diff --git a/ayanova/devdocs/todo.txt b/ayanova/devdocs/todo.txt
index f67946d3..24e9b0ec 100644
--- a/ayanova/devdocs/todo.txt
+++ b/ayanova/devdocs/todo.txt
@@ -365,6 +365,7 @@ todo: change trial detection route that client first hits
 	- maybe the route that gets Notifications
 		- because there could be a notificatoin type that doesn't need logged in users for general server down announcements etc
 
+todo: JWT tokens, revoking expiring etc, look at this: https://github.com/ptboyer/restful-api-design-tips#authentication
 todo: PLANNING session tracking to prevent logging in from multiple devices with same account
 	- right now if I login as same user on another browser the download token becomes invalid on the first computer
 	- so wiki images don't load etc