diff --git a/docs/guide/login.rst b/docs/guide/login.rst
index c14480558..b9cfa692d 100644
--- a/docs/guide/login.rst
+++ b/docs/guide/login.rst
@@ -3,31 +3,4 @@ Login
 
 Users can log in to IceProd like any other web application.
 
-Authentication is handled by an external plugin
-such as `LDAP`_.
-
-.. _LDAP: https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
-
-.. note::
-   :class: icecube
-
-   LDAP authentication is set up for IceCube users.
-
-
-Two Factor Authentication
--------------------------
-
-Certain pages and actions require additional authentication.  When a new
-account is registered with IceProd, two-factor authentication must be
-set up.
-
-IceProd uses time-based one-time passwords (`RFC 6238`_), as used by
-Google, GitHub, and others.  Using a phone app such as Google Authenticator,
-a barcode image specific to each user can be scanned and registered.  The
-app will then generate short codes valid for 30 seconds each.
-
-Example barcode image:
-
-.. image:: ../static/2fa_barcode.png
-
-.. _RFC 6238: https://tools.ietf.org/html/rfc6238
\ No newline at end of file
+Authentication is handled by IceCube SSO.
diff --git a/docs/guide/restapi.rst b/docs/guide/restapi.rst
index a9e9d572f..63aaad23b 100644
--- a/docs/guide/restapi.rst
+++ b/docs/guide/restapi.rst
@@ -14,16 +14,58 @@ Authentication
 To view datasets, call actions on datasets, or submit new datasets,
 authentication with a token is required.
 
-An authentication token can be obtained within the account settings
-in the website.  This can be added to requests as the `Authorization` header.
+An authentication token can be obtained using the python package
+`wipac-rest-tools`. For example::
+
+    python3 -m venv venv
+    . venv/bin/activate
+    pip install wipac-rest-tools
+    curl -o get_token.py https://raw.githubusercontent.com/WIPACrepo/rest-tools/master/examples/get_device_credentials_token.py
+    python get_device_credentials_token.py iceprod-public
+
+The access token will be valid for 1 hour.
+
+This can be added to requests as the `Authorization` header.
 As an example, here is a query to get the list of all datasets::
 
     curl -XGET -H 'Authorization: bearer XXXXXXXX-your-token-here-XXXXX' https://iceprod2-api.icecube.wisc.edu/datasets
 
 .. danger::
 
-   Anyone with the authentication token is basically you.  It is valid 
-   for any action that does not require :ref:`Two Factor Authentication`.
-   Be careful with the token!
+   Anyone with the authentication token is basically you. Be careful with the token!
+
+
+Scripting
+^^^^^^^^^
+
+When writing a python script, you can use our rest client to automatically
+manage tokens for you. Just install `wipac-rest-tools` as shown above.
+There are also sync and async code options:
+
+Sync::
+
+    from rest_tools.client import SavedDeviceGrantAuth
+    api = SavedDeviceGrantAuth(
+        address='https://api.iceprod.wisc.edu',
+        token_url='https://keycloak.icecube.wisc.edu/auth/realms/IceCube',
+        filename='.iceprod-auth',
+        client_id'iceprod-public'
+    )
+    # get a list of datasets
+    result = api.request_seq('GET', '/datasets', {})
+    for dataset, metadata in result.items():
+        # do something with the dataset
 
+Async::
 
+    from rest_tools.client import SavedDeviceGrantAuth
+    api = SavedDeviceGrantAuth(
+        address='https://api.iceprod.wisc.edu',
+        token_url='https://keycloak.icecube.wisc.edu/auth/realms/IceCube',
+        filename='.iceprod-auth',
+        client_id'iceprod-public'
+    )
+    # get a list of datasets
+    result = await api.request('GET', '/datasets', {})
+    for dataset, metadata in result.items():
+        # do something with the dataset
diff --git a/docs/server/rest_api/auth.rst b/docs/server/rest_api/auth.rst
index a7aa259b5..0b533d00b 100644
--- a/docs/server/rest_api/auth.rst
+++ b/docs/server/rest_api/auth.rst
@@ -1,4 +1,4 @@
 REST API - Auth
 ===============
 
-.. automodule:: iceprod.server.rest.auth
+.. automodule:: iceprod.rest.handlers.auth
diff --git a/docs/server/rest_api/config.rst b/docs/server/rest_api/config.rst
index 076ddd9a4..b63248182 100644
--- a/docs/server/rest_api/config.rst
+++ b/docs/server/rest_api/config.rst
@@ -1,4 +1,4 @@
 REST API - Config
 =================
 
-.. automodule:: iceprod.server.rest.config
+.. automodule:: iceprod.rest.handlers.config
diff --git a/docs/server/rest_api/datasets.rst b/docs/server/rest_api/datasets.rst
index c21989898..a5ce62832 100644
--- a/docs/server/rest_api/datasets.rst
+++ b/docs/server/rest_api/datasets.rst
@@ -1,4 +1,4 @@
 REST API - Datasets
 ===================
 
-.. automodule:: iceprod.server.rest.datasets
+.. automodule:: iceprod.rest.handlers.datasets
diff --git a/docs/server/rest_api/grids.rst b/docs/server/rest_api/grids.rst
index 1b1b795e7..f4313cae4 100644
--- a/docs/server/rest_api/grids.rst
+++ b/docs/server/rest_api/grids.rst
@@ -1,4 +1,4 @@
 REST API - Grids
 ================
 
-.. automodule:: iceprod.server.rest.grids
+.. automodule:: iceprod.rest.handlers.grids
diff --git a/docs/server/rest_api/jobs.rst b/docs/server/rest_api/jobs.rst
index 7281dcd07..6decca5fd 100644
--- a/docs/server/rest_api/jobs.rst
+++ b/docs/server/rest_api/jobs.rst
@@ -1,4 +1,4 @@
 REST API - Jobs
 ===============
 
-.. automodule:: iceprod.server.rest.jobs
+.. automodule:: iceprod.rest.handlers.jobs
diff --git a/docs/server/rest_api/logs.rst b/docs/server/rest_api/logs.rst
index 8198193f6..9aa2d3769 100644
--- a/docs/server/rest_api/logs.rst
+++ b/docs/server/rest_api/logs.rst
@@ -1,4 +1,4 @@
 REST API - Logs
 ===============
 
-.. automodule:: iceprod.server.rest.logs
+.. automodule:: iceprod.rest.handlers.logs
diff --git a/docs/server/rest_api/pilots.rst b/docs/server/rest_api/pilots.rst
index b0737c0ec..ecb6f6e65 100644
--- a/docs/server/rest_api/pilots.rst
+++ b/docs/server/rest_api/pilots.rst
@@ -1,4 +1,4 @@
 REST API - Pilots
 =================
 
-.. automodule:: iceprod.server.rest.pilots
+.. automodule:: iceprod.rest.handlers.pilots
diff --git a/docs/server/rest_api/task_stats.rst b/docs/server/rest_api/task_stats.rst
index 3fbf95a62..51e64d7c7 100644
--- a/docs/server/rest_api/task_stats.rst
+++ b/docs/server/rest_api/task_stats.rst
@@ -1,4 +1,4 @@
 REST API - Task Stats
 =====================
 
-.. automodule:: iceprod.server.rest.task_stats
+.. automodule:: iceprod.rest.handlers.task_stats
diff --git a/docs/server/rest_api/tasks.rst b/docs/server/rest_api/tasks.rst
index 5f3b7e9a7..b4bcbd1d7 100644
--- a/docs/server/rest_api/tasks.rst
+++ b/docs/server/rest_api/tasks.rst
@@ -1,4 +1,4 @@
 REST API - Tasks
 ================
 
-.. automodule:: iceprod.server.rest.tasks
+.. automodule:: iceprod.rest.handlers.tasks