diff --git a/doc/AccountCreationWorkflow.txt b/doc/AccountCreationWorkflow.txt
new file mode 100644
index 0000000000000000000000000000000000000000..a911909e143e1285b837303b626d3c3be0d5e78b
--- /dev/null
+++ b/doc/AccountCreationWorkflow.txt
@@ -0,0 +1,12 @@
+How to create and approve a new account:
+
+1) as hbpadm: run /scripts/prepareaccount.php c.karbach@fz-juelich.de; mail address to whome the secret is sent
+2) cat ~/.credentials/.htpasswd.applicationsecrets and get the secret for the mail
+3) send secret from 2 via mail or at any secure way to the targeted user
+4) User accesses URL https://hbpacc.zam.kfa-juelich.de/accountapplication/doc/swagger-ui/index.html to apply for an account
+5) User runs POST request like this:
+> curl -X POST --header 'Content-Type: application/json' --header 'Accept: text/html' 'https://hbpacc.zam.kfa-juelich.de/accountapplication?mail=c.karbach%40fz-juelich.de&secret=PgXd4NcjJHY6Z8r2vpR3BVGbq9wW7DKnmtza1hQT&account=karbach&password=abc123abc123'
+This creates an entry in cat ~/.credentials/.htpasswd.applications
+6) as hbpadm: approve the account application like this:
+> php getpendingapplications.php; returns a list of available account applications
+> php approveaccount.php c.karbach@fz-juelich.de
\ No newline at end of file
diff --git a/publicapi/serviceaccess/serviceaccess.json b/publicapi/serviceaccess/serviceaccess.json
index 4519a30d130cfaeda950b802715e0eafe0f45e6a..3ceef97b57d417af348a872241f93ae168cd9e9a 100644
--- a/publicapi/serviceaccess/serviceaccess.json
+++ b/publicapi/serviceaccess/serviceaccess.json
@@ -87,7 +87,8 @@
                         "in": "query",
                         "description": "Password for authentication via HTTP authentication.",
                         "required": true,
-                        "type": "string"
+                        "type": "string",
+                        "format": "password"
                     }
                 ],
                 "responses": {