diff --git a/doc/configuration.rst b/doc/configuration.rst
index 2019bff..19b836b 100644
--- a/doc/configuration.rst
+++ b/doc/configuration.rst
@@ -387,6 +387,49 @@ the users in the admin groups listed above as well as admin rights to
 all projects hosted on this pagure instance.
 
 
+API token ACLs
+--------------
+
+ACLS
+~~~~
+
+This configuration key lists all the ACLs that can be associated with an API
+token with a short description of what the ACL allows to do.
+This key it not really meant to be changed unless you really know what you
+are doing.
+
+USER_ACLS
+~~~~~~~~~
+
+This configuration key allows to list which of the ACLs listed in ``ACLS``
+can be associated with an API token of a project in the (web) user interface.
+
+Use this configuration key in combination with ``ADMIN_API_ACLS`` to disable
+certain ACLs for users while allowing admins to generate keys with them.
+
+Defaults to: ``ACLS.keys()`` (ie: all the ACLs in ``ACLS``)
+
+
+ADMIN_API_ACLS
+~~~~~~~~~~~~~~
+
+This configuration key allows to list which of the ACLs listed in ``ACLS``
+can be generated by the ``pagure-admin`` CLI tool by admins.
+
+Defaults to: ``['create_project', 'fork_project', 'modify_project']``
+
+
+CROSS_PROJECT_ACLS
+~~~~~~~~~~~~~~~~~~
+
+This configuration key allows to list which of the ACLs listed in ``ACLS``
+can be associated with a project-less API token in the (web) user interface.
+These project-less API tokens can be generated in the user's settings page
+and allows action in multiple projects instead of being restricted to a
+specific one.
+
+Defaults to: ``['issue_comment', 'issue_create', 'issue_change_status', 'pull_request_flag', 'pull_request_comment', 'pull_request_merge']``
+
 
 Optional options
 ----------------
diff --git a/pagure/default_config.py b/pagure/default_config.py
index c033b06..138e230 100644
--- a/pagure/default_config.py
+++ b/pagure/default_config.py
@@ -264,7 +264,8 @@ ACLS = {
     'modify_project': 'Modify an existing project'
 }
 
-# From the ACLs above lists which ones are allowed for regular users
+# List of ACLs which a regular user is allowed to associate to an API token 
+# from the ACLs above
 USER_ACLS = ACLS.keys()
 
 # From the ACLs above lists which ones are tolerated to be associated with