diff --git a/docs/api/websocket.md b/docs/api/websocket.md
index ef986f87..cf1eada2 100644
--- a/docs/api/websocket.md
+++ b/docs/api/websocket.md
@@ -57,17 +57,7 @@ Example of an auth message:
 
 ## Authentication phase
 
-When a client connects to the server, the server will test if the client is authenticated. Authentication will not be necessary if no api_password is set or if the user fulfills one of the other criteria for authentication (trusted network, password in url/header).
-
-If no authentication is needed, the authentication phase will complete and the server will send an `auth_ok` message.
-
-```json
-{
-  "type": "auth_ok"
-}
-```
-
-If authentication is necessary, the server sends out `auth_required`.
+When a client connects to the server, the server sends out `auth_required`.
 
 ```json
 {
@@ -75,7 +65,7 @@ If authentication is necessary, the server sends out `auth_required`.
 }
 ```
 
-This means that the next message from the client should be an auth message. You can authorize with an access token.
+The first message from the client should be an auth message. You can authorize with an access token.
 
 ```json
 {
@@ -84,15 +74,6 @@ This means that the next message from the client should be an auth message. You
 }
 ```
 
-For now, we also support authentication with an API password (legacy auth).
-
-```json
-{
-  "type": "auth",
-  "api_password": "supersecret"
-}
-```
-
 If the client supplies valid authentication, the authentication phase will complete by the server sending the `auth_ok` message:
 
 ```json