From 1f0716b3c80624023750b4d01c22532f919e3835 Mon Sep 17 00:00:00 2001
From: Dmitry Mazin <dm@archvile.net>
Date: Tue, 2 Oct 2018 18:52:57 -0400
Subject: [PATCH] Add warning regarding TokenAuthentication expiration and
 rotation

---
 docs/api-guide/authentication.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index 139458ad4..12804e3cb 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -160,7 +160,7 @@ The `curl` command line tool may be useful for testing token authenticated APIs.
 
 ---
 
-**Note:** If you use `TokenAuthentication` in production you must ensure that your API is only available over `https`.
+**Note:** If you use `TokenAuthentication` in production you must ensure that your API is only available over `https`. Additionally, beware that `TokenAuthentication` tokens do not rotate or expire. A number of [Third party packages](#third-party-packages) provide more advanced token support.
 
 ---