From 97869b182bc4ce037d6d86903ca945f7fd7d6776 Mon Sep 17 00:00:00 2001
From: Timothy Arnold <timaeos@proton.me>
Date: Sat, 13 Aug 2022 13:02:30 -0500
Subject: [PATCH] adding a warning regarding access_token

---
 docs/administration/4_adminapi.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/administration/4_adminapi.md b/docs/administration/4_adminapi.md
index 92e483091..a34bfde1f 100644
--- a/docs/administration/4_adminapi.md
+++ b/docs/administration/4_adminapi.md
@@ -20,6 +20,7 @@ curl --header "Authorization: Bearer <access_token>" -X <POST|GET|PUT> <Endpoint
 ```
 
 An `access_token` can be obtained through most Element-based matrix clients by going to `Settings` -> `Help & About` -> `Advanced` -> `Access Token`.
+Be aware that an `access_token` allows a client to perform actions as an user and should be kept **secret**.
 
 The user must be an administrator in the `account_accounts` table in order to use these endpoints.