diff --git a/docs/source/authentication.rst b/docs/source/authentication.rst
index 6ffbd1944..916f53e70 100644
--- a/docs/source/authentication.rst
+++ b/docs/source/authentication.rst
@@ -341,8 +341,11 @@ third party service to integrate with |st2| and this service doesn't allow you t
 headers), you can provide it as a query parameter named ``x-auth-token`` and ``st2-api-key``
 respectively.
 
-Keep in mind that using HTTP header is preferred since some web servers and third party services
-log query parameters which are sent with each request, which could be a security risk.
+.. note::
+
+    Keep in mind that using HTTP header is preferred since some web servers and third party services
+    log query parameters which are sent with each request. This could lead to auth token / api key
+    exposure and potentially pose a security risk.
 
 Here's some examples of how to send authentication token and API key in the headers, and as a query
 parameter using ``curl``: