c, 0x19, 0x41, 0xf4, 0x69, 0x4c, 0x21, 0xef, 0x5f, 0x04,
+	0x25, 0x88, 0xac, 0x54, 0x2e, 0xdb, 0xe7, 0xb6, 0xff, 0x1c, 0xf2, 0xbe, 0x43, 0x90, 0x6b, 0x13,
-	0x6a, 0xc2, 0x64, 0xc4, 0x7d, 0xf8, 0x2f, 0xe2, 0x66, 0xe2, 0x69, 0x20, 0xd7, 0x79, 0x0d, 0x6a,
+	0xd5, 0xd2, 0x06, 0x61, 0x5f, 0x66, 0xeb, 0xa6, 0xe1, 0xa8, 0x3a, 0x6b, 0x36, 0x44, 0x9b, 0x2d,
-	0x5b, 0xe9, 0xf1, 0xb1, 0x5a, 0x87, 0xeb, 0x86, 0x55, 0x84, 0x4c, 0x2b, 0xb3, 0xde, 0x9d, 0x56,
+	0xcb, 0x55, 0x4d, 0xd5, 0x5b, 0x0d, 0x25, 0x6a, 0xc7, 0x79, 0x58, 0x3a, 0x77, 0x89, 0x75, 0xc3,
-	0xf6, 0x02, 0xea, 0x2a, 0x79, 0x2d, 0xe4, 0x7f, 0xbd, 0x5c, 0x53, 0x08, 0xfe, 0x27, 0x81, 0xc6,
+	0xba, 0x52, 0x61, 0x13, 0xef, 0x40, 0xd2, 0xc1, 0x05, 0xb1, 0x6c, 0xdd, 0x34, 0x0a, 0x29, 0x76,
-	0x3e, 0x7a, 0xb1, 0x7f, 0x94, 0xd7, 0x73, 0x6d, 0x23, 0x0a, 0x13, 0x2f, 0x50, 0x45, 0x4a, 0x64,
+	0x20, 0xa3, 0xd8, 0xc2, 0xd5, 0xfe, 0x07, 0x56, 0xfd, 0xca, 0xb9, 0xde, 0x3f, 0xc0, 0x0a, 0x6f,
-	0x91, 0xd6, 0xb4, 0xce, 0xd6, 0xc6, 0xce, 0x26, 0x2b, 0xda, 0x69, 0x13, 0xe6, 0x9f, 0xa6, 0x18,
+	0x16, 0xe2, 0x75, 0x57, 0x6a, 0xda, 0xa1, 0x0c, 0x59, 0xf3, 0x48, 0xff, 0x16, 0xc1, 0x9a, 0xf7,
-	0x9f, 0xab, 0x6a, 0x66, 0x6a, 0x22, 0x2e, 0xb2, 0x1c, 0x3c, 0xc3, 0x58, 0x54, 0xac, 0xb9, 0xc8,
+	0xb4, 0xa8, 0x46, 0x7f, 0xf6, 0x4b, 0x61, 0x89, 0xba, 0x53, 0xf1, 0x3d, 0x32, 0xef, 0x0f, 0x0a,
-	0x45, 0x6c, 0xe6, 0x6a, 0x7f, 0x0f, 0x4b, 0x26, 0x73, 0xad, 0xf7, 0xc7, 0x70, 0x4b, 0x97, 0x0f,
+	0x72, 0x32, 0x63, 0x2c, 0x5c, 0x6d, 0x1d, 0xd6, 0xc3, 0x62, 0xb9, 0xde, 0x12, 0x64, 0x8e, 0x2c,
-	0x8a, 0x7a, 0xb3, 0xae, 0xbb, 0xcc, 0x39, 0x6b, 0x1a, 0xe9, 0xff, 0x20, 0x70, 0x5b, 0x3c, 0x5c,
+	0xb5, 0x3f, 0x22, 0x06, 0xeb, 0x70, 0x51, 0x09, 0xe6, 0xf3, 0x08, 0xfb, 0x6f, 0x12, 0x36, 0xfc,
-	0x5e, 0x38, 0x9a, 0xbc, 0x99, 0xcc, 0x4b, 0x77, 0xdd, 0x55, 0x1b, 0xa6, 0x3e, 0x24, 0xa8, 0xc9,
+	0xb5, 0x9a, 0xaa, 0x3d, 0x98, 0x51, 0xdc, 0xef, 0x41, 0xa0, 0x21, 0xbc, 0xab, 0x22, 0x35, 0x4d,
-	0x8a, 0x31, 0x73, 0xb5, 0x03, 0x58, 0xce, 0x93, 0xd5, 0x7a, 0x3b, 0xb0, 0xb8, 0x15, 0x7b, 0xa3,
+	0x5d, 0x4e, 0xc1, 0x18, 0xd2, 0x6d, 0x75, 0xe8, 0xd0, 0x46, 0x17, 0x15, 0x3a, 0x5e, 0xb8, 0xe4,
-	0x13, 0x0c, 0x55, 0x85, 0xd7, 0x59, 0x36, 0x9f, 0x46, 0xd8, 0x1f, 0x2a, 0xb0, 0x62, 0xd6, 0xda,
+	0xd7, 0x90, 0x8f, 0xcb, 0xc0, 0x65, 0xff, 0x06, 0x04, 0x6f, 0xce, 0x7b, 0x5c, 0xac, 0x89, 0xfc,
-	0xf6, 0xf8, 0xd1, 0x84, 0xe2, 0x7e, 0x04, 0xb6, 0x0c, 0x21, 0x9a, 0x87, 0x75, 0x9d, 0xba, 0x9a,
+	0x70, 0xa7, 0x29, 0x8b, 0xdb, 0xe6, 0xd8, 0x80, 0xfd, 0x27, 0x29, 0x58, 0x6e, 0x33, 0x3a, 0xde,
-	0x42, 0x29, 0x54, 0xf7, 0xbd, 0xe3, 0x44, 0x16, 0x7a, 0x9d, 0xc9, 0xf1, 0xcc, 0x25, 0x3f, 0x83,
+	0x83, 0xd4, 0x31, 0x71, 0x30, 0xf6, 0xc5, 0x0b, 0x7f, 0x05, 0xa5, 0x8d, 0x18, 0xc6, 0xa2, 0xee,
-	0x66, 0x59, 0x06, 0x2d, 0xfb, 0x7d, 0xb0, 0xc5, 0x5c, 0xd7, 0x78, 0x7d, 0x50, 0xd7, 0x97, 0xbb,
+	0x21, 0xcf, 0xe3, 0xcc, 0x8d, 0x78, 0x84, 0x3f, 0x32, 0xa1, 0x47, 0xe4, 0x11, 0x2f, 0x23, 0xfc,
-	0x2a, 0x59, 0xda, 0x36, 0xc5, 0x01, 0x3c, 0xf8, 0xc9, 0x82, 0x85, 0x7d, 0x45, 0xa7, 0xeb, 0x60,
+	0x33, 0x08, 0xec, 0xc1, 0xc1, 0x5f, 0xf9, 0x84, 0xd8, 0x5b, 0x2b, 0x6d, 0x3e, 0x84, 0x83, 0x03,
-	0x3d, 0xc6, 0x84, 0x52, 0x23, 0x5e, 0xfe, 0xd7, 0xd3, 0x59, 0x29, 0x61, 0x2a, 0xea, 0x3a, 0x11,
+	0x9f, 0xf6, 0x4a, 0xc0, 0x41, 0xdc, 0xc8, 0x4b, 0x23, 0xe5, 0xe3, 0x60, 0xf0, 0x94, 0x09, 0xec,
-	0x1e, 0x7b, 0x69, 0xc1, 0x23, 0xff, 0x9b, 0x94, 0x7b, 0x14, 0x1e, 0xff, 0x2e, 0xa1, 0x9f, 0x81,
+	0xd6, 0x08, 0xd7, 0x8a, 0xdd, 0x9f, 0xe1, 0x5a, 0xf1, 0xcb, 0x65, 0x0f, 0xe1, 0x5f, 0x21, 0xe3,
-	0xad, 0x9e, 0x20, 0xfa, 0x9e, 0x21, 0x94, 0xde, 0x68, 0xe7, 0xce, 0x55, 0x38, 0xbb, 0xf0, 0x55,
+	0xef, 0x07, 0xfe, 0x3a, 0x5a, 0x7b, 0xe4, 0x06, 0x90, 0x0a, 0x8f, 0x0d, 0x41, 0x80, 0x16, 0x88,
-	0x91, 0x02, 0xcd, 0xe2, 0x16, 0xde, 0x1e, 0xa7, 0x59, 0x06, 0xb3, 0xc7, 0xcd, 0x56, 0x5d, 0x23,
+	0xd1, 0x0d, 0xc5, 0x5b, 0x0f, 0xb9, 0x91, 0x6e, 0x97, 0xb6, 0x3f, 0x6c, 0x64, 0xc1, 0x6a, 0xe7,
-	0x5f, 0xab, 0xd4, 0x3f, 0xf3, 0xb5, 0xca, 0xcd, 0x65, 0x9d, 0xd0, 0x2f, 0x60, 0xd1, 0x9c, 0x07,
+	0xb7, 0x93, 0x22, 0xba, 0x9b, 0x14, 0xd1, 0x8b, 0x49, 0x11, 0xbd, 0x9a, 0x14, 0xd1, 0xff, 0xaf,
-	0x7d, 0xbf, 0x98, 0x7b, 0xa1, 0x03, 0x38, 0xad, 0xb7, 0x0d, 0x59, 0x80, 0x1d, 0xa8, 0x17, 0x0f,
+	0x8b, 0x89, 0x3f, 0xcb, 0x91, 0x5f, 0x7b, 0xc3, 0x1e, 0x6b, 0x5a, 0xa5, 0x4b, 0xae, 0xaa, 0x06,
-	0x94, 0xde, 0xbd, 0xca, 0x2d, 0x54, 0xbb, 0x73, 0xef, 0x9f, 0x8d, 0x2a, 0xd8, 0xe0, 0xe9, 0xab,
+	0x31, 0x7b, 0x76, 0x45, 0x1d, 0xeb, 0x95, 0xbe, 0x59, 0x65, 0x41, 0x9f, 0x26, 0xd7, 0x4f, 0x88,
-	0xcb, 0x36, 0x79, 0x7d, 0xd9, 0x26, 0xbf, 0x5e, 0xb6, 0xc9, 0x9b, 0xcb, 0x36, 0xf9, 0xf1, 0xf7,
+	0x79, 0xd4, 0x96, 0x0f, 0xcf, 0x5a, 0xfc, 0x35, 0xea, 0x08, 0xf4, 0x7f, 0xff, 0xc7, 0xf7, 0x01,
-	0xf6, 0xdc, 0x37, 0xdd, 0xc2, 0xa7, 0x44, 0xc8, 0xc7, 0xbe, 0xdf, 0x3b, 0xc0, 0xd3, 0x7e, 0x88,
+	0x00, 0x00, 0xff, 0xff, 0x71, 0xb8, 0x50, 0x3f, 0x8e, 0x0c, 0x00, 0x00,
 	0xd1, 0x21, 0xef, 0x79, 0xe3, 0xa0, 0x37, 0x8a, 0xfa, 0x2a, 0xe8, 0xcf, 0x95, 0xe5, 0x27, 0x18,
 	0x6d, 0xed, 0xbb, 0x8f, 0xf6, 0x76, 0xf4, 0x6b, 0x34, 0xb4, 0xe5, 0xf7, 0xc5, 0x27, 0x7f, 0x07,
 	0x00, 0x00, 0xff, 0xff, 0xb3, 0xf2, 0x5d, 0xaf, 0x13, 0x0d, 0x00, 0x00,
 }
 // Reference imports to suppress errors if they are not otherwise used.
@ -1477,16 +1437,6 @@ func (m *GetRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	dAtA[i] = 0x6
 	i--
 	dAtA[i] = 0x92
 	if m.Raw {
 		i--
 		if m.Raw {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
 		i--
 		dAtA[i] = 0x10
 	}
 	{
 		size, err := m.Address.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
@ -1709,19 +1659,7 @@ func (m *PutRequest_PutHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	if m.CopiesNumber != 0 {
 		i = encodeVarintService(dAtA, i, uint64(m.CopiesNumber))
 		i--
-		dAtA[i] = 0x18
+		dAtA[i] = 0x10
 	}
 	if m.Token != nil {
 		{
 			size, err := m.Token.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
 			i -= size
 			i = encodeVarintService(dAtA, i, uint64(size))
 		}
 		i--
 		dAtA[i] = 0x12
 	}
 	if m.Object != nil {
 		{
@ -1835,18 +1773,6 @@ func (m *DeleteRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	dAtA[i] = 0x6
 	i--
 	dAtA[i] = 0x92
 	if m.Token != nil {
 		{
 			size, err := m.Token.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
 			i -= size
 			i = encodeVarintService(dAtA, i, uint64(size))
 		}
 		i--
 		dAtA[i] = 0x1a
 	}
 	{
 		size := m.OwnerID.Size()
 		i -= size
@ -1957,16 +1883,6 @@ func (m *HeadRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	dAtA[i] = 0x6
 	i--
 	dAtA[i] = 0x92
 	if m.Raw {
 		i--
 		if m.Raw {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
 		i--
 		dAtA[i] = 0x18
 	}
 	if m.FullHeaders {
 		i--
 		if m.FullHeaders {
@ -2438,9 +2354,6 @@ func (m *GetRequest) Size() (n int) {
 	_ = l
 	l = m.Address.Size()
 	n += 1 + l + sovService(uint64(l))
 	if m.Raw {
 		n += 2
 	}
 	l = m.RequestMetaHeader.Size()
 	n += 2 + l + sovService(uint64(l))
 	l = m.RequestVerificationHeader.Size()
@ -2545,10 +2458,6 @@ func (m *PutRequest_PutHeader) Size() (n int) {
 		l = m.Object.Size()
 		n += 1 + l + sovService(uint64(l))
 	}
 	if m.Token != nil {
 		l = m.Token.Size()
 		n += 1 + l + sovService(uint64(l))
 	}
 	if m.CopiesNumber != 0 {
 		n += 1 + sovService(uint64(m.CopiesNumber))
 	}
@ -2584,10 +2493,6 @@ func (m *DeleteRequest) Size() (n int) {
 	n += 1 + l + sovService(uint64(l))
 	l = m.OwnerID.Size()
 	n += 1 + l + sovService(uint64(l))
 	if m.Token != nil {
 		l = m.Token.Size()
 		n += 1 + l + sovService(uint64(l))
 	}
 	l = m.RequestMetaHeader.Size()
 	n += 2 + l + sovService(uint64(l))
 	l = m.RequestVerificationHeader.Size()
@ -2623,9 +2528,6 @@ func (m *HeadRequest) Size() (n int) {
 	if m.FullHeaders {
 		n += 2
 	}
 	if m.Raw {
 		n += 2
 	}
 	l = m.RequestMetaHeader.Size()
 	n += 2 + l + sovService(uint64(l))
 	l = m.RequestVerificationHeader.Size()
@ -2853,26 +2755,6 @@ func (m *GetRequest) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Raw", wireType)
 			}
 			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowService
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			m.Raw = bool(v != 0)
 		case 98:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field RequestMetaHeader", wireType)
@ -3373,42 +3255,6 @@ func (m *PutRequest_PutHeader) Unmarshal(dAtA []byte) error {
 			}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowService
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			if msglen < 0 {
 				return ErrInvalidLengthService
 			}
 			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthService
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Token == nil {
 				m.Token = &session.Token{}
 			}
 			if err := m.Token.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 3:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field CopiesNumber", wireType)
 			}
@ -3667,42 +3513,6 @@ func (m *DeleteRequest) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
 		case 3:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowService
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			if msglen < 0 {
 				return ErrInvalidLengthService
 			}
 			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthService
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if m.Token == nil {
 				m.Token = &session.Token{}
 			}
 			if err := m.Token.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 98:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field RequestMetaHeader", wireType)
@ -3963,26 +3773,6 @@ func (m *HeadRequest) Unmarshal(dAtA []byte) error {
 				}
 			}
 			m.FullHeaders = bool(v != 0)
 		case 3:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Raw", wireType)
 			}
 			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowService
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			m.Raw = bool(v != 0)
 		case 98:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field RequestMetaHeader", wireType)
--- a/object/service.proto
+++ b/object/service.proto
@ -5,7 +5,6 @@ option csharp_namespace = "NeoFS.API.Object";
 import "refs/types.proto";
 import "object/types.proto";
 import "session/types.proto";
 import "service/meta.proto";
 import "service/verify.proto";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@ -58,8 +57,6 @@ service Service {
 message GetRequest {
    // Address of object (container id + object id)
    refs.Address Address                     = 1 [(gogoproto.nullable) = false];
    // Raw is the request flag of a physically stored representation of an object
    bool Raw                                 = 2;
    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@ -82,10 +79,8 @@ message PutRequest {
    message PutHeader {
        // Object with at least container id and owner id fields
        Object Object       = 1;
        // Token with session public key and user's signature
        session.Token Token = 2;
        // Number of the object copies to store within the RPC call (zero is processed according to the placement rules)
-        uint32 CopiesNumber = 3;
+        uint32 CopiesNumber = 2;
    }
    oneof R {
@ -112,8 +107,6 @@ message DeleteRequest {
    refs.Address Address                     = 1 [(gogoproto.nullable) = false];
    // OwnerID is a wallet address
    bytes OwnerID                            = 2 [(gogoproto.nullable) = false, (gogoproto.customtype) = "OwnerID"];
    // Token with session public key and user's signature
    session.Token Token                      = 3;
    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@ -132,8 +125,6 @@ message HeadRequest {
    refs.Address Address                     = 1 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
    // FullHeaders can be set true for extended headers in the object
    bool FullHeaders                         = 2;
    // Raw is the request flag of a physically stored representation of an object
    bool Raw                                 = 3;
    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
--- a/object/service_test.go
+++ b/object/service_test.go
@ -16,8 +16,8 @@ func TestRequest(t *testing.T) {
 		&DeleteRequest{},
 		&GetRangeRequest{},
 		&GetRangeHashRequest{},
-		MakePutRequestHeader(nil, nil),
+		MakePutRequestHeader(nil),
-		MakePutRequestHeader(&Object{}, nil),
+		MakePutRequestHeader(&Object{}),
 	}
 	types := []RequestType{
--- a/object/types.go
+++ b/object/types.go
@ -7,7 +7,6 @@ import (
 	"github.com/gogo/protobuf/proto"
 	"github.com/nspcc-dev/neofs-api-go/internal"
 	"github.com/nspcc-dev/neofs-api-go/refs"
 	"github.com/nspcc-dev/neofs-api-go/session"
 )
 type (
@ -19,9 +18,6 @@ type (
 	// Address is a type alias of object Address.
 	Address = refs.Address
 	// VerificationHeader is a type alias of session's verification header.
 	VerificationHeader = session.VerificationHeader
 	// PositionReader defines object reader that returns slice of bytes
 	// for specified object and data range.
 	PositionReader interface {
@ -60,8 +56,8 @@ const (
 	TransformHdr
 	// TombstoneHdr is a tombstone header type.
 	TombstoneHdr
-	// VerifyHdr is a verification header type.
+	// TokenHdr is a token header type.
-	VerifyHdr
+	TokenHdr
 	// HomoHashHdr is a homomorphic hash header type.
 	HomoHashHdr
 	// PayloadChecksumHdr is a payload checksum header type.
@ -175,8 +171,8 @@ func (m Header) typeOf(t isHeader_Value) (ok bool) {
 		_, ok = m.Value.(*Header_Transform)
 	case *Header_Tombstone:
 		_, ok = m.Value.(*Header_Tombstone)
-	case *Header_Verify:
+	case *Header_Token:
-		_, ok = m.Value.(*Header_Verify)
+		_, ok = m.Value.(*Header_Token)
 	case *Header_HomoHash:
 		_, ok = m.Value.(*Header_HomoHash)
 	case *Header_PayloadChecksum:
@ -205,8 +201,8 @@ func HeaderType(t headerType) Pred {
 		return func(h *Header) bool { _, ok := h.Value.(*Header_Transform); return ok }
 	case TombstoneHdr:
 		return func(h *Header) bool { _, ok := h.Value.(*Header_Tombstone); return ok }
-	case VerifyHdr:
+	case TokenHdr:
-		return func(h *Header) bool { _, ok := h.Value.(*Header_Verify); return ok }
+		return func(h *Header) bool { _, ok := h.Value.(*Header_Token); return ok }
 	case HomoHashHdr:
 		return func(h *Header) bool { _, ok := h.Value.(*Header_HomoHash); return ok }
 	case PayloadChecksumHdr:
--- a/object/types.pb.go
+++ b/object/types.pb.go
@ -8,7 +8,7 @@ import (
 	_ "github.com/gogo/protobuf/gogoproto"
 	proto "github.com/golang/protobuf/proto"
 	refs "github.com/nspcc-dev/neofs-api-go/refs"
-	session "github.com/nspcc-dev/neofs-api-go/session"
+	service "github.com/nspcc-dev/neofs-api-go/service"
 	storagegroup "github.com/nspcc-dev/neofs-api-go/storagegroup"
 	io "io"
 	math "math"
@ -215,7 +215,7 @@ type Header struct {
 	//	*Header_UserHeader
 	//	*Header_Transform
 	//	*Header_Tombstone
-	//	*Header_Verify
+	//	*Header_Token
 	//	*Header_HomoHash
 	//	*Header_PayloadChecksum
 	//	*Header_Integrity
@ -277,8 +277,8 @@ type Header_Transform struct {
 type Header_Tombstone struct {
 	Tombstone *Tombstone `protobuf:"bytes,5,opt,name=Tombstone,proto3,oneof" json:"Tombstone,omitempty"`
 }
-type Header_Verify struct {
+type Header_Token struct {
-	Verify *session.VerificationHeader `protobuf:"bytes,6,opt,name=Verify,proto3,oneof" json:"Verify,omitempty"`
+	Token *service.Token `protobuf:"bytes,6,opt,name=Token,proto3,oneof" json:"Token,omitempty"`
 }
 type Header_HomoHash struct {
 	HomoHash Hash `protobuf:"bytes,7,opt,name=HomoHash,proto3,oneof,customtype=Hash" json:"HomoHash,omitempty"`
@ -301,7 +301,7 @@ func (*Header_Redirect) isHeader_Value()        {}
 func (*Header_UserHeader) isHeader_Value()      {}
 func (*Header_Transform) isHeader_Value()       {}
 func (*Header_Tombstone) isHeader_Value()       {}
-func (*Header_Verify) isHeader_Value()          {}
+func (*Header_Token) isHeader_Value()           {}
 func (*Header_HomoHash) isHeader_Value()        {}
 func (*Header_PayloadChecksum) isHeader_Value() {}
 func (*Header_Integrity) isHeader_Value()       {}
@ -350,9 +350,9 @@ func (m *Header) GetTombstone() *Tombstone {
 	return nil
 }
-func (m *Header) GetVerify() *session.VerificationHeader {
+func (m *Header) GetToken() *service.Token {
-	if x, ok := m.GetValue().(*Header_Verify); ok {
+	if x, ok := m.GetValue().(*Header_Token); ok {
-		return x.Verify
+		return x.Token
 	}
 	return nil
 }
@ -393,7 +393,7 @@ func (*Header) XXX_OneofWrappers() []interface{} {
 		(*Header_UserHeader)(nil),
 		(*Header_Transform)(nil),
 		(*Header_Tombstone)(nil),
-		(*Header_Verify)(nil),
+		(*Header_Token)(nil),
 		(*Header_HomoHash)(nil),
 		(*Header_PayloadChecksum)(nil),
 		(*Header_Integrity)(nil),
@ -826,64 +826,64 @@ func init() {
 func init() { proto.RegisterFile("object/types.proto", fileDescriptor_02021a1d39b1aee0) }
 var fileDescriptor_02021a1d39b1aee0 = []byte{
-	// 911 bytes of a gzipped FileDescriptorProto
+	// 909 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x55, 0x4f, 0x73, 0x1b, 0x35,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x55, 0x4f, 0x8f, 0xdb, 0x44,
-	0x14, 0xf7, 0xda, 0xeb, 0x7f, 0xcf, 0x9b, 0x66, 0x2b, 0x4a, 0xd9, 0x31, 0x83, 0x13, 0x76, 0x80,
+	0x14, 0xb7, 0x13, 0xe7, 0xdf, 0x8b, 0xb7, 0xeb, 0x8e, 0x96, 0x62, 0xad, 0x44, 0x76, 0xb1, 0xa0,
-	0x31, 0x85, 0xac, 0x87, 0x14, 0xa6, 0xc3, 0x85, 0x21, 0x8e, 0x01, 0x7b, 0x28, 0x8d, 0x91, 0x93,
+	0x5a, 0x0a, 0xeb, 0x88, 0x16, 0xa9, 0xe2, 0x82, 0xd8, 0x6c, 0x00, 0x47, 0x94, 0x6e, 0x98, 0x64,
-	0x1c, 0xb8, 0xad, 0x6d, 0x79, 0x2d, 0x62, 0x4b, 0x1e, 0x49, 0x6e, 0xeb, 0xaf, 0xc1, 0x89, 0x1b,
+	0x7b, 0xe0, 0xe6, 0x24, 0x13, 0xc7, 0x6c, 0x32, 0x13, 0xcd, 0x8c, 0xb7, 0xcd, 0xd7, 0xe0, 0xc4,
-	0x77, 0xbe, 0x00, 0x5f, 0xa1, 0x47, 0x8e, 0x4c, 0x0f, 0x19, 0x26, 0x7c, 0x00, 0xbe, 0x42, 0x47,
+	0x8d, 0x2b, 0xe2, 0x93, 0xf4, 0xc8, 0x11, 0xf5, 0xb0, 0x42, 0xcb, 0x07, 0xe0, 0x2b, 0x54, 0x33,
-	0xda, 0x5d, 0x7b, 0x37, 0xcd, 0xc5, 0xa3, 0xf7, 0x7e, 0xbf, 0x9f, 0xfc, 0xf4, 0xf4, 0x7b, 0x5a,
+	0xb6, 0x13, 0x7b, 0xdb, 0x4b, 0x34, 0xef, 0xfd, 0x7e, 0xbf, 0xf1, 0x9b, 0x37, 0xbf, 0x37, 0x01,
-	0x40, 0x7c, 0xfc, 0x2b, 0x99, 0xa8, 0x8e, 0xda, 0xac, 0x88, 0x0c, 0x56, 0x82, 0x2b, 0x8e, 0x2a,
+	0xc4, 0x26, 0xbf, 0x92, 0xa9, 0xec, 0xca, 0xcd, 0x9a, 0x08, 0x7f, 0xcd, 0x99, 0x64, 0xa8, 0x9e,
-	0x71, 0xae, 0xe9, 0x0a, 0x32, 0x93, 0x59, 0xa4, 0xf9, 0x8e, 0x24, 0x52, 0x52, 0xce, 0x72, 0x49,
+	0xe6, 0x0e, 0x1d, 0x4e, 0xe6, 0xa2, 0x88, 0x1c, 0x1e, 0x08, 0xc2, 0xaf, 0xe3, 0x29, 0xe9, 0x5e,
-	0x4f, 0x2a, 0x2e, 0xc2, 0x88, 0x44, 0x82, 0xaf, 0x57, 0x39, 0xe4, 0x28, 0xa2, 0x6a, 0xbe, 0x1e,
+	0x13, 0x1e, 0xcf, 0x37, 0x59, 0xd6, 0x15, 0x92, 0xf1, 0x30, 0x22, 0x11, 0x67, 0xc9, 0xba, 0xc4,
-	0x07, 0x13, 0xbe, 0xec, 0x44, 0x3c, 0xe2, 0x1d, 0x93, 0x1e, 0xaf, 0x67, 0x26, 0x32, 0x81, 0x59,
+	0x3f, 0x8d, 0x62, 0xb9, 0x48, 0x26, 0xfe, 0x94, 0xad, 0xba, 0x11, 0x8b, 0x58, 0x57, 0xa7, 0x27,
-	0xc5, 0x74, 0xff, 0x09, 0x94, 0x71, 0xc8, 0x22, 0x82, 0x1e, 0x42, 0xe5, 0x6c, 0x36, 0x93, 0x44,
+	0xc9, 0x5c, 0x47, 0x3a, 0xd0, 0xab, 0x94, 0xee, 0x3d, 0x85, 0x1a, 0x0e, 0x69, 0x44, 0xd0, 0x03,
-	0x79, 0xd6, 0xa1, 0xd5, 0xb6, 0x71, 0x12, 0xe9, 0xfc, 0x53, 0xc2, 0x22, 0x35, 0xf7, 0x8a, 0x71,
+	0xa8, 0x5f, 0xcc, 0xe7, 0x82, 0x48, 0xd7, 0x3c, 0x36, 0x4f, 0x2c, 0x9c, 0x45, 0x2a, 0xff, 0x8c,
-	0x3e, 0x8e, 0xfc, 0x2f, 0x01, 0x2e, 0x24, 0x11, 0x7d, 0x12, 0x4e, 0x89, 0x40, 0x2e, 0x94, 0x7e,
+	0xd0, 0x48, 0x2e, 0xdc, 0x4a, 0x9a, 0x4f, 0x23, 0xef, 0x2b, 0x80, 0x4b, 0x41, 0x78, 0x40, 0xc2,
-	0x24, 0x1b, 0x23, 0xad, 0x63, 0xbd, 0x44, 0x0f, 0xa0, 0x7c, 0x19, 0x2e, 0xd6, 0xc4, 0xc8, 0xea,
+	0x19, 0xe1, 0xc8, 0x81, 0xea, 0x8f, 0x64, 0xa3, 0xa5, 0x2d, 0xac, 0x96, 0xe8, 0x00, 0x6a, 0x2f,
-	0x38, 0x0e, 0xfc, 0xbf, 0x6c, 0xa8, 0x24, 0x12, 0x1f, 0xec, 0xa7, 0x94, 0x5d, 0x19, 0x4d, 0xe3,
+	0xc2, 0x65, 0x42, 0xb4, 0xac, 0x85, 0xd3, 0xc0, 0xfb, 0xd3, 0x82, 0x7a, 0x26, 0xf1, 0xc0, 0x7a,
-	0xd8, 0x09, 0xe2, 0x06, 0x04, 0x3a, 0xd7, 0x2f, 0x60, 0x83, 0xa1, 0xcf, 0xa0, 0x86, 0xc9, 0x94,
+	0x16, 0xd3, 0x2b, 0xad, 0x69, 0x3f, 0xb6, 0xfd, 0xb4, 0x03, 0xbe, 0xca, 0x05, 0x06, 0xd6, 0x18,
-	0x0a, 0x32, 0x51, 0x66, 0x9f, 0xc6, 0xf1, 0x5e, 0xa0, 0x1b, 0x14, 0x9c, 0x4c, 0xa7, 0x82, 0x48,
+	0xfa, 0x1c, 0x9a, 0x98, 0xcc, 0x62, 0x4e, 0xa6, 0x52, 0xef, 0xd3, 0x7e, 0xbc, 0xe7, 0xab, 0x0e,
-	0xd9, 0x2f, 0xe0, 0x2d, 0x01, 0xe5, 0x2a, 0xf2, 0x4a, 0x86, 0x8e, 0xd2, 0x6d, 0x77, 0x48, 0xbf,
+	0xf9, 0x67, 0xb3, 0x19, 0x27, 0x42, 0x04, 0x06, 0xde, 0x12, 0x50, 0xa9, 0x22, 0xb7, 0xaa, 0xe9,
-	0x80, 0xb3, 0x95, 0x7f, 0x01, 0xf5, 0x73, 0x11, 0x32, 0x39, 0xe3, 0x62, 0xe9, 0xd9, 0x46, 0x74,
+	0x28, 0xdf, 0x76, 0x87, 0x04, 0x06, 0x2e, 0x56, 0xfe, 0x25, 0xb4, 0xc6, 0x3c, 0xa4, 0x62, 0xce,
-	0x3f, 0x15, 0x6d, 0x81, 0x7e, 0x01, 0xef, 0x58, 0x46, 0xc2, 0x97, 0x63, 0xa9, 0x38, 0x23, 0x5e,
+	0xf8, 0xca, 0xb5, 0xb4, 0xe8, 0x7e, 0x2e, 0xda, 0x02, 0x81, 0x81, 0x77, 0x2c, 0x2d, 0x61, 0xab,
-	0xf9, 0x96, 0x24, 0x05, 0x8c, 0x24, 0x0d, 0xd0, 0x57, 0x50, 0xb9, 0x24, 0x82, 0xce, 0x36, 0x5e,
+	0x89, 0x90, 0x8c, 0x12, 0xb7, 0x76, 0x47, 0x92, 0x03, 0x5a, 0x92, 0x07, 0xe8, 0x21, 0xd4, 0xc6,
-	0xc5, 0xf0, 0xdf, 0x0f, 0x92, 0x5b, 0x0d, 0x4c, 0x9a, 0x4e, 0x42, 0x45, 0x39, 0xdb, 0x16, 0x98,
+	0xec, 0x8a, 0x50, 0xb7, 0xae, 0xe9, 0xf7, 0xfc, 0xec, 0x56, 0x7d, 0x9d, 0x0d, 0x0c, 0x9c, 0xc2,
-	0x90, 0xd1, 0x27, 0x50, 0xeb, 0xf3, 0x25, 0xef, 0x87, 0x72, 0xee, 0x55, 0x0f, 0xad, 0xb6, 0xd3,
+	0xe8, 0x21, 0x34, 0x03, 0xb6, 0x62, 0x41, 0x28, 0x16, 0x6e, 0xe3, 0xd8, 0x3c, 0xb1, 0x7b, 0xcd,
-	0xad, 0xbd, 0xbe, 0x3e, 0xb0, 0x75, 0xac, 0x8f, 0x9e, 0x62, 0xe8, 0x11, 0xec, 0x0f, 0xc3, 0xcd,
+	0x37, 0x37, 0x47, 0x96, 0x8a, 0xd5, 0x59, 0x73, 0x0c, 0x3d, 0x82, 0xfd, 0x61, 0xb8, 0x59, 0xb2,
-	0x82, 0x87, 0xd3, 0xd3, 0x39, 0x99, 0x5c, 0xc9, 0xf5, 0xd2, 0xab, 0x69, 0x7a, 0xbf, 0x80, 0x6f,
+	0x70, 0x76, 0xbe, 0x20, 0xd3, 0x2b, 0x91, 0xac, 0xdc, 0xa6, 0xa2, 0x07, 0x06, 0xbe, 0x0b, 0xa0,
-	0x03, 0xe8, 0x09, 0xd4, 0x07, 0x4c, 0x91, 0x48, 0x50, 0xb5, 0xf1, 0xea, 0xa6, 0x9a, 0xf7, 0xd2,
+	0xa7, 0xd0, 0x1a, 0x50, 0x49, 0x22, 0x1e, 0xcb, 0x8d, 0xdb, 0xd2, 0xdf, 0xff, 0x30, 0x2f, 0x77,
-	0xea, 0xb7, 0xc0, 0xb6, 0x92, 0x1d, 0x17, 0x7d, 0x0b, 0xce, 0x28, 0x76, 0xdd, 0x0f, 0xda, 0x75,
+	0x0b, 0x6c, 0x7b, 0xb3, 0xe3, 0xa2, 0x6f, 0xc1, 0x1e, 0xa5, 0x36, 0xfb, 0x41, 0xd9, 0xcc, 0x05,
-	0x1e, 0x18, 0x6d, 0x33, 0xc8, 0x5a, 0x31, 0xc8, 0x32, 0xfa, 0x05, 0x9c, 0x53, 0xe8, 0xc6, 0x0d,
+	0xad, 0x3d, 0xf4, 0x8b, 0xde, 0xf3, 0x8b, 0x8c, 0xc0, 0xc0, 0x25, 0x85, 0xea, 0xd4, 0x30, 0x99,
-	0xd7, 0xe3, 0x05, 0x9d, 0x68, 0xaf, 0x34, 0xf2, 0x8d, 0xdb, 0x02, 0xfa, 0x4f, 0xb7, 0x41, 0xb7,
+	0x2c, 0xe3, 0xa9, 0x32, 0x47, 0xbb, 0xdc, 0xa9, 0x2d, 0xa0, 0x3e, 0xba, 0x0d, 0x7a, 0x8d, 0xcc,
-	0x9a, 0xd8, 0xc8, 0x6f, 0x64, 0x9a, 0xee, 0xff, 0x6f, 0x81, 0x33, 0xda, 0x48, 0x45, 0x96, 0xc9,
+	0x37, 0x5e, 0xbb, 0xd0, 0x65, 0xef, 0x7f, 0x13, 0xec, 0xd1, 0x46, 0x48, 0xb2, 0xca, 0xae, 0xcd,
-	0x2d, 0x7a, 0x50, 0xbd, 0x24, 0x42, 0x37, 0x34, 0xb1, 0x6f, 0x1a, 0xa2, 0x8f, 0x60, 0x2f, 0xe9,
+	0x85, 0xc6, 0x0b, 0xc2, 0x45, 0xcc, 0x68, 0xe6, 0xd7, 0x3c, 0x44, 0x9f, 0xc0, 0x5e, 0xd6, 0x81,
-	0x40, 0xce, 0xc6, 0xf9, 0x24, 0x6a, 0x42, 0x71, 0xd0, 0x33, 0x9e, 0x71, 0xba, 0xf0, 0xea, 0xfa,
+	0x92, 0x6f, 0xcb, 0x49, 0x74, 0x08, 0x95, 0x41, 0x5f, 0x9b, 0xc4, 0xee, 0xc1, 0xeb, 0x9b, 0x23,
-	0xa0, 0xf0, 0xfa, 0xfa, 0xa0, 0x38, 0xe8, 0xe1, 0xe2, 0xa0, 0x87, 0x3e, 0x85, 0xea, 0xd9, 0x0b,
+	0xe3, 0xcd, 0xcd, 0x51, 0x65, 0xd0, 0xc7, 0x95, 0x41, 0x1f, 0x7d, 0x06, 0x8d, 0x8b, 0x97, 0x94,
-	0x46, 0xc4, 0xa0, 0x67, 0xfc, 0xe1, 0x74, 0xf7, 0x13, 0x42, 0x9a, 0xc6, 0xe9, 0x02, 0x7d, 0x00,
+	0xf0, 0x41, 0x5f, 0x1b, 0xc2, 0xee, 0xed, 0x67, 0x84, 0x3c, 0x8d, 0xf3, 0x05, 0xfa, 0x08, 0xaa,
-	0xa5, 0xd3, 0x41, 0xcf, 0x78, 0xc2, 0xe9, 0x36, 0x12, 0x9a, 0x4e, 0x61, 0xfd, 0x83, 0xbe, 0x86,
+	0xe7, 0x83, 0xbe, 0x36, 0x81, 0xdd, 0x6b, 0x67, 0x34, 0x95, 0xc2, 0xea, 0x07, 0x7d, 0x0d, 0xad,
-	0xfa, 0xa9, 0x20, 0xa1, 0x22, 0xd3, 0x13, 0x95, 0x18, 0xe1, 0xdd, 0xf4, 0xfc, 0x06, 0xa0, 0x9c,
+	0x73, 0x4e, 0x42, 0x49, 0x66, 0x67, 0x32, 0xbb, 0xfa, 0x0f, 0xf2, 0xf3, 0x6b, 0x20, 0x66, 0x74,
-	0x0d, 0x39, 0x65, 0xaa, 0x6b, 0x6b, 0x2d, 0xde, 0xb1, 0xfd, 0x13, 0xd8, 0xcb, 0x31, 0x50, 0x13,
+	0xc8, 0x62, 0x2a, 0x7b, 0x96, 0xd2, 0xe2, 0x1d, 0xdb, 0x3b, 0x83, 0xbd, 0x12, 0x03, 0x1d, 0x42,
-	0x6a, 0x17, 0x8c, 0xbe, 0x3c, 0xa7, 0x4b, 0x62, 0x8e, 0x5c, 0xc2, 0xdb, 0x58, 0xcf, 0xde, 0x77,
+	0xf3, 0x92, 0xc6, 0xaf, 0xc6, 0xf1, 0x8a, 0xe8, 0x23, 0x57, 0xf1, 0x36, 0x56, 0xc3, 0xf6, 0xdd,
-	0x2b, 0x3e, 0x49, 0xcf, 0x1a, 0x07, 0x3e, 0x85, 0xfd, 0x5b, 0xf7, 0x8b, 0xda, 0xb0, 0x1f, 0xaf,
+	0x9a, 0x4d, 0xf3, 0xb3, 0xa6, 0x81, 0x17, 0xc3, 0xfe, 0x9d, 0xfb, 0x45, 0x27, 0xb0, 0x9f, 0xae,
-	0xe4, 0xd6, 0x37, 0x7a, 0x2f, 0x07, 0xdf, 0x4e, 0xa3, 0xcf, 0xe1, 0x7e, 0xba, 0x1e, 0xd1, 0x88,
+	0xc4, 0xd6, 0x37, 0x6a, 0x2f, 0x1b, 0xdf, 0x4d, 0xa3, 0x2f, 0xe0, 0x7e, 0xbe, 0x1e, 0xc5, 0x11,
-	0x85, 0x6a, 0x2d, 0xe2, 0xd1, 0x76, 0xf0, 0xdb, 0x80, 0xff, 0x87, 0x15, 0x0f, 0x37, 0xfa, 0x18,
+	0x0d, 0x65, 0xc2, 0xd3, 0x59, 0xb6, 0xf1, 0xbb, 0x80, 0xf7, 0x87, 0x99, 0x4e, 0x33, 0xfa, 0x14,
-	0x6c, 0xfd, 0x38, 0x99, 0x5d, 0xef, 0xed, 0x2e, 0x5b, 0x63, 0xc1, 0xf9, 0x66, 0x45, 0xb0, 0x81,
+	0x2c, 0xf5, 0x1a, 0xe9, 0x5d, 0xef, 0xed, 0x2e, 0x5b, 0x61, 0xfe, 0x78, 0xb3, 0x26, 0x58, 0xc3,
-	0x93, 0xf6, 0x17, 0xef, 0x6a, 0xbf, 0x7f, 0x0e, 0xb6, 0x66, 0xa2, 0x06, 0x54, 0x2f, 0xd8, 0x15,
+	0x59, 0xfb, 0x2b, 0xef, 0x6b, 0xbf, 0x37, 0x06, 0x4b, 0x31, 0x51, 0x1b, 0x1a, 0x97, 0xf4, 0x8a,
-	0xe3, 0x2f, 0x98, 0x5b, 0x40, 0x00, 0x95, 0x61, 0x28, 0x08, 0x53, 0xae, 0x85, 0x1c, 0xa8, 0x0d,
+	0xb2, 0x97, 0xd4, 0x31, 0x10, 0x40, 0x7d, 0x18, 0x72, 0x42, 0xa5, 0x63, 0x22, 0x1b, 0x9a, 0x43,
-	0x05, 0x79, 0x4e, 0xf9, 0x5a, 0xba, 0x45, 0x54, 0x03, 0xfb, 0x19, 0x79, 0xa9, 0xdc, 0x12, 0xaa,
+	0x4e, 0xae, 0x63, 0x96, 0x08, 0xa7, 0x82, 0x9a, 0x60, 0x3d, 0x27, 0xaf, 0xa4, 0x53, 0x45, 0x2d,
-	0x43, 0xf9, 0x74, 0x4e, 0x17, 0x53, 0xd7, 0x46, 0x6e, 0xde, 0xba, 0x6e, 0xd9, 0x5f, 0x64, 0xc6,
+	0xa8, 0x9d, 0x2f, 0xe2, 0xe5, 0xcc, 0xb1, 0x90, 0x53, 0xb6, 0xae, 0x53, 0xf3, 0x96, 0x85, 0x39,
-	0x1e, 0x3d, 0xca, 0x55, 0xf9, 0xf0, 0xad, 0xf1, 0xcf, 0x94, 0xea, 0x3f, 0xbe, 0xab, 0x9c, 0x3a,
+	0x47, 0x8f, 0x4a, 0x55, 0x3e, 0x78, 0x67, 0xde, 0x0b, 0xa5, 0x7a, 0x4f, 0xde, 0x57, 0x4e, 0x0b,
-	0x94, 0x47, 0xab, 0x05, 0xd5, 0xd5, 0xd4, 0xc0, 0xd6, 0x7d, 0x70, 0x8b, 0x3a, 0xf9, 0x13, 0x5f,
+	0x6a, 0xa3, 0xf5, 0x32, 0x56, 0xd5, 0x34, 0xc1, 0x52, 0x7d, 0x70, 0x2a, 0x2a, 0xf9, 0x13, 0x4b,
-	0x2f, 0xa6, 0x6e, 0xc9, 0xff, 0xcd, 0x82, 0xca, 0x99, 0xd9, 0x14, 0x7d, 0x93, 0x77, 0x6e, 0xf2,
+	0x96, 0x33, 0xa7, 0xea, 0xfd, 0x66, 0x42, 0xfd, 0x42, 0x6f, 0x8a, 0xbe, 0x29, 0x3b, 0x37, 0x7b,
-	0xfc, 0x3d, 0x48, 0xff, 0x33, 0x8b, 0x25, 0x2e, 0xc8, 0x3b, 0x3d, 0x80, 0x6a, 0x72, 0x37, 0x5e,
+	0xef, 0x0e, 0xf2, 0x6f, 0x16, 0xb1, 0xcc, 0x05, 0x65, 0xa7, 0xfb, 0xd0, 0xc8, 0xee, 0xc6, 0xad,
-	0xf1, 0xb0, 0xd4, 0x6e, 0x1c, 0xdf, 0x4b, 0xa5, 0x39, 0x51, 0x4a, 0xd2, 0x93, 0x91, 0x58, 0x3d,
+	0x1c, 0x57, 0xf5, 0xe3, 0x91, 0x49, 0x4b, 0xa2, 0x9c, 0xa4, 0x26, 0x23, 0xb3, 0x7a, 0x6a, 0x6f,
-	0xb6, 0x37, 0x4e, 0x43, 0xff, 0xc3, 0xcc, 0x34, 0xee, 0x9e, 0xeb, 0xf8, 0xfe, 0xe3, 0xa0, 0xfb,
+	0x9c, 0x87, 0xde, 0xc7, 0x85, 0x69, 0xdc, 0xbd, 0xcf, 0xe9, 0xfd, 0xa7, 0x41, 0xef, 0xe7, 0xd7,
-	0xf3, 0xab, 0x9b, 0x96, 0xf5, 0xf7, 0x4d, 0xcb, 0xfa, 0xe7, 0xa6, 0x65, 0xfd, 0x7b, 0xd3, 0xb2,
+	0xb7, 0x1d, 0xf3, 0xef, 0xdb, 0x8e, 0xf9, 0xcf, 0x6d, 0xc7, 0xfc, 0xf7, 0xb6, 0x63, 0xfe, 0xfe,
-	0x7e, 0xff, 0xaf, 0x55, 0xf8, 0xa5, 0x9d, 0xf9, 0xc4, 0x30, 0xb9, 0x9a, 0x4c, 0x8e, 0xa6, 0xe4,
+	0x5f, 0xc7, 0xf8, 0xe5, 0xa4, 0xf0, 0x9f, 0x42, 0xc5, 0x7a, 0x3a, 0x3d, 0x9d, 0x91, 0xeb, 0x2e,
-	0x79, 0x87, 0x11, 0x3e, 0x93, 0x47, 0xe1, 0x8a, 0x1e, 0x45, 0xbc, 0x13, 0x97, 0xf4, 0x67, 0xd1,
+	0x25, 0x6c, 0x2e, 0x4e, 0xc3, 0x75, 0x7c, 0x1a, 0xb1, 0x6e, 0x5a, 0xd2, 0x5f, 0x15, 0xe7, 0x39,
-	0x7d, 0x46, 0xf8, 0xf7, 0xa3, 0xe0, 0x64, 0x38, 0x08, 0xe2, 0xf3, 0x8f, 0x2b, 0xe6, 0xbb, 0xf3,
+	0x61, 0xdf, 0x8f, 0xfc, 0xb3, 0xe1, 0xc0, 0x4f, 0xcf, 0x3f, 0xa9, 0xeb, 0x3f, 0x9a, 0x27, 0x6f,
-	0xf8, 0x4d, 0x00, 0x00, 0x00, 0xff, 0xff, 0xee, 0xb1, 0xc7, 0x51, 0x05, 0x07, 0x00, 0x00,
+	0x03, 0x00, 0x00, 0xff, 0xff, 0x8d, 0x5e, 0xb1, 0xdf, 0xf7, 0x06, 0x00, 0x00,
 }
 func (m *Range) Marshal() (dAtA []byte, err error) {
@ -1105,16 +1105,16 @@ func (m *Header_Tombstone) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	}
 	return len(dAtA) - i, nil
 }
-func (m *Header_Verify) MarshalTo(dAtA []byte) (int, error) {
+func (m *Header_Token) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
-func (m *Header_Verify) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *Header_Token) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
-	if m.Verify != nil {
+	if m.Token != nil {
 		{
-			size, err := m.Verify.MarshalToSizedBuffer(dAtA[:i])
+			size, err := m.Token.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
@ -1696,14 +1696,14 @@ func (m *Header_Tombstone) Size() (n int) {
 	}
 	return n
 }
-func (m *Header_Verify) Size() (n int) {
+func (m *Header_Token) Size() (n int) {
 	if m == nil {
 		return 0
 	}
 	var l int
 	_ = l
-	if m.Verify != nil {
+	if m.Token != nil {
-		l = m.Verify.Size()
+		l = m.Token.Size()
 		n += 1 + l + sovTypes(uint64(l))
 	}
 	return n
@ -2336,7 +2336,7 @@ func (m *Header) Unmarshal(dAtA []byte) error {
 			iNdEx = postIndex
 		case 6:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Verify", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@ -2363,11 +2363,11 @@ func (m *Header) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &session.VerificationHeader{}
+			v := &service.Token{}
 			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
-			m.Value = &Header_Verify{v}
+			m.Value = &Header_Token{v}
 			iNdEx = postIndex
 		case 7:
 			if wireType != 2 {
--- a/object/types.proto
+++ b/object/types.proto
@ -4,7 +4,7 @@ option go_package = "github.com/nspcc-dev/neofs-api-go/object";
 option csharp_namespace = "NeoFS.API.Object";
 import "refs/types.proto";
-import "session/types.proto";
+import "service/verify.proto";
 import "storagegroup/types.proto";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@ -36,8 +36,8 @@ message Header {
        Transform Transform                    = 4;
        // Tombstone header that set up in deleted objects
        Tombstone Tombstone                    = 5;
-        // Verify header that contains session public key and user's signature
+        // Token header contains token of the session within which the object was created
-        session.VerificationHeader Verify      = 6;
+        service.Token Token                    = 6;
        // HomoHash is a homomorphic hash of original object payload
        bytes HomoHash                         = 7 [(gogoproto.customtype) = "Hash"];
        // PayloadChecksum of actual object's payload
--- a/object/utils.go
+++ b/object/utils.go
@ -4,7 +4,6 @@ import (
 	"io"
 	"strconv"
 	"github.com/nspcc-dev/neofs-api-go/session"
 	"github.com/pkg/errors"
 )
@ -46,11 +45,10 @@ func (b ByteSize) String() string {
 // MakePutRequestHeader combines object and session token value
 // into header of object put request.
-func MakePutRequestHeader(obj *Object, token *session.Token) *PutRequest {
+func MakePutRequestHeader(obj *Object) *PutRequest {
 	return &PutRequest{
 		R: &PutRequest_Header{Header: &PutRequest_PutHeader{
 			Object: obj,
 			Token:  token,
 		}},
 	}
 }
--- a/object/verification.go
+++ b/object/verification.go
@ -77,7 +77,7 @@ func (m Object) Verify() error {
 	integrity := ih.Value.(*Header_Integrity).Integrity
 	// Prepare structures
-	_, vh := m.LastHeader(HeaderType(VerifyHdr))
+	_, vh := m.LastHeader(HeaderType(TokenHdr))
 	if vh == nil {
 		_, pkh := m.LastHeader(HeaderType(PublicKeyHdr))
 		if pkh == nil {
@ -85,7 +85,7 @@ func (m Object) Verify() error {
 		}
 		pubkey = pkh.Value.(*Header_PublicKey).PublicKey.Value
 	} else {
-		pubkey = vh.Value.(*Header_Verify).Verify.PublicKey
+		pubkey = vh.Value.(*Header_Token).Token.SessionKey
 	}
 	// Verify signature
--- a/object/verification_test.go
+++ b/object/verification_test.go
@ -6,7 +6,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neofs-api-go/container"
 	"github.com/nspcc-dev/neofs-api-go/refs"
-	"github.com/nspcc-dev/neofs-api-go/session"
+	"github.com/nspcc-dev/neofs-api-go/service"
 	crypto "github.com/nspcc-dev/neofs-crypto"
 	"github.com/nspcc-dev/neofs-crypto/test"
 	"github.com/stretchr/testify/require"
@ -77,11 +77,13 @@ func TestObject_Verify(t *testing.T) {
 	dataPK := crypto.MarshalPublicKey(&sessionkey.PublicKey)
 	signature, err = crypto.Sign(key, dataPK)
-	vh := &session.VerificationHeader{
+	tok := &service.Token{
-		PublicKey:    dataPK,
+		Token_Info: service.Token_Info{
-		KeySignature: signature,
+			SessionKey: dataPK,
 		},
 		Signature: signature,
 	}
-	obj.SetVerificationHeader(vh)
+	obj.AddHeader(&Header{Value: &Header_Token{Token: tok}})
 	// validation header is not last
 	t.Run("error validation header is not last", func(t *testing.T) {
@ -90,7 +92,7 @@ func TestObject_Verify(t *testing.T) {
 	})
 	obj.Headers = obj.Headers[:len(obj.Headers)-2]
-	obj.SetVerificationHeader(vh)
+	obj.AddHeader(&Header{Value: &Header_Token{Token: tok}})
 	obj.SetHeader(&Header{Value: &Header_Integrity{ih}})
 	t.Run("error invalid header checksum", func(t *testing.T) {
@ -115,7 +117,7 @@ func TestObject_Verify(t *testing.T) {
 	require.NoError(t, err)
 	obj.SetHeader(genIH)
-	t.Run("correct with vh", func(t *testing.T) {
+	t.Run("correct with tok", func(t *testing.T) {
 		err = obj.Verify()
 		require.NoError(t, err)
 	})
@ -123,7 +125,7 @@ func TestObject_Verify(t *testing.T) {
 	pkh := Header{Value: &Header_PublicKey{&PublicKey{
 		Value: crypto.MarshalPublicKey(&key.PublicKey),
 	}}}
-	// replace vh with pkh
+	// replace tok with pkh
 	obj.Headers[len(obj.Headers)-2] = pkh
 	// re-sign object
 	obj.Sign(sessionkey)
--- a/service/alias.go
+++ b/service/alias.go
@ -0,0 +1,14 @@
 package service
 import (
 	"github.com/nspcc-dev/neofs-api-go/refs"
 )
 // TokenID is type alias of UUID ref.
 type TokenID = refs.UUID
 // OwnerID is type alias of OwnerID ref.
 type OwnerID = refs.OwnerID
 // Address is type alias of Address ref.
 type Address = refs.Address
--- a/service/meta.pb.go
+++ b/service/meta.pb.go
@ -32,7 +32,9 @@ type RequestMetaHeader struct {
 	Epoch uint64 `protobuf:"varint,2,opt,name=Epoch,proto3" json:"Epoch,omitempty"`
 	// Version defines protocol version
 	// TODO: not used for now, should be implemented in future
-	Version              uint32   `protobuf:"varint,3,opt,name=Version,proto3" json:"Version,omitempty"`
+	Version uint32 `protobuf:"varint,3,opt,name=Version,proto3" json:"Version,omitempty"`
 	// Raw determines whether the request is raw or not
 	Raw                  bool     `protobuf:"varint,4,opt,name=Raw,proto3" json:"Raw,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@ -88,6 +90,13 @@ func (m *RequestMetaHeader) GetVersion() uint32 {
 	return 0
 }
 func (m *RequestMetaHeader) GetRaw() bool {
 	if m != nil {
 		return m.Raw
 	}
 	return false
 }
 // ResponseMetaHeader contains meta information based on request processing by server
 // (should be embedded into message)
 type ResponseMetaHeader struct {
@ -152,23 +161,24 @@ func init() {
 func init() { proto.RegisterFile("service/meta.proto", fileDescriptor_a638867e7b43457c) }
 var fileDescriptor_a638867e7b43457c = []byte{
-	// 247 bytes of a gzipped FileDescriptorProto
+	// 261 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x2a, 0x4e, 0x2d, 0x2a,
 	0xcb, 0x4c, 0x4e, 0xd5, 0xcf, 0x4d, 0x2d, 0x49, 0xd4, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62,
 	0x87, 0x8a, 0x49, 0xe9, 0xa6, 0x67, 0x96, 0x64, 0x94, 0x26, 0xe9, 0x25, 0xe7, 0xe7, 0xea, 0xa7,
 	0xe7, 0xa7, 0xe7, 0xeb, 0x83, 0xe5, 0x93, 0x4a, 0xd3, 0xc0, 0x3c, 0x30, 0x07, 0xcc, 0x82, 0xe8,
-	0x53, 0x0a, 0xe5, 0x12, 0x0c, 0x4a, 0x2d, 0x2c, 0x4d, 0x2d, 0x2e, 0xf1, 0x4d, 0x2d, 0x49, 0xf4,
+	0x53, 0x4a, 0xe7, 0x12, 0x0c, 0x4a, 0x2d, 0x2c, 0x4d, 0x2d, 0x2e, 0xf1, 0x4d, 0x2d, 0x49, 0xf4,
 	0x48, 0x4d, 0x4c, 0x49, 0x2d, 0x12, 0x12, 0xe0, 0x62, 0x0e, 0x09, 0xf1, 0x91, 0x60, 0x54, 0x60,
 	0xd4, 0xe0, 0x0d, 0x02, 0x31, 0x85, 0x44, 0xb8, 0x58, 0x5d, 0x0b, 0xf2, 0x93, 0x33, 0x24, 0x98,
 	0x14, 0x18, 0x35, 0x58, 0x82, 0x20, 0x1c, 0x21, 0x09, 0x2e, 0xf6, 0xb0, 0xd4, 0xa2, 0xe2, 0xcc,
-	0xfc, 0x3c, 0x09, 0x66, 0xb0, 0x5a, 0x18, 0x57, 0xc9, 0x85, 0x4b, 0x28, 0x28, 0xb5, 0xb8, 0x20,
+	0xfc, 0x3c, 0x09, 0x66, 0xb0, 0x5a, 0x18, 0x17, 0x64, 0x42, 0x50, 0x62, 0xb9, 0x04, 0x8b, 0x02,
-	0x3f, 0xaf, 0x38, 0x15, 0xc9, 0x5c, 0xb8, 0x29, 0x8c, 0x38, 0x4c, 0x61, 0x42, 0x31, 0xc5, 0x29,
+	0xa3, 0x06, 0x47, 0x10, 0x88, 0xa9, 0xe4, 0xc2, 0x25, 0x14, 0x94, 0x5a, 0x5c, 0x90, 0x9f, 0x57,
-	0xf8, 0xc4, 0x23, 0x39, 0xc6, 0x0b, 0x8f, 0xe4, 0x18, 0x6f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, 0x48,
+	0x9c, 0x8a, 0x64, 0x13, 0xdc, 0x5c, 0x46, 0x1c, 0xe6, 0x32, 0xa1, 0x98, 0xeb, 0x14, 0x7c, 0xe2,
-	0x8e, 0x71, 0xc6, 0x63, 0x39, 0x86, 0x28, 0x4d, 0x24, 0x1f, 0xe6, 0x15, 0x17, 0x24, 0x27, 0xeb,
+	0x91, 0x1c, 0xe3, 0x85, 0x47, 0x72, 0x8c, 0x37, 0x1e, 0xc9, 0x31, 0x3e, 0x78, 0x24, 0xc7, 0x38,
-	0xa6, 0xa4, 0x96, 0xe9, 0xe7, 0xa5, 0xe6, 0xa7, 0x15, 0xeb, 0x26, 0x16, 0x64, 0xea, 0xa6, 0xe7,
+	0xe3, 0xb1, 0x1c, 0x43, 0x94, 0x26, 0x92, 0x9f, 0xf3, 0x8a, 0x0b, 0x92, 0x93, 0x75, 0x53, 0x52,
-	0xeb, 0x43, 0x03, 0x63, 0x15, 0x93, 0xa0, 0x5f, 0x6a, 0xbe, 0x5b, 0xb0, 0x9e, 0x63, 0x80, 0xa7,
+	0xcb, 0xf4, 0xf3, 0x52, 0xf3, 0xd3, 0x8a, 0x75, 0x13, 0x0b, 0x32, 0x75, 0xd3, 0xf3, 0xf5, 0xa1,
-	0x5e, 0x30, 0x44, 0x2c, 0x89, 0x0d, 0xec, 0x71, 0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff, 0x36,
+	0xc1, 0xb3, 0x8a, 0x49, 0xd0, 0x2f, 0x35, 0xdf, 0x2d, 0x58, 0xcf, 0x31, 0xc0, 0x53, 0x2f, 0x18,
-	0xce, 0x54, 0x19, 0x46, 0x01, 0x00, 0x00,
+	0x22, 0x96, 0xc4, 0x06, 0x0e, 0x0a, 0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff, 0xb2, 0x12, 0x93,
 	0x5e, 0x58, 0x01, 0x00, 0x00,
 }
 func (m *RequestMetaHeader) Marshal() (dAtA []byte, err error) {
@ -195,6 +205,16 @@ func (m *RequestMetaHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 		i -= len(m.XXX_unrecognized)
 		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if m.Raw {
 		i--
 		if m.Raw {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
 		i--
 		dAtA[i] = 0x20
 	}
 	if m.Version != 0 {
 		i = encodeVarintMeta(dAtA, i, uint64(m.Version))
 		i--
@ -276,6 +296,9 @@ func (m *RequestMetaHeader) Size() (n int) {
 	if m.Version != 0 {
 		n += 1 + sovMeta(uint64(m.Version))
 	}
 	if m.Raw {
 		n += 2
 	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
@ -392,6 +415,26 @@ func (m *RequestMetaHeader) Unmarshal(dAtA []byte) error {
 					break
 				}
 			}
 		case 4:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Raw", wireType)
 			}
 			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowMeta
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				v |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			m.Raw = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipMeta(dAtA[iNdEx:])
--- a/service/meta.proto
+++ b/service/meta.proto
@ -17,6 +17,8 @@ message RequestMetaHeader {
    // Version defines protocol version
    // TODO: not used for now, should be implemented in future
    uint32 Version = 3;
    // Raw determines whether the request is raw or not
    bool Raw       = 4;
 }
 // ResponseMetaHeader contains meta information based on request processing by server
--- a/service/verify.go
+++ b/service/verify.go
@ -53,18 +53,6 @@ func (m *RequestVerificationHeader) AddSignature(sig *RequestVerificationHeader_
 	m.Signatures = append(m.Signatures, sig)
 }
 // SetOwner adds origin (sign and public key) of owner (client) into first signature.
 func (m *RequestVerificationHeader) SetOwner(pub *ecdsa.PublicKey, sign []byte) {
 	if len(m.Signatures) == 0 || pub == nil {
 		return
 	}
 	m.Signatures[0].Origin = &RequestVerificationHeader_Sign{
 		Sign: sign,
 		Peer: crypto.MarshalPublicKey(pub),
 	}
 }
 // CheckOwner validates, that passed OwnerID is equal to present PublicKey of owner.
 func (m *RequestVerificationHeader) CheckOwner(owner refs.OwnerID) error {
 	if key, err := m.GetOwner(); err != nil {
@ -83,18 +71,6 @@ func (m *RequestVerificationHeader) CheckOwner(owner refs.OwnerID) error {
 func (m *RequestVerificationHeader) GetOwner() (*ecdsa.PublicKey, error) {
 	if len(m.Signatures) == 0 {
 		return nil, ErrCannotFindOwner
 	}
 	// if first signature contains origin, we should try to validate session key
 	if m.Signatures[0].Origin != nil {
 		owner := crypto.UnmarshalPublicKey(m.Signatures[0].Origin.Peer)
 		if owner == nil {
 			return nil, ErrCannotLoadPublicKey
 		} else if err := crypto.Verify(owner, m.Signatures[0].Peer, m.Signatures[0].Origin.Sign); err != nil {
 			return nil, errors.Wrap(err, "could not verify session token")
 		}
 		return owner, nil
 	} else if key := crypto.UnmarshalPublicKey(m.Signatures[0].Peer); key != nil {
 		return key, nil
 	}
@ -128,10 +104,8 @@ func newSignature(key *ecdsa.PrivateKey, data []byte) (*RequestVerificationHeade
 	}
 	return &RequestVerificationHeader_Signature{
-		RequestVerificationHeader_Sign: RequestVerificationHeader_Sign{
+		Sign: sign,
-			Sign: sign,
+		Peer: crypto.MarshalPublicKey(&key.PublicKey),
 			Peer: crypto.MarshalPublicKey(&key.PublicKey),
 		},
 	}, nil
 }
--- a/service/verify.pb.go
+++ b/service/verify.pb.go
--- a/service/verify.proto
+++ b/service/verify.proto
@ -3,6 +3,7 @@ package service;
 option go_package = "github.com/nspcc-dev/neofs-api-go/service";
 option csharp_namespace = "NeoFS.API.Service";
 import "refs/types.proto";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
 option (gogoproto.stable_marshaler_all) = true;
@ -10,22 +11,74 @@ option (gogoproto.stable_marshaler_all) = true;
 // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request
 // (should be embedded into message).
 message RequestVerificationHeader {
-    message Sign {
+    message Signature {
        // Sign is signature of the request or session key.
        bytes Sign = 1;
        // Peer is compressed public key used for signature.
        bytes Peer = 2;
    }
    message Signature {
        // Sign is a signature and public key of the request.
        Sign Sign   = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
        // Origin used for requests, when trusted node changes it and re-sign with session key.
        // If session key used for signature request, then Origin should contain
        // public key of user and signed session key.
        Sign Origin = 2;
    }
    // Signatures is a set of signatures of every passed NeoFS Node
    repeated Signature Signatures = 1;
    // Token is a token of the session within which the request is sent
    Token Token = 2;
 }
 // User token granting rights for object manipulation
 message Token {
    message Info {
        // ID is a token identifier. valid UUIDv4 represented in bytes
        bytes ID = 1 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
        // OwnerID is an owner of manipulation object
        bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
        // Verb is an enumeration of session request types
        enum Verb {
            // Put refers to object.Put RPC call
            Put = 0;
            // Get refers to object.Get RPC call
            Get = 1;
            // Head refers to object.Head RPC call
            Head = 2;
            // Search refers to object.Search RPC call
            Search = 3;
            // Delete refers to object.Delete RPC call
            Delete = 4;
            // Range refers to object.GetRange RPC call
            Range = 5;
            // RangeHash refers to object.GetRangeHash RPC call
            RangeHash = 6;
        }
        // Verb is a type of request for which the token is issued
        Verb verb = 3 [(gogoproto.customname) = "Verb"];
        // Address is an object address for which token is issued
        refs.Address Address = 4 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
        // Created is an initial epoch of token lifetime
        uint64 Created = 5;
        // ValidUntil is a last epoch of token lifetime
        uint64 ValidUntil = 6;
        // SessionKey is a public key of session key
        bytes SessionKey = 7;
    }
    // TokenInfo is a grouped information about token
    Info TokenInfo = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
    // Signature is a signature of session token information
    bytes Signature = 8;
 }
 // TODO: for variable token types and version redefine message
 // Example:
 // message Token {
 //     TokenType TokenType = 1;
 //     uint32 Version = 2;
 //     bytes Data = 3;
 // }
--- a/service/verify_test.go
+++ b/service/verify_test.go
@ -119,15 +119,13 @@ func TestMaintainableRequest(t *testing.T) {
 		req.TTL--
 		key := test.DecodeKey(i)
 		require.NoError(t, SignRequestHeader(key, req))
 		// sign first key (session key) by owner key
 		if i == 0 {
-			sign, err := crypto.Sign(owner, crypto.MarshalPublicKey(&key.PublicKey))
+			key = owner
 			require.NoError(t, err)
 			req.SetOwner(&owner.PublicKey, sign)
 		}
 		require.NoError(t, SignRequestHeader(key, req))
 	}
 	{ // Validate owner
@ -150,17 +148,8 @@ func TestMaintainableRequest(t *testing.T) {
 		require.Equal(t, &owner.PublicKey, pub)
 	}
 	{ // wrong owner:
 		req.Signatures[0].Origin = nil
 		pub, err := req.GetOwner()
 		require.NoError(t, err)
 		require.NotEqual(t, &owner.PublicKey, pub)
 	}
 	{ // Wrong signatures:
-		copy(req.Signatures[count-1].Sign, req.Signatures[count-1].Peer)
+		copy(req.Signatures[count-1].Sign, req.Signatures[count-2].Sign)
 		err := VerifyRequestHeader(req)
 		require.EqualError(t, errors.Cause(err), crypto.ErrInvalidSignature.Error())
 	}
--- a/session/service.go
+++ b/session/service.go
@ -5,7 +5,6 @@ import (
 	"crypto/ecdsa"
 	"github.com/nspcc-dev/neofs-api-go/refs"
 	crypto "github.com/nspcc-dev/neofs-crypto"
 )
 type (
@ -31,9 +30,9 @@ type (
 	TokenParams struct {
 		FirstEpoch uint64
 		LastEpoch  uint64
-		ObjectID   []ObjectID
+		Address    Address
 		OwnerID    OwnerID
-		PublicKeys [][]byte
+		Verb       Verb
 	}
 )
@ -46,13 +45,3 @@ func NewInitRequest(t *Token) *CreateRequest {
 func NewSignedRequest(t *Token) *CreateRequest {
 	return &CreateRequest{Message: &CreateRequest_Signed{Signed: t}}
 }
 // Sign signs contents of the header with the private key.
 func (m *VerificationHeader) Sign(key *ecdsa.PrivateKey) error {
 	s, err := crypto.Sign(key, m.PublicKey)
 	if err != nil {
 		return err
 	}
 	m.KeySignature = s
 	return nil
 }
--- a/session/service.pb.go
+++ b/session/service.pb.go
@ -80,10 +80,10 @@ type isCreateRequest_Message interface {
 }
 type CreateRequest_Init struct {
-	Init *Token `protobuf:"bytes,1,opt,name=Init,proto3,oneof" json:"Init,omitempty"`
+	Init *service.Token `protobuf:"bytes,1,opt,name=Init,proto3,oneof" json:"Init,omitempty"`
 }
 type CreateRequest_Signed struct {
-	Signed *Token `protobuf:"bytes,2,opt,name=Signed,proto3,oneof" json:"Signed,omitempty"`
+	Signed *service.Token `protobuf:"bytes,2,opt,name=Signed,proto3,oneof" json:"Signed,omitempty"`
 }
 func (*CreateRequest_Init) isCreateRequest_Message()   {}
@ -96,14 +96,14 @@ func (m *CreateRequest) GetMessage() isCreateRequest_Message {
 	return nil
 }
-func (m *CreateRequest) GetInit() *Token {
+func (m *CreateRequest) GetInit() *service.Token {
 	if x, ok := m.GetMessage().(*CreateRequest_Init); ok {
 		return x.Init
 	}
 	return nil
 }
-func (m *CreateRequest) GetSigned() *Token {
+func (m *CreateRequest) GetSigned() *service.Token {
 	if x, ok := m.GetMessage().(*CreateRequest_Signed); ok {
 		return x.Signed
 	}
@ -164,10 +164,10 @@ type isCreateResponse_Message interface {
 }
 type CreateResponse_Unsigned struct {
-	Unsigned *Token `protobuf:"bytes,1,opt,name=Unsigned,proto3,oneof" json:"Unsigned,omitempty"`
+	Unsigned *service.Token `protobuf:"bytes,1,opt,name=Unsigned,proto3,oneof" json:"Unsigned,omitempty"`
 }
 type CreateResponse_Result struct {
-	Result *Token `protobuf:"bytes,2,opt,name=Result,proto3,oneof" json:"Result,omitempty"`
+	Result *service.Token `protobuf:"bytes,2,opt,name=Result,proto3,oneof" json:"Result,omitempty"`
 }
 func (*CreateResponse_Unsigned) isCreateResponse_Message() {}
@ -180,14 +180,14 @@ func (m *CreateResponse) GetMessage() isCreateResponse_Message {
 	return nil
 }
-func (m *CreateResponse) GetUnsigned() *Token {
+func (m *CreateResponse) GetUnsigned() *service.Token {
 	if x, ok := m.GetMessage().(*CreateResponse_Unsigned); ok {
 		return x.Unsigned
 	}
 	return nil
 }
-func (m *CreateResponse) GetResult() *Token {
+func (m *CreateResponse) GetResult() *service.Token {
 	if x, ok := m.GetMessage().(*CreateResponse_Result); ok {
 		return x.Result
 	}
@ -210,32 +210,31 @@ func init() {
 func init() { proto.RegisterFile("session/service.proto", fileDescriptor_b329bee0fd1148e0) }
 var fileDescriptor_b329bee0fd1148e0 = []byte{
-	// 388 bytes of a gzipped FileDescriptorProto
+	// 380 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x52, 0x4f, 0x6f, 0xda, 0x30,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x52, 0x4f, 0x4f, 0xe2, 0x40,
-	0x14, 0xc7, 0x08, 0x05, 0xe6, 0x69, 0x48, 0xf3, 0xfe, 0x45, 0x39, 0x84, 0x09, 0xed, 0xc0, 0xa4,
+	0x14, 0x67, 0x08, 0x29, 0xec, 0x6c, 0x96, 0x64, 0x27, 0xfb, 0xa7, 0xe9, 0xa1, 0x6c, 0xc8, 0x1e,
-	0x25, 0x99, 0xd8, 0x65, 0x97, 0x1d, 0xc6, 0xa6, 0x0a, 0x0e, 0x54, 0x55, 0xd2, 0xf6, 0xd0, 0x5b,
+	0xd8, 0x64, 0xdb, 0x1a, 0xbc, 0x78, 0xf1, 0x20, 0x1a, 0x03, 0x07, 0x8c, 0x69, 0xd5, 0x83, 0xb7,
-	0x12, 0x1e, 0xa9, 0xd5, 0x62, 0xa7, 0xb1, 0x83, 0xc4, 0x37, 0xe9, 0x67, 0xe8, 0x27, 0xe1, 0xc8,
+	0xb6, 0x3c, 0xea, 0x44, 0x99, 0xa9, 0x9d, 0x29, 0x89, 0xdf, 0xc4, 0xcf, 0xe0, 0x27, 0xe1, 0xc8,
-	0xb1, 0x27, 0x54, 0xa5, 0xb7, 0x7e, 0x8a, 0x0a, 0xc7, 0x41, 0xb4, 0x88, 0x9b, 0xdf, 0xef, 0xcf,
+	0xd1, 0x13, 0x31, 0xf5, 0xe6, 0xa7, 0x30, 0x4c, 0x07, 0x82, 0x12, 0x6e, 0x7d, 0xbf, 0x3f, 0xef,
-	0x7b, 0xef, 0x67, 0x1b, 0x7f, 0x12, 0x20, 0x04, 0xe5, 0xcc, 0x13, 0x90, 0xcd, 0x69, 0x0c, 0x6e,
+	0xbd, 0x5f, 0xdf, 0xe0, 0x9f, 0x02, 0x84, 0xa0, 0x9c, 0x79, 0x02, 0xb2, 0x29, 0x8d, 0xc1, 0x4d,
-	0x9a, 0x71, 0xc9, 0x49, 0x53, 0xc3, 0xd6, 0x87, 0x8a, 0x97, 0x8b, 0x14, 0x44, 0xc9, 0x5a, 0x44,
+	0x33, 0x2e, 0x39, 0xa9, 0x6b, 0xd8, 0x22, 0x1a, 0xf7, 0x26, 0x20, 0xc3, 0x92, 0xb4, 0x7e, 0xac,
-	0x8b, 0xbd, 0x19, 0xc8, 0x50, 0x63, 0x1f, 0x2b, 0x6c, 0x0e, 0x19, 0x9d, 0x2e, 0x34, 0xea, 0x24,
+	0xb0, 0x29, 0x64, 0x74, 0xfc, 0xa0, 0x51, 0x27, 0xa1, 0xf2, 0x26, 0x8f, 0xdc, 0x98, 0x4f, 0xbc,
-	0x54, 0x5e, 0xe6, 0x91, 0x1b, 0xf3, 0x99, 0x97, 0xf0, 0x84, 0x7b, 0x0a, 0x8e, 0xf2, 0xa9, 0xaa,
+	0x84, 0x27, 0xdc, 0x53, 0x70, 0x94, 0x8f, 0x55, 0xa5, 0x0a, 0xf5, 0x55, 0xca, 0xdb, 0x6f, 0x08,
-	0x54, 0xa1, 0x4e, 0xa5, 0xbc, 0xfb, 0x84, 0xf0, 0xbb, 0x7f, 0x19, 0x84, 0x12, 0x7c, 0xb8, 0xc9,
+	0x7f, 0x3b, 0xce, 0x20, 0x94, 0xe0, 0xc3, 0x7d, 0x0e, 0x42, 0x92, 0xbf, 0xb8, 0x36, 0x60, 0x54,
-	0x41, 0x48, 0xf2, 0x0d, 0x37, 0x46, 0x8c, 0x4a, 0x13, 0x7d, 0x45, 0xbd, 0xb7, 0xfd, 0xb6, 0xab,
+	0x9a, 0xe8, 0x0f, 0xea, 0x7c, 0xed, 0x36, 0xdd, 0xd5, 0x46, 0x17, 0xfc, 0x16, 0x58, 0xbf, 0xe2,
-	0xd7, 0x71, 0x4f, 0xf9, 0x15, 0xb0, 0x61, 0xcd, 0x57, 0x2c, 0xe9, 0x61, 0x23, 0xa0, 0x09, 0x83,
+	0x2b, 0x96, 0x74, 0xb0, 0x11, 0xd0, 0x84, 0xc1, 0xc8, 0xac, 0xee, 0xd0, 0x69, 0x9e, 0x1c, 0xe0,
-	0x89, 0x59, 0x3f, 0xa0, 0xd3, 0x3c, 0xf9, 0x8d, 0x1b, 0x63, 0x90, 0xa1, 0x19, 0x29, 0x9d, 0xe5,
+	0xda, 0x10, 0x64, 0x68, 0x46, 0x4a, 0x67, 0xad, 0x75, 0x7a, 0xde, 0x92, 0xeb, 0x43, 0x38, 0x82,
-	0x56, 0xb1, 0xf5, 0xbc, 0x0d, 0x37, 0x84, 0x70, 0x02, 0xd9, 0xa0, 0xb5, 0x5c, 0x77, 0x6a, 0xab,
+	0xac, 0xd7, 0x98, 0x2d, 0x5a, 0x95, 0xf9, 0xa2, 0x85, 0x7c, 0xe5, 0x20, 0x27, 0xd8, 0xb8, 0x52,
-	0x75, 0x07, 0xf9, 0xca, 0x41, 0xfe, 0x63, 0xe3, 0x5c, 0x45, 0x33, 0x63, 0xe5, 0xed, 0xbe, 0xf6,
+	0xd1, 0xcc, 0x58, 0x79, 0xdb, 0x9f, 0xbd, 0x8a, 0xa5, 0x71, 0x28, 0x29, 0x67, 0x5b, 0x3d, 0xb4,
-	0x2a, 0x96, 0xc6, 0xa1, 0xa4, 0x9c, 0xed, 0xf5, 0xd0, 0xde, 0xc1, 0x1b, 0xdc, 0x1c, 0x83, 0x10,
+	0xb7, 0xf7, 0x05, 0xd7, 0x87, 0x20, 0x44, 0x98, 0x40, 0x5b, 0xe0, 0xe6, 0x2a, 0xab, 0x48, 0x39,
-	0x61, 0x02, 0x5d, 0x81, 0xdb, 0x55, 0x56, 0x91, 0x72, 0x26, 0x80, 0xfc, 0xc0, 0xad, 0x33, 0x26,
+	0x13, 0x40, 0xfe, 0xe3, 0xc6, 0x25, 0x13, 0x65, 0x90, 0x5d, 0x81, 0xd7, 0x8a, 0x65, 0x68, 0x1f,
-	0xca, 0x20, 0x87, 0x02, 0x6f, 0x15, 0x9b, 0xd0, 0x3e, 0x88, 0xfc, 0x5a, 0x1e, 0x0e, 0x5d, 0xf2,
+	0x44, 0x7e, 0x27, 0x77, 0x87, 0x2e, 0xf9, 0x8d, 0xa1, 0xdd, 0x3e, 0xae, 0x07, 0xe5, 0x15, 0xc9,
-	0x3b, 0x43, 0xfb, 0x43, 0xdc, 0x0c, 0x4a, 0x15, 0xf9, 0x83, 0x8d, 0x72, 0x3e, 0xf9, 0xbc, 0x75,
+	0x21, 0x36, 0xca, 0xf9, 0xe4, 0x97, 0xab, 0x2f, 0xeb, 0x7e, 0xf8, 0xf9, 0xd6, 0xef, 0x2d, 0xbc,
-	0xbe, 0xb8, 0x7c, 0xeb, 0xcb, 0x1e, 0x5e, 0x2e, 0xda, 0x43, 0x3f, 0xd1, 0x20, 0x58, 0x16, 0x36,
+	0x5c, 0xb4, 0x83, 0xf6, 0x50, 0x2f, 0x98, 0x15, 0x36, 0x9a, 0x17, 0x36, 0x7a, 0x2e, 0x6c, 0xf4,
-	0x5a, 0x15, 0x36, 0xba, 0x2f, 0x6c, 0xf4, 0x50, 0xd8, 0xe8, 0xf6, 0xd1, 0xae, 0x5d, 0x7c, 0xdf,
+	0x52, 0xd8, 0xe8, 0xf1, 0xd5, 0xae, 0x5c, 0xff, 0xdb, 0x38, 0x38, 0x13, 0x69, 0x1c, 0x3b, 0x23,
-	0x79, 0x70, 0x26, 0xd2, 0x38, 0x76, 0x26, 0x30, 0xf7, 0x18, 0xf0, 0xa9, 0x70, 0xc2, 0x94, 0x3a,
+	0x98, 0x7a, 0x0c, 0xf8, 0x58, 0x38, 0x61, 0x4a, 0x9d, 0x84, 0x7b, 0xba, 0xe7, 0x53, 0xf5, 0xfb,
-	0x09, 0xf7, 0x74, 0xcf, 0xbb, 0xfa, 0xfb, 0x63, 0xe0, 0x47, 0x81, 0xfb, 0xf7, 0x64, 0xe4, 0xea,
+	0x19, 0xf0, 0xd3, 0xc0, 0x3d, 0x3a, 0x1f, 0xb8, 0x7a, 0xa7, 0xc8, 0x50, 0xef, 0x60, 0xff, 0x3d,
-	0x9d, 0x22, 0x43, 0xfd, 0x83, 0x5f, 0xcf, 0x01, 0x00, 0x00, 0xff, 0xff, 0x18, 0x94, 0x4c, 0x61,
+	0x00, 0x00, 0xff, 0xff, 0x70, 0x53, 0x71, 0xf3, 0x82, 0x02, 0x00, 0x00,
 	0x97, 0x02, 0x00, 0x00,
 }
 // Reference imports to suppress errors if they are not otherwise used.
@ -708,7 +707,7 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &Token{}
+			v := &service.Token{}
 			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@ -743,7 +742,7 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &Token{}
+			v := &service.Token{}
 			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@ -898,7 +897,7 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &Token{}
+			v := &service.Token{}
 			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@ -933,7 +932,7 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			v := &Token{}
+			v := &service.Token{}
 			if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
--- a/session/service.proto
+++ b/session/service.proto
@ -3,7 +3,6 @@ package session;
 option go_package = "github.com/nspcc-dev/neofs-api-go/session";
 option csharp_namespace = "NeoFS.API.Session";
 import "session/types.proto";
 import "service/meta.proto";
 import "service/verify.proto";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@ -33,9 +32,9 @@ message CreateRequest {
        // owner of manipulation object;
        // ID of manipulation object;
        // token lifetime bounds.
-        session.Token Init = 1;
+        service.Token Init = 1;
        // Signed Init message response (Unsigned) from server with user private key
-        session.Token Signed = 2;
+        service.Token Signed = 2;
    }
    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
@ -46,8 +45,8 @@ message CreateRequest {
 message CreateResponse {
    oneof Message {
        // Unsigned token with token ID and session public key generated on server side
-        session.Token Unsigned = 1;
+        service.Token Unsigned = 1;
        // Result is a resulting token which can be used for object placing through an trusted intermediary
-        session.Token Result = 2;
+        service.Token Result = 2;
    }
 }
--- a/session/store.go
+++ b/session/store.go
@ -7,6 +7,7 @@ import (
 	"sync"
 	"github.com/nspcc-dev/neofs-api-go/refs"
 	"github.com/nspcc-dev/neofs-api-go/service"
 	crypto "github.com/nspcc-dev/neofs-crypto"
 )
@ -48,13 +49,15 @@ func (s *simpleStore) New(p TokenParams) *PToken {
 	t := &PToken{
 		mtx: new(sync.Mutex),
 		Token: Token{
-			ID:         tid,
+			Token_Info: service.Token_Info{
-			Header:     VerificationHeader{PublicKey: crypto.MarshalPublicKey(&key.PublicKey)},
+				ID:         tid,
-			FirstEpoch: p.FirstEpoch,
+				OwnerID:    p.OwnerID,
-			LastEpoch:  p.LastEpoch,
+				Verb:       p.Verb,
-			ObjectID:   p.ObjectID,
+				Address:    p.Address,
-			OwnerID:    p.OwnerID,
+				Created:    p.FirstEpoch,
-			PublicKeys: p.PublicKeys,
+				ValidUntil: p.LastEpoch,
 				SessionKey: crypto.MarshalPublicKey(&key.PublicKey),
 			},
 		},
 		PrivateKey: key,
 	}
--- a/session/store_test.go
+++ b/session/store_test.go
@ -1,96 +1,3 @@
 package session
-import (
+// TODO: write unit tests
 	"crypto/ecdsa"
 	"crypto/rand"
 	"testing"
 	"github.com/nspcc-dev/neofs-api-go/refs"
 	crypto "github.com/nspcc-dev/neofs-crypto"
 	"github.com/stretchr/testify/require"
 )
 type testClient struct {
 	*ecdsa.PrivateKey
 	OwnerID OwnerID
 }
 func (c *testClient) Sign(data []byte) ([]byte, error) {
 	return crypto.Sign(c.PrivateKey, data)
 }
 func newTestClient(t *testing.T) *testClient {
 	key, err := ecdsa.GenerateKey(defaultCurve(), rand.Reader)
 	require.NoError(t, err)
 	owner, err := refs.NewOwnerID(&key.PublicKey)
 	require.NoError(t, err)
 	return &testClient{PrivateKey: key, OwnerID: owner}
 }
 func signToken(t *testing.T, token *PToken, c *testClient) {
 	require.NotNil(t, token)
 	token.SetPublicKeys(&c.PublicKey)
 	signH, err := c.Sign(token.Header.PublicKey)
 	require.NoError(t, err)
 	require.NotNil(t, signH)
 	// data is not yet signed
 	keys := UnmarshalPublicKeys(&token.Token)
 	require.False(t, token.Verify(keys...))
 	signT, err := c.Sign(token.verificationData())
 	require.NoError(t, err)
 	require.NotNil(t, signT)
 	token.AddSignatures(signH, signT)
 	require.True(t, token.Verify(keys...))
 }
 func TestTokenStore(t *testing.T) {
 	s := NewSimpleStore()
 	oid, err := refs.NewObjectID()
 	require.NoError(t, err)
 	c := newTestClient(t)
 	require.NotNil(t, c)
 	pk := [][]byte{crypto.MarshalPublicKey(&c.PublicKey)}
 	// create new token
 	token := s.New(TokenParams{
 		ObjectID:   []ObjectID{oid},
 		OwnerID:    c.OwnerID,
 		PublicKeys: pk,
 	})
 	signToken(t, token, c)
 	// check that it can be fetched
 	t1 := s.Fetch(token.ID)
 	require.NotNil(t, t1)
 	require.Equal(t, token, t1)
 	// create and sign another token by the same client
 	t1 = s.New(TokenParams{
 		ObjectID:   []ObjectID{oid},
 		OwnerID:    c.OwnerID,
 		PublicKeys: pk,
 	})
 	signToken(t, t1, c)
 	data := []byte{1, 2, 3}
 	sign, err := t1.SignData(data)
 	require.NoError(t, err)
 	require.Error(t, token.Header.VerifyData(data, sign))
 	sign, err = token.SignData(data)
 	require.NoError(t, err)
 	require.NoError(t, token.Header.VerifyData(data, sign))
 	s.Remove(token.ID)
 	require.Nil(t, s.Fetch(token.ID))
 	require.NotNil(t, s.Fetch(t1.ID))
 }
--- a/session/types.go
+++ b/session/types.go
@ -2,14 +2,12 @@ package session
 import (
 	"crypto/ecdsa"
 	"encoding/binary"
 	"sync"
 	"github.com/nspcc-dev/neofs-api-go/chain"
 	"github.com/nspcc-dev/neofs-api-go/internal"
 	"github.com/nspcc-dev/neofs-api-go/refs"
 	"github.com/nspcc-dev/neofs-api-go/service"
 	crypto "github.com/nspcc-dev/neofs-crypto"
 	"github.com/pkg/errors"
 )
 type (
@ -19,6 +17,12 @@ type (
 	OwnerID = refs.OwnerID
 	// TokenID type alias.
 	TokenID = refs.UUID
 	// Token type alias
 	Token = service.Token
 	// Address type alias
 	Address = refs.Address
 	// Verb is Token_Info_Verb type alias
 	Verb = service.Token_Info_Verb
 	// PToken is a wrapper around Token that allows to sign data
 	// and to do thread-safe manipulations.
@ -55,127 +59,7 @@ const (
 	ErrInvalidSignature = internal.Error("invalid signature")
 )
 // verificationData returns byte array to sign.
 // Note: protobuf serialization is inconsistent as
 // wire order is unspecified.
 func (m *Token) verificationData() (data []byte) {
 	var size int
 	if l := len(m.ObjectID); l > 0 {
 		size = m.ObjectID[0].Size()
 		data = make([]byte, 16+l*size)
 	} else {
 		data = make([]byte, 16)
 	}
 	binary.BigEndian.PutUint64(data, m.FirstEpoch)
 	binary.BigEndian.PutUint64(data[8:], m.LastEpoch)
 	for i := range m.ObjectID {
 		copy(data[16+i*size:], m.ObjectID[i].Bytes())
 	}
 	return
 }
 // IsSame checks if the passed token is valid and equal to current token
 func (m *Token) IsSame(t *Token) error {
 	switch {
 	case m.FirstEpoch != t.FirstEpoch:
 		return ErrWrongFirstEpoch
 	case m.LastEpoch != t.LastEpoch:
 		return ErrWrongLastEpoch
 	case !m.OwnerID.Equal(t.OwnerID):
 		return ErrWrongOwner
 	case m.Header.PublicKey == nil:
 		return ErrEmptyPublicKey
 	case len(m.ObjectID) != len(t.ObjectID):
 		return ErrWrongObjectsCount
 	default:
 		for i := range m.ObjectID {
 			if !m.ObjectID[i].Equal(t.ObjectID[i]) {
 				return errors.Wrapf(ErrWrongObjects, "expect %s, actual: %s", m.ObjectID[i], t.ObjectID[i])
 			}
 		}
 	}
 	return nil
 }
 // Sign tries to sign current Token data and stores signature inside it.
 func (m *Token) Sign(key *ecdsa.PrivateKey) error {
 	if err := m.Header.Sign(key); err != nil {
 		return err
 	}
 	s, err := crypto.Sign(key, m.verificationData())
 	if err != nil {
 		return err
 	}
 	m.Signature = s
 	return nil
 }
 // SetPublicKeys sets owner's public keys to the token
 func (m *Token) SetPublicKeys(keys ...*ecdsa.PublicKey) {
 	m.PublicKeys = m.PublicKeys[:0]
 	for i := range keys {
 		m.PublicKeys = append(m.PublicKeys, crypto.MarshalPublicKey(keys[i]))
 	}
 }
 // Verify checks if token is correct and signed.
 func (m *Token) Verify(keys ...*ecdsa.PublicKey) bool {
 	if m.FirstEpoch > m.LastEpoch {
 		return false
 	}
 	ownerFromKeys := chain.KeysToAddress(keys...)
 	if m.OwnerID.String() != ownerFromKeys {
 		return false
 	}
 	for i := range keys {
 		if m.Header.Verify(keys[i]) && crypto.Verify(keys[i], m.verificationData(), m.Signature) == nil {
 			return true
 		}
 	}
 	return false
 }
 // AddSignatures adds token signatures.
 func (t *PToken) AddSignatures(signH, signT []byte) {
 	t.mtx.Lock()
 	t.Header.KeySignature = signH
 	t.Signature = signT
 	t.mtx.Unlock()
 }
 // SignData signs data with session private key.
 func (t *PToken) SignData(data []byte) ([]byte, error) {
 	return crypto.Sign(t.PrivateKey, data)
 }
 // VerifyData checks if signature of data by token is equal to sign.
 func (m *VerificationHeader) VerifyData(data, sign []byte) error {
 	if crypto.Verify(crypto.UnmarshalPublicKey(m.PublicKey), data, sign) != nil {
 		return ErrInvalidSignature
 	}
 	return nil
 }
 // Verify checks if verification header was issued by id.
 func (m *VerificationHeader) Verify(keys ...*ecdsa.PublicKey) bool {
 	for i := range keys {
 		if crypto.Verify(keys[i], m.PublicKey, m.KeySignature) == nil {
 			return true
 		}
 	}
 	return false
 }
 // UnmarshalPublicKeys returns unmarshal public keys from the token
 func UnmarshalPublicKeys(t *Token) []*ecdsa.PublicKey {
 	r := make([]*ecdsa.PublicKey, 0, len(t.PublicKeys))
 	for i := range t.PublicKeys {
 		r = append(r, crypto.UnmarshalPublicKey(t.PublicKeys[i]))
 	}
 	return r
 }
--- a/session/types.pb.go
+++ b/session/types.pb.go
@ -1,913 +0,0 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: session/types.proto
 package session
 import (
 	fmt "fmt"
 	_ "github.com/gogo/protobuf/gogoproto"
 	proto "github.com/golang/protobuf/proto"
 	io "io"
 	math "math"
 	math_bits "math/bits"
 )
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
 type VerificationHeader struct {
 	// PublicKey is a session public key
 	PublicKey []byte `protobuf:"bytes,1,opt,name=PublicKey,proto3" json:"PublicKey,omitempty"`
 	// KeySignature is a session public key signature. Signed by trusted side
 	KeySignature         []byte   `protobuf:"bytes,2,opt,name=KeySignature,proto3" json:"KeySignature,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
 func (m *VerificationHeader) Reset()         { *m = VerificationHeader{} }
 func (m *VerificationHeader) String() string { return proto.CompactTextString(m) }
 func (*VerificationHeader) ProtoMessage()    {}
 func (*VerificationHeader) Descriptor() ([]byte, []int) {
 	return fileDescriptor_c0d9d9cb855cdad8, []int{0}
 }
 func (m *VerificationHeader) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
 }
 func (m *VerificationHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	b = b[:cap(b)]
 	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
 	return b[:n], nil
 }
 func (m *VerificationHeader) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_VerificationHeader.Merge(m, src)
 }
 func (m *VerificationHeader) XXX_Size() int {
 	return m.Size()
 }
 func (m *VerificationHeader) XXX_DiscardUnknown() {
 	xxx_messageInfo_VerificationHeader.DiscardUnknown(m)
 }
 var xxx_messageInfo_VerificationHeader proto.InternalMessageInfo
 func (m *VerificationHeader) GetPublicKey() []byte {
 	if m != nil {
 		return m.PublicKey
 	}
 	return nil
 }
 func (m *VerificationHeader) GetKeySignature() []byte {
 	if m != nil {
 		return m.KeySignature
 	}
 	return nil
 }
 // User token granting rights for object manipulation
 type Token struct {
 	// Header carries verification data of session key
 	Header VerificationHeader `protobuf:"bytes,1,opt,name=Header,proto3" json:"Header"`
 	// OwnerID is an owner of manipulation object
 	OwnerID OwnerID `protobuf:"bytes,2,opt,name=OwnerID,proto3,customtype=OwnerID" json:"OwnerID"`
 	// FirstEpoch is an initial epoch of token lifetime
 	FirstEpoch uint64 `protobuf:"varint,3,opt,name=FirstEpoch,proto3" json:"FirstEpoch,omitempty"`
 	// LastEpoch is a last epoch of token lifetime
 	LastEpoch uint64 `protobuf:"varint,4,opt,name=LastEpoch,proto3" json:"LastEpoch,omitempty"`
 	// ObjectID is an object identifier of manipulation object
 	ObjectID []ObjectID `protobuf:"bytes,5,rep,name=ObjectID,proto3,customtype=ObjectID" json:"ObjectID"`
 	// Signature is a token signature, signed by owner of manipulation object
 	Signature []byte `protobuf:"bytes,6,opt,name=Signature,proto3" json:"Signature,omitempty"`
 	// ID is a token identifier. valid UUIDv4 represented in bytes
 	ID TokenID `protobuf:"bytes,7,opt,name=ID,proto3,customtype=TokenID" json:"ID"`
 	// PublicKeys associated with owner
 	PublicKeys           [][]byte `protobuf:"bytes,8,rep,name=PublicKeys,proto3" json:"PublicKeys,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
 }
 func (m *Token) Reset()         { *m = Token{} }
 func (m *Token) String() string { return proto.CompactTextString(m) }
 func (*Token) ProtoMessage()    {}
 func (*Token) Descriptor() ([]byte, []int) {
 	return fileDescriptor_c0d9d9cb855cdad8, []int{1}
 }
 func (m *Token) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
 }
 func (m *Token) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	b = b[:cap(b)]
 	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
 		return nil, err
 	}
 	return b[:n], nil
 }
 func (m *Token) XXX_Merge(src proto.Message) {
 	xxx_messageInfo_Token.Merge(m, src)
 }
 func (m *Token) XXX_Size() int {
 	return m.Size()
 }
 func (m *Token) XXX_DiscardUnknown() {
 	xxx_messageInfo_Token.DiscardUnknown(m)
 }
 var xxx_messageInfo_Token proto.InternalMessageInfo
 func (m *Token) GetHeader() VerificationHeader {
 	if m != nil {
 		return m.Header
 	}
 	return VerificationHeader{}
 }
 func (m *Token) GetFirstEpoch() uint64 {
 	if m != nil {
 		return m.FirstEpoch
 	}
 	return 0
 }
 func (m *Token) GetLastEpoch() uint64 {
 	if m != nil {
 		return m.LastEpoch
 	}
 	return 0
 }
 func (m *Token) GetSignature() []byte {
 	if m != nil {
 		return m.Signature
 	}
 	return nil
 }
 func (m *Token) GetPublicKeys() [][]byte {
 	if m != nil {
 		return m.PublicKeys
 	}
 	return nil
 }
 func init() {
 	proto.RegisterType((*VerificationHeader)(nil), "session.VerificationHeader")
 	proto.RegisterType((*Token)(nil), "session.Token")
 }
 func init() { proto.RegisterFile("session/types.proto", fileDescriptor_c0d9d9cb855cdad8) }
 var fileDescriptor_c0d9d9cb855cdad8 = []byte{
 	// 374 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x64, 0x91, 0xcd, 0x4e, 0x83, 0x40,
 	0x14, 0x85, 0x0b, 0xfd, 0x75, 0x6c, 0xa2, 0x8e, 0x1b, 0xa2, 0x86, 0x36, 0x5d, 0xb5, 0x89, 0x40,
 	0xa2, 0x2b, 0x97, 0x12, 0x6c, 0x24, 0x35, 0xb6, 0x01, 0xd3, 0x85, 0x3b, 0xa0, 0x53, 0x3a, 0xfe,
 	0x30, 0x84, 0x19, 0x34, 0x7d, 0x13, 0x9f, 0xc1, 0x27, 0xf0, 0x11, 0xba, 0x74, 0x69, 0x5c, 0x34,
 	0x06, 0x5f, 0xc4, 0x30, 0x50, 0xda, 0xc6, 0xdd, 0x9d, 0xef, 0xcc, 0xdc, 0x73, 0xe7, 0x5c, 0x70,
 	0x48, 0x11, 0xa5, 0x98, 0x04, 0x1a, 0x9b, 0x87, 0x88, 0xaa, 0x61, 0x44, 0x18, 0x81, 0xf5, 0x1c,
 	0x1e, 0x29, 0x3e, 0x66, 0xb3, 0xd8, 0x55, 0x3d, 0xf2, 0xac, 0xf9, 0xc4, 0x27, 0x1a, 0xd7, 0xdd,
 	0x78, 0xca, 0x4f, 0xfc, 0xc0, 0xab, 0xec, 0x5d, 0x67, 0x0c, 0xe0, 0x18, 0x45, 0x78, 0x8a, 0x3d,
 	0x87, 0x61, 0x12, 0x5c, 0x23, 0x67, 0x82, 0x22, 0x78, 0x02, 0x76, 0x46, 0xb1, 0xfb, 0x84, 0xbd,
 	0x01, 0x9a, 0x4b, 0x42, 0x5b, 0xe8, 0x36, 0xad, 0x35, 0x80, 0x1d, 0xd0, 0x1c, 0xa0, 0xb9, 0x8d,
 	0xfd, 0xc0, 0x61, 0x71, 0x84, 0x24, 0x91, 0x5f, 0xd8, 0x62, 0x9d, 0x0f, 0x11, 0x54, 0xef, 0xc8,
 	0x23, 0x0a, 0xe0, 0x05, 0xa8, 0x65, 0x5d, 0x79, 0xa3, 0xdd, 0xb3, 0x63, 0x35, 0x1f, 0x55, 0xfd,
 	0x6f, 0xac, 0x57, 0x16, 0xcb, 0x56, 0xc9, 0xca, 0x1f, 0xc0, 0x1e, 0xa8, 0x0f, 0x5f, 0x03, 0x14,
 	0x99, 0x46, 0xe6, 0xa1, 0xef, 0xa5, 0xf2, 0xf7, 0xb2, 0xb5, 0xc2, 0xd6, 0xaa, 0x80, 0x32, 0x00,
 	0x7d, 0x1c, 0x51, 0x76, 0x15, 0x12, 0x6f, 0x26, 0x95, 0xdb, 0x42, 0xb7, 0x62, 0x6d, 0x90, 0xf4,
 	0x47, 0x37, 0xce, 0x4a, 0xae, 0x70, 0x79, 0x0d, 0xe0, 0x29, 0x68, 0x0c, 0xdd, 0x07, 0xe4, 0x31,
 	0xd3, 0x90, 0xaa, 0xed, 0x72, 0xb7, 0xa9, 0xef, 0xe7, 0x4e, 0x05, 0xb7, 0x8a, 0x2a, 0xed, 0xb5,
 	0xfe, 0x7c, 0x2d, 0x4b, 0xa7, 0x00, 0xb0, 0x05, 0x44, 0xd3, 0x90, 0xea, 0xdb, 0xf3, 0xf2, 0x28,
 	0x4c, 0xc3, 0x12, 0xb3, 0x51, 0x8b, 0x2c, 0xa9, 0xd4, 0x48, 0xed, 0xac, 0x0d, 0xa2, 0xdb, 0x8b,
 	0x44, 0x16, 0x3e, 0x13, 0x59, 0xf8, 0x4a, 0x64, 0xe1, 0x27, 0x91, 0x85, 0xb7, 0x5f, 0xb9, 0x74,
 	0xdf, 0xdb, 0xd8, 0x6b, 0x40, 0x43, 0xcf, 0x53, 0x26, 0xe8, 0x45, 0x0b, 0x10, 0x99, 0x52, 0xc5,
 	0x09, 0xb1, 0xe2, 0x13, 0x2d, 0xcf, 0xf5, 0x5d, 0x3c, 0xb8, 0x45, 0xa4, 0x6f, 0xab, 0x97, 0x23,
 	0x53, 0xb5, 0x33, 0xe6, 0xd6, 0xf8, 0xba, 0xcf, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, 0xa2, 0x24,
 	0xcd, 0x60, 0x3d, 0x02, 0x00, 0x00,
 }
 func (m *VerificationHeader) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 func (m *VerificationHeader) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 func (m *VerificationHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.XXX_unrecognized != nil {
 		i -= len(m.XXX_unrecognized)
 		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.KeySignature) > 0 {
 		i -= len(m.KeySignature)
 		copy(dAtA[i:], m.KeySignature)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.KeySignature)))
 		i--
 		dAtA[i] = 0x12
 	}
 	if len(m.PublicKey) > 0 {
 		i -= len(m.PublicKey)
 		copy(dAtA[i:], m.PublicKey)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicKey)))
 		i--
 		dAtA[i] = 0xa
 	}
 	return len(dAtA) - i, nil
 }
 func (m *Token) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
 	if err != nil {
 		return nil, err
 	}
 	return dAtA[:n], nil
 }
 func (m *Token) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 func (m *Token) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
 	if m.XXX_unrecognized != nil {
 		i -= len(m.XXX_unrecognized)
 		copy(dAtA[i:], m.XXX_unrecognized)
 	}
 	if len(m.PublicKeys) > 0 {
 		for iNdEx := len(m.PublicKeys) - 1; iNdEx >= 0; iNdEx-- {
 			i -= len(m.PublicKeys[iNdEx])
 			copy(dAtA[i:], m.PublicKeys[iNdEx])
 			i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicKeys[iNdEx])))
 			i--
 			dAtA[i] = 0x42
 		}
 	}
 	{
 		size := m.ID.Size()
 		i -= size
 		if _, err := m.ID.MarshalTo(dAtA[i:]); err != nil {
 			return 0, err
 		}
 		i = encodeVarintTypes(dAtA, i, uint64(size))
 	}
 	i--
 	dAtA[i] = 0x3a
 	if len(m.Signature) > 0 {
 		i -= len(m.Signature)
 		copy(dAtA[i:], m.Signature)
 		i = encodeVarintTypes(dAtA, i, uint64(len(m.Signature)))
 		i--
 		dAtA[i] = 0x32
 	}
 	if len(m.ObjectID) > 0 {
 		for iNdEx := len(m.ObjectID) - 1; iNdEx >= 0; iNdEx-- {
 			{
 				size := m.ObjectID[iNdEx].Size()
 				i -= size
 				if _, err := m.ObjectID[iNdEx].MarshalTo(dAtA[i:]); err != nil {
 					return 0, err
 				}
 				i = encodeVarintTypes(dAtA, i, uint64(size))
 			}
 			i--
 			dAtA[i] = 0x2a
 		}
 	}
 	if m.LastEpoch != 0 {
 		i = encodeVarintTypes(dAtA, i, uint64(m.LastEpoch))
 		i--
 		dAtA[i] = 0x20
 	}
 	if m.FirstEpoch != 0 {
 		i = encodeVarintTypes(dAtA, i, uint64(m.FirstEpoch))
 		i--
 		dAtA[i] = 0x18
 	}
 	{
 		size := m.OwnerID.Size()
 		i -= size
 		if _, err := m.OwnerID.MarshalTo(dAtA[i:]); err != nil {
 			return 0, err
 		}
 		i = encodeVarintTypes(dAtA, i, uint64(size))
 	}
 	i--
 	dAtA[i] = 0x12
 	{
 		size, err := m.Header.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
 		i -= size
 		i = encodeVarintTypes(dAtA, i, uint64(size))
 	}
 	i--
 	dAtA[i] = 0xa
 	return len(dAtA) - i, nil
 }
 func encodeVarintTypes(dAtA []byte, offset int, v uint64) int {
 	offset -= sovTypes(v)
 	base := offset
 	for v >= 1<<7 {
 		dAtA[offset] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		offset++
 	}
 	dAtA[offset] = uint8(v)
 	return base
 }
 func (m *VerificationHeader) Size() (n int) {
 	if m == nil {
 		return 0
 	}
 	var l int
 	_ = l
 	l = len(m.PublicKey)
 	if l > 0 {
 		n += 1 + l + sovTypes(uint64(l))
 	}
 	l = len(m.KeySignature)
 	if l > 0 {
 		n += 1 + l + sovTypes(uint64(l))
 	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
 	return n
 }
 func (m *Token) Size() (n int) {
 	if m == nil {
 		return 0
 	}
 	var l int
 	_ = l
 	l = m.Header.Size()
 	n += 1 + l + sovTypes(uint64(l))
 	l = m.OwnerID.Size()
 	n += 1 + l + sovTypes(uint64(l))
 	if m.FirstEpoch != 0 {
 		n += 1 + sovTypes(uint64(m.FirstEpoch))
 	}
 	if m.LastEpoch != 0 {
 		n += 1 + sovTypes(uint64(m.LastEpoch))
 	}
 	if len(m.ObjectID) > 0 {
 		for _, e := range m.ObjectID {
 			l = e.Size()
 			n += 1 + l + sovTypes(uint64(l))
 		}
 	}
 	l = len(m.Signature)
 	if l > 0 {
 		n += 1 + l + sovTypes(uint64(l))
 	}
 	l = m.ID.Size()
 	n += 1 + l + sovTypes(uint64(l))
 	if len(m.PublicKeys) > 0 {
 		for _, b := range m.PublicKeys {
 			l = len(b)
 			n += 1 + l + sovTypes(uint64(l))
 		}
 	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
 	return n
 }
 func sovTypes(x uint64) (n int) {
 	return (math_bits.Len64(x|1) + 6) / 7
 }
 func sozTypes(x uint64) (n int) {
 	return sovTypes(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
 func (m *VerificationHeader) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
 		preIndex := iNdEx
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
 			if shift >= 64 {
 				return ErrIntOverflowTypes
 			}
 			if iNdEx >= l {
 				return io.ErrUnexpectedEOF
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
 			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
 		}
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
 			return fmt.Errorf("proto: VerificationHeader: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
 			return fmt.Errorf("proto: VerificationHeader: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field PublicKey", wireType)
 			}
 			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowTypes
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			if byteLen < 0 {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
 			if postIndex < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.PublicKey = append(m.PublicKey[:0], dAtA[iNdEx:postIndex]...)
 			if m.PublicKey == nil {
 				m.PublicKey = []byte{}
 			}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field KeySignature", wireType)
 			}
 			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowTypes
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			if byteLen < 0 {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
 			if postIndex < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.KeySignature = append(m.KeySignature[:0], dAtA[iNdEx:postIndex]...)
 			if m.KeySignature == nil {
 				m.KeySignature = []byte{}
 			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTypes(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
 			if skippy < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
 	if iNdEx > l {
 		return io.ErrUnexpectedEOF
 	}
 	return nil
 }
 func (m *Token) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
 		preIndex := iNdEx
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
 			if shift >= 64 {
 				return ErrIntOverflowTypes
 			}
 			if iNdEx >= l {
 				return io.ErrUnexpectedEOF
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
 			wire |= uint64(b&0x7F) << shift
 			if b < 0x80 {
 				break
 			}
 		}
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
 			return fmt.Errorf("proto: Token: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
 			return fmt.Errorf("proto: Token: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Header", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowTypes
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			if msglen < 0 {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if err := m.Header.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field OwnerID", wireType)
 			}
 			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowTypes
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			if byteLen < 0 {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
 			if postIndex < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if err := m.OwnerID.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 3:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field FirstEpoch", wireType)
 			}
 			m.FirstEpoch = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowTypes
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				m.FirstEpoch |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 		case 4:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field LastEpoch", wireType)
 			}
 			m.LastEpoch = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowTypes
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				m.LastEpoch |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 		case 5:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field ObjectID", wireType)
 			}
 			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowTypes
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			if byteLen < 0 {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
 			if postIndex < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			var v ObjectID
 			m.ObjectID = append(m.ObjectID, v)
 			if err := m.ObjectID[len(m.ObjectID)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 6:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Signature", wireType)
 			}
 			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowTypes
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			if byteLen < 0 {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
 			if postIndex < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.Signature = append(m.Signature[:0], dAtA[iNdEx:postIndex]...)
 			if m.Signature == nil {
 				m.Signature = []byte{}
 			}
 			iNdEx = postIndex
 		case 7:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
 			}
 			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowTypes
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			if byteLen < 0 {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
 			if postIndex < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			if err := m.ID.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 8:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field PublicKeys", wireType)
 			}
 			var byteLen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowTypes
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				byteLen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			if byteLen < 0 {
 				return ErrInvalidLengthTypes
 			}
 			postIndex := iNdEx + byteLen
 			if postIndex < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.PublicKeys = append(m.PublicKeys, make([]byte, postIndex-iNdEx))
 			copy(m.PublicKeys[len(m.PublicKeys)-1], dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTypes(dAtA[iNdEx:])
 			if err != nil {
 				return err
 			}
 			if skippy < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) < 0 {
 				return ErrInvalidLengthTypes
 			}
 			if (iNdEx + skippy) > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
 			iNdEx += skippy
 		}
 	}
 	if iNdEx > l {
 		return io.ErrUnexpectedEOF
 	}
 	return nil
 }
 func skipTypes(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
 	depth := 0
 	for iNdEx < l {
 		var wire uint64
 		for shift := uint(0); ; shift += 7 {
 			if shift >= 64 {
 				return 0, ErrIntOverflowTypes
 			}
 			if iNdEx >= l {
 				return 0, io.ErrUnexpectedEOF
 			}
 			b := dAtA[iNdEx]
 			iNdEx++
 			wire |= (uint64(b) & 0x7F) << shift
 			if b < 0x80 {
 				break
 			}
 		}
 		wireType := int(wire & 0x7)
 		switch wireType {
 		case 0:
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return 0, ErrIntOverflowTypes
 				}
 				if iNdEx >= l {
 					return 0, io.ErrUnexpectedEOF
 				}
 				iNdEx++
 				if dAtA[iNdEx-1] < 0x80 {
 					break
 				}
 			}
 		case 1:
 			iNdEx += 8
 		case 2:
 			var length int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return 0, ErrIntOverflowTypes
 				}
 				if iNdEx >= l {
 					return 0, io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				length |= (int(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			if length < 0 {
 				return 0, ErrInvalidLengthTypes
 			}
 			iNdEx += length
 		case 3:
 			depth++
 		case 4:
 			if depth == 0 {
 				return 0, ErrUnexpectedEndOfGroupTypes
 			}
 			depth--
 		case 5:
 			iNdEx += 4
 		default:
 			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
 		}
 		if iNdEx < 0 {
 			return 0, ErrInvalidLengthTypes
 		}
 		if depth == 0 {
 			return iNdEx, nil
 		}
 	}
 	return 0, io.ErrUnexpectedEOF
 }
 var (
 	ErrInvalidLengthTypes        = fmt.Errorf("proto: negative length found during unmarshaling")
 	ErrIntOverflowTypes          = fmt.Errorf("proto: integer overflow")
 	ErrUnexpectedEndOfGroupTypes = fmt.Errorf("proto: unexpected end of group")
 )
--- a/session/types.proto
+++ b/session/types.proto
@ -1,35 +0,0 @@
 syntax = "proto3";
 package session;
 option go_package = "github.com/nspcc-dev/neofs-api-go/session";
 option csharp_namespace = "NeoFS.API.Session";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
 option (gogoproto.stable_marshaler_all) = true;
 message VerificationHeader {
    // PublicKey is a session public key
    bytes PublicKey = 1;
    // KeySignature is a session public key signature. Signed by trusted side
    bytes KeySignature = 2;
 }
 // User token granting rights for object manipulation
 message Token {
    // Header carries verification data of session key
    VerificationHeader Header = 1 [(gogoproto.nullable) = false];
    // OwnerID is an owner of manipulation object
    bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
    // FirstEpoch is an initial epoch of token lifetime
    uint64 FirstEpoch = 3;
    // LastEpoch is a last epoch of token lifetime
    uint64 LastEpoch = 4;
    // ObjectID is an object identifier of manipulation object
    repeated bytes ObjectID = 5 [(gogoproto.customtype) = "ObjectID", (gogoproto.nullable) = false];
    // Signature is a token signature, signed by owner of manipulation object
    bytes Signature = 6;
    // ID is a token identifier. valid UUIDv4 represented in bytes
    bytes ID = 7 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
    // PublicKeys associated with owner
    repeated bytes PublicKeys = 8;
 }