diff --git a/public/openapi/write/login.yaml b/public/openapi/write/login.yaml
index 43ba2f8cb9..001cd5da01 100644
--- a/public/openapi/write/login.yaml
+++ b/public/openapi/write/login.yaml
@@ -4,6 +4,8 @@ post:
   summary: verify login credentials
   description: |
     This route accepts a username/password or email/password pair (dependent on forum settings), returning a standard user object if credentials are validated successfully.
+    This route also initializes a standard login session and returns a valid cookie that can be used in subsequent API calls as though it were a browser session.
+    **Note**: Cookie-based sessions require a CSRF token for non-`GET` routes.
   requestBody:
     content:
       application/json: