diff --git a/README.md b/README.md
index 5d5d2ee..545a212 100644
--- a/README.md
+++ b/README.md
@@ -37,7 +37,8 @@ The server provides a web interface at the root URL:
 | `/recipe/{id}` | Recipe detail page |
 | `/media` | Browse cached media files |
 | `/auth` | Receive auth token from L2 |
-| `/auth/revoke` | Revoke a token (called by L2 on logout) |
+| `/auth/revoke` | Revoke a specific token |
+| `/auth/revoke-user` | Revoke all tokens for a user (called by L2 on logout) |
 | `/logout` | Log out |
 | `/download/client` | Download CLI client |
 
@@ -62,9 +63,11 @@ export L1_PUBLIC_URL=https://celery-artdag.rose-ash.com
 
 ### Token revocation
 
-When a user logs out of L2, L2 calls `/auth/revoke` on all attached L1s. L1 maintains a Redis-based revocation list:
+When a user logs out of L2, L2 calls `/auth/revoke-user` on all attached L1s. L1 maintains a Redis-based token tracking and revocation system:
 
-- Revoked tokens stored in Redis with 30-day expiry
+- Tokens registered per-user when authenticating (`artdag:user_tokens:{username}`)
+- `/auth/revoke-user` revokes all tokens for a username
+- Revoked token hashes stored in Redis with 30-day expiry
 - Every authenticated request checks the revocation list
 - Revoked tokens are immediately rejected