diff --git a/docs/openclaw_gateway_ws.md b/docs/openclaw_gateway_ws.md
index 1f9db644..74d1e107 100644
--- a/docs/openclaw_gateway_ws.md
+++ b/docs/openclaw_gateway_ws.md
@@ -25,6 +25,6 @@ When enabled, Mission Control skips TLS certificate verification for that gatewa
 When configuring a gateway, you can specify:
 
 - **Gateway URL**: The WebSocket endpoint (e.g., `wss://localhost:18789` or `ws://gateway:18789`)
-- **Gateway Token**: Optional authentication token. For security, tokens are **never returned in API responses**. The API indicates only whether a token is configured (`has_token: true/false`). Store tokens securely at creation time; they cannot be retrieved later.
+- **Gateway Token**: Optional authentication token. Tokens are currently returned in API responses; a future release will redact them from read endpoints. Treat gateway API responses as sensitive and store tokens securely.
 - **Workspace Root**: The root directory for gateway files (e.g., `~/.openclaw`)
 - **Allow self-signed TLS certificates**: Toggle TLS certificate verification off for this gateway's `wss://` connections (default: disabled)