diff --git a/frontend/docs/api.md b/frontend/docs/api.md
index 50f32184..2a4886db 100644
--- a/frontend/docs/api.md
+++ b/frontend/docs/api.md
@@ -214,8 +214,11 @@ JSR supports authenticating with three types of tokens:
 
 - Long-lived personal access tokens, which are used to authenticate as a user.
   Personal access tokens may have an expiration date, and may grant only limited
-  permissions. Personal access tokens are created by the user in their account
-  settings page.
+  permissions.
+
+  > A user will be able to create personal access tokens in the user in their
+  > account settings page. This is not yet implemented. See
+  > [issue #393](https://github.com/jsr-io/jsr/issues/393).
 
 - GitHub Actions OIDC tokens, which are used to authenticate as a GitHub Actions
   runner. These tokens are created from within GitHub Actions, and are only