diff --git a/README.md b/README.md
index 131bf9c5b..63fd65b33 100644
--- a/README.md
+++ b/README.md
@@ -158,6 +158,9 @@ The SDK mounts 6 routes:
 5. `/auth/access-token`: the route to check the user's session and return an access token (which will be automatically refreshed if a refresh token is available)
 6. `/auth/backchannel-logout`: the route that will receive a `logout_token` when a configured Back-Channel Logout initiator occurs
 
+> [!IMPORTANT]  
+> The `/auth/access-token` route is enabled by default, but is only neccessary when the access token is needed in the client. If this isn't something you need, you can disable this endpoint by setting `enableAccessTokenEndpoint` to `false`.
+
 ## Feedback
 
 ### Contributing