diff --git a/README.md b/README.md
index 3bf9dcc65fa6aa8f8bc9c1c7c295f5f59d6af666..a63d73b1451b83591f7d8e8f9267c5dfa31c005a 100644
--- a/README.md
+++ b/README.md
@@ -13,10 +13,20 @@ It is implemented via [fastAPI](https://fastapi.tiangolo.com/) and provides an a
 
 For deployment via [docker](https://www.docker.com/), a docker image is included. 
 
+### Security
+
+Certain operations will only be possible, if the request is authenticated. The API has an endpoint at `/token` where a username/password login is possible. The endpoint will return a token, which is valid for 1 hour. This token ahs to be provided with every api call that requires authentication. Currently, these calls are `GET /me` - `PUT /dataset` - `PUT /dataset/dataset-id` - `DELETE /dataset/dataset-id`. The passwords are stored as bcrypt hashes and are not visible to anyone.
+
+A CLI is provided for server admins to add new users. It will soon be extended to allow direct hash entry, so that the user does not have to provide their password in clear text.
+
+For testing, a default userdb.json is provided with a single user "testuser" with the password "test".
+
 ### API Documentation
 
 If the api-server is running, you can see the documentation at `<server-url>/docs` or `<server-url>/redoc`.
 
+These pages can also be used as a clunky frontend, allowing the authentication and execution of all api functions.
+
 
 ### Running without docker
 First ensure that your python version is 3.6 or newer.
diff --git a/requirements.txt b/requirements.txt
index b2592d9e0b620d92fd1821c3025920d9e79b640b..01cc3bcf5c0698441a411d1b07cf6ea7c79a3ac0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,4 +2,7 @@ fastapi==0.63.0
 pytest==6.2.4
 requests==2.25.1
 uvicorn==0.13.4
-python-dotenv==0.17.1
\ No newline at end of file
+python-dotenv==0.17.1
+python-multipart==0.0.5
+python-jose[cryptography]==3.2.0
+passlib[bcrypt]==1.7.4
\ No newline at end of file