diff --git a/routes/auth.js b/routes/auth.js
index 515e74d..d99beae 100644
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -1,4 +1,4 @@
-import { app, db, globalConfig } from "../index.js" // Get globals from index
+// import { app, db, globalConfig } from "../index.js" // Get globals from index
 import { checkTokenNew } from "../liberals/auth.js"
 import { logRequest } from "../liberals/logging.js"
 import { randomStringBase62, getHumanReadableUserAgent } from "../liberals/misc.js"
@@ -80,6 +80,7 @@ app.get("/api/auth/callback", (rreq,rres) => {
                                     let newDestination = atob(rreq.query.state.split("_")[1].replace("-","/"))
                                     rres.setHeader("Set-Cookie", `APIToken=${newToken}; Domain=${rreq.hostname}; Expires=${new Date(newExpiration).toUTCString()}; Path=/`).redirect(newDestination)
                                 } else if (rreq.query.state === "display") {
+                                    // Change this to not write the token to a cookie
                                     rres.setHeader("Set-Cookie", `APIToken=${newToken}; Domain=${rreq.hostname}; Expires=${new Date(newExpiration).toUTCString()}; Path=/`).send(`Success! Your token is <code>${newToken}</code>`)
                                 } else if (rreq.query.state === "close") {
                                     rres.setHeader("Set-Cookie", `APIToken=${newToken}; Domain=${rreq.hostname}; Expires=${new Date(newExpiration).toUTCString()}; Path=/`).send(`<script>document.addEventListener("DOMContentLoaded", () => {window.close();});</script> Success! You may now close this window.`)
diff --git a/website/posts/20240409-API-Documentation.html b/website/posts/20240409-API-Documentation.html
index fd7f099..cee6fdf 100644
--- a/website/posts/20240409-API-Documentation.html
+++ b/website/posts/20240409-API-Documentation.html
@@ -106,5 +106,40 @@
     </div>
 
     <p>Returns all request headers in JSON.</p>
+
+    <div class="inlineheader">
+        <h2>/api/auth/whoami</h2>
+        <a href="https://github.com/Enstrayed/enstrayedapi/blob/new-db/routes/auth.js">auth.js:6</a>
+        <div><span>GET</span></div>
+    </div>
+    <p>Returns JSON with the username of the token owner as well as what scopes the token has access to.</p>
+
+    <div class="inlineheader">
+        <h2 id="jumplink_authlogin">/api/auth/login</h2>
+        <a href="https://github.com/Enstrayed/enstrayedapi/blob/new-db/routes/auth.js">auth.js:23</a>
+        <div><span>GET</span></div>
+    </div>
+    <p>Redirects the user to ECLS to login. The <code>state</code> parameter can be used to specify how the login flow will behave. The accepted "states" are:</p>
+    <ul>
+        <li><code>redirect</code> - Redirects the user to a page after logging in. This paramter requires the <code>destination</code> paramter to also be set with the URL the user will be redirected to.</li>
+        <li><code>display</code> - Displays the generated token to the user after login. Currently, this still writes the new token to the <code>APIToken</code> cookie, though this is planned to change.</li>
+        <li><code>close</code> - This will close the page after logging in. This requires the page to be opened with JavaScript otherwise it will not automatically close.</li>
+    </ul>
+
+    <div class="inlineheader">
+        <h2>/api/auth/logout</h2>
+        <a href="https://github.com/Enstrayed/enstrayedapi/blob/new-db/routes/auth.js">auth.js:40</a>
+        <div><span>GET</span></div>
+    </div>
+    <p>Invalidates the token used to access the endpoint.</p>
+
+    <div class="inlineheader">
+        <h2>/api/auth/callback</h2>
+        <a href="https://github.com/Enstrayed/enstrayedapi/blob/new-db/routes/auth.js">auth.js:57</a>
+        <div><span>GET</span></div>
+    </div>
+    <p><b>Internal Use Only. </b>This is the endpoint used by ECLS to finish the login flow. It will write the newly created token to the <code>APIToken</code> cookie as well as performing the action set by <code>state</code>, see <a href="#jumplink_authlogin">login endpoint</a>.</p>
+
+    
 </body>
 </html>
\ No newline at end of file