diff --git a/documentation/api.md b/documentation/api.md
index 0d73921b..b64eea7b 100644
--- a/documentation/api.md
+++ b/documentation/api.md
@@ -85,7 +85,7 @@ User authentication :
    The /auth API is designed for the Plik web application nevertheless if you want to automatize it be sure to provide a valid
    Referrer HTTP header and forward all session cookies.   
    Plik session cookies have the "secure" flag set, so they can only be transmitted over secure HTTPS connections.   
-   To avoid CSRF attacks the value of the plik-xsrf cookie MUST be copied in the X-XRSFToken HTTP header of each
+   To avoid CSRF attacks the value of the plik-xsrf cookie MUST be copied in the X-XSRFToken HTTP header of each
    authenticated request.   
    Once authenticated a user can generate upload tokens. Those tokens can be used in the X-PlikToken HTTP header used to link
    an upload to the user account. It can be put in the ~/.plikrc file of the Plik command line client.