diff --git a/README.md b/README.md
index 36c2f02..8cc6c5c 100644
--- a/README.md
+++ b/README.md
@@ -2,14 +2,47 @@
 
 REST API to support a community scavenger hunt app.
 
-## Environment variables
-* `DB_PASSWORD` Password for the database 
-* `DB_URL` JDBC URL for the database
-* `DB_USER` Username for the database
-* `JWT_SECRET` Secret pass for the JWT
+## Prerequisites
 
-## TODO:
-### User Endpoints
-* delete photo for hunt item DELETE `/hunt/{huntId}/team/{teamId}/item/{itemId}/photo/{photoId}`
-* list hunt teams with scores for hunt GET `/lead/hunt/{huntId}/team`
-* list hunters with scores for hunt GET `/lead/hunt/{huntId}/hunter`
\ No newline at end of file
+- Java 21
+- MariaDB
+- MinIO
+
+## Environment Variables
+
+| Variable | Description |
+| --- | --- |
+| `DB_URL` | JDBC URL for the MariaDB database |
+| `DB_USER` | Database username |
+| `DB_PASSWORD` | Database password |
+| `JWT_SECRET` | Secret key used to sign JWTs |
+| `MINIO_ENDPOINT` | MinIO server URL (e.g. `http://localhost:9000`) |
+| `MINIO_ACCESS_KEY` | MinIO access key |
+| `MINIO_SECRET_KEY` | MinIO secret key |
+| `MINIO_BUCKET` | MinIO bucket name for photo storage |
+
+## Running
+
+```bash
+./gradlew bootRun
+```
+
+## API Documentation
+
+Swagger UI is available at `/docs/swagger-ui.html` when the application is running.
+
+## Authentication
+
+All endpoints except `/signup` and `/login` require a JWT bearer token.
+
+1. Create an account: `POST /signup`
+2. Log in: `POST /login` — returns an access token and a refresh token
+3. Include the access token in requests: `Authorization: Bearer <token>`
+4. Refresh an expired token: `POST /refresh`
+5. Log out: `POST /logout`
+
+## TODO
+
+- `GET /hunt/{huntId}/team/{teamId}/item/{itemId}/photo` — list photos for a team's item
+- `GET /lead/hunt/{huntId}/team` — leaderboard: teams with scores for a hunt
+- `GET /lead/hunt/{huntId}/hunter` — leaderboard: hunters with scores for a hunt