From b6807949a6a8273e6d83b5758aded8262fa39058 Mon Sep 17 00:00:00 2001
From: Hannah Hunter <hannahhunter@microsoft.com>
Date: Wed, 28 Feb 2024 10:42:24 -0500
Subject: [PATCH] clarify the header/metadata coming from Dapr

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>
---
 daprdocs/content/en/operations/security/app-api-token.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/daprdocs/content/en/operations/security/app-api-token.md b/daprdocs/content/en/operations/security/app-api-token.md
index d94e32513..401e561e6 100644
--- a/daprdocs/content/en/operations/security/app-api-token.md
+++ b/daprdocs/content/en/operations/security/app-api-token.md
@@ -89,14 +89,14 @@ kubectl rollout restart deployment/<deployment-name> --namespace <namespace-name
 
 ## Authenticating requests from Dapr
 
-Once app token authentication is configured in Dapr, all requests *coming from Dapr* include the token.
+Once app token authentication is configured using the environment variable or Kubernetes secret `app-api-token`, the Dapr sidecar always includes the HTTP header/gRPC metadata `dapr-api-token: <token>` in the calls to the app. From the app side, ensure you are authenticating using the `dapr-api-token` value, even though you set `app-api-token` to enable API authentication.
 
 ### HTTP
 
-In case of HTTP, in your code look for the HTTP header `dapr-api-token` in incoming requests:
+In your code, look for the HTTP header `dapr-api-token` in incoming requests:
 
 ```text
-dapr-api-token: <token>
+a-api-token: <token>
 ```
 
 ### gRPC