diff --git a/internal/darkstorm_backend/README.md b/internal/darkstorm_backend/README.md
index 595c91b..9d244c2 100644
--- a/internal/darkstorm_backend/README.md
+++ b/internal/darkstorm_backend/README.md
@@ -2,14 +2,44 @@
 
 This is a purposefully "simple" application backend made specifically for _my_ apps. It's purpose is to collect minimal (only what's absolutely necessary) amounts of data while still fulfilling all my needs. I've found that other, off the shelf options such as Firebase are a bit heavy on the data collection. Plus I like to make things :P.
 
+## DB Structure
+
+### API Key
+
+```json
+{
+  appName: "app name",
+  key: "API Key",
+  death: -1, // unix timestamp when the key is no longer valid. -1 means there is not expected expiration (that can change in the future)
+  perm: {
+    user: true, // create and login users
+    log: true, // log users
+    crash: true, // crash reports
+    // further permissions can be added as needed
+  }
+}
+```
+
+### User
+
+```json
+{
+  id: "UUID",
+  username: "username",
+  password: "hashed password",
+  salt: "password salt",
+  passwordChange: 0, // unix timestamp of last password change
+}
+```
+
 ## Standard Header
 
 Any request might or might not need these values. These values can be authenticated via the `TODO` function.
 
 ```json
 {
-    X-API-Key: "{API Key}",
-    Authorization: "Bearer {JWT Token}"
+  X-API-Key: "{API Key}",
+  Authorization: "Bearer {JWT Token}"
 }
 ```
 
@@ -19,8 +49,8 @@ If an error status code is returned then the body will be as follows.
 
 ```json
 {
-    errorCode: "Error value for internal use",
-    errorMsg: "User error message", //This message is meant to be displayed to the user. May be empty.
+  errorCode: "Error value for internal use",
+  errorMsg: "User error message", //This message is meant to be displayed to the user. May be empty.
 }
 ```
 
@@ -28,7 +58,7 @@ If an error status code is returned then the body will be as follows.
 
 > TODO: Add the ability to create users and log-in through third-parties (such as Google).
 
-All requsests pertaining to users requires the `X-API-Key` header.
+All requsests pertaining to users requires the `X-API-Key` header and the key must have the `users` permission.
 
 ### Create User
 
@@ -39,9 +69,9 @@ Request:
 
 ```json
 {
-    username: "Username",
-    password: "Password",
-    email: "Email",
+  username: "Username",
+  password: "Password",
+  email: "Email",
 }
 ```
 
@@ -49,8 +79,8 @@ Return:
 
 ```json
 {
-    username: "Username",
-    token: "JWT Token"
+  username: "Username",
+  token: "JWT Token"
 }
 ```
 
@@ -71,8 +101,8 @@ Request:
 
 ```json
 {
-    username: "Username",
-    password: "Password",
+  username: "Username",
+  password: "Password",
 }
 ```
 
@@ -80,7 +110,7 @@ Return:
 
 ```json
 {
-    token: "JWT Token",
-    timeout: 0,
+  token: "JWT Token",
+  timeout: 0, // login attempt timeout (in seconds). If non-zero, token will be empty.
 }
 ```