diff --git a/README.md b/README.md
index e64b191bcb1dfdcca6bdd4465d55d8a1a4263045..b6c237488275e1fa974094f97b18b2462f3bd1f8 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,15 @@ decided what the infrastructure looks like.
 There is a parallel flow when a client sends to `client-a-notify` in which case the 
 messages are delivered through the broadcast exchange to all clients `client-x-inbox`.
 
+### Auth placeholder 
+
+As a proxy for proper authentication, when you post a client a random secret is 
+returned in the response. To send to / receive from the bus you then call the API
+with the client_id and secret and it checks they match. The client_id determines 
+which queues it reads from. 
+
+Subsequent requests to the client endpoint return the client_id but not the secret.
+
 ### Setup 
 
 ```