Accounting

Luna Backport 4 supports a data separation by accounts. All resources (attributes, faces, lists, handlers, events, samples) must have an account mark (account id). The mark is id (uuid4). User should set a special header Luna-Account-Id for all requests which changes state of these resources. If user does not set this header in corresponding request, an error with status code 403 will returned. The account header limitates all user actions (matching, removing, updating and other) to be done only with data having corresponding account id. For example: it is impossible to attach a face with one account id to a list with another account id.

Authorization

Account id is not an authorization. We assume that a question of authorization and security is resolved by organization that installs luna backport 4.

Root user

We have a root account concept. It means that there are requests which do not require header Luna-Account-Id. These are all requests withmethods GET, HEAD, OPTIONS, match requests and getting events statistics requests.