diff --git a/DOCS.md b/DOCS.md
new file mode 100644
index 0000000..e19e438
--- /dev/null
+++ b/DOCS.md
@@ -0,0 +1,29 @@
+Docs for almost every API path \
+
+Authentication is done with the `X-Token` header (doesn't apply to websocket see `PROTOCOL.md` for that) \
+All responses are in JSON, request body if required must also be JSON \
+TODO document errors
+
+## Paths
+
+### `/api/tokens/create`
+Required role: `admin`
+
+Method: `PUT` 
+
+Request body:
+- `accessLimits`: the label of access limits
+
+Response body:
+- `token`: the generated token (base64 encoded)
+
+
+### `/api/tokens/me`
+Required role: `user`
+
+Method: `GET`
+
+Response body:
+- `token`: the token itself but only first and last 5 characters visible separated by ...
+- `role`: the role like user or admin
+- `accessLimits`: the label of access limits
diff --git a/PROTOCOL.md b/PROTOCOL.md
index 83228c0..11e4d50 100644
--- a/PROTOCOL.md
+++ b/PROTOCOL.md
@@ -1,7 +1,7 @@
 This file documents the websocket /api/ws
 
 ## Message format
-lways bytes! \
+Always bytes! \
 Packet id followed by arguments \
 Some packets don't have arguments so send just the packet id \
 There can be multiple packets in one message, those with unknown amount of arguments have to be terminated \