diff --git a/docs/api.rst b/docs/api.rst
index f1c01b85..c483b798 100644
--- a/docs/api.rst
+++ b/docs/api.rst
@@ -12,7 +12,7 @@ It can also be manually configured via mailu.env:
 
 * ``API`` - Expose the API interface (value: true, false)
 * ``WEB_API`` - Path to the API interface
-* ``API_TOKEN`` - API token for authentication
+* ``API_TOKEN`` - API token for authentication (with minimum length of 3 characters)
 
 For more information refer to the detailed descriptions in the
 :ref:`configuration reference <advanced_settings>`.
diff --git a/docs/configuration.rst b/docs/configuration.rst
index 50a576fd..f0eb6c96 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -218,6 +218,7 @@ Advanced settings
 The ``AUTH_REQUIRE_TOKENS`` (default: False) setting controls whether thick clients can authenticate using passwords or whether they are forced to use tokens/application specific passwords.
 
 The ``API_TOKEN`` (default: None) setting configures the authentication token.
+The minimum length is 3 characters.
 This token must be passed as request header to the API as authentication token.
 This is a mandatory setting for using the RESTful API.