diff --git a/README.md b/README.md
index edf5a4b..ec55357 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,56 @@ There are several things that need to be completed to properly setup and secure
### Auth0 API configuration
+Securing Icarus is required, preventing the API from being publicly accessible. To do so, create an Auth0 account (it's free), for the sake of this section of the documentation, I will not go over how to create an Auth0 account. Once created, create a tentant and proceed to create an API
+
+
+
+
+Create the API and enter an approrpiate name and identified. For the identified, append **api** like in the example
+
+
+
+Replace [domain] with the domain name of the created tenant. This can be found in the Default App from the Application menu. Replace [identifier] with the identifer root name in the appsettings environment file. Not the friendly name but the root name of the identifier, omitting the http protocol and the *api* path.
+
+```Json
+ "Auth0": {
+ "Domain": "[domain].auth0.com",
+ "ApiIdentifier": "https://[identifier]/api"
+ },
+```
+
+For the sake of this section, I will not go over configuring the API to accept the signing algorithm since it has already been configured in the [Startip](Startup.cs).cs file. Click on permissions to create the permissions for the API.
+
+
+
+
+The permissions ensure that a validated user can interact with the API with a token that has not expired. Ensure that the permissions match, the description can change but the permission identifier must match.
+
+
+
+
+On the left side, click on Application and create a new Application. Choose the Machine to Machine Application
+
+
+
+
+With the grant permissions you created from the API, enable all the permissions. This is important because if they are not enabled then even with a valid token the request will return 403 (unauthorized)
+
+
+
+
+From the Application page, copy the client id and client secret. These values will be used for the API to interact with API.
+
+
+
+Enter the information in the corresponding appsettings json file
+```Json
+ "Auth0": {
+ "ClientId":"",
+ "ClientSecret":""
+ },
+```
+
### API filesystem paths
For the purposes of properly uploading, downloading, updating, deleting, and streaming songs the API filesystem paths must be configured. What is meant by this is that the `RootMusicPath` directory where all music will be stored must exist as well as the `ArchivePath` and `TemporaryMusicPath` paths. An example on a Linux system: