Small documentation tweaks

docs/json_api.rst

@@ -473,7 +473,7 @@ Here's how to serve ``data.db`` with CORS enabled::
 The JSON write API
 ------------------
 
-Datasette provides a write API for JSON data. This is a POST-only API that requires an authenticated API token, see :ref:`CreateTokenView`.
+Datasette provides a write API for JSON data. This is a POST-only API that requires an authenticated API token, see :ref:`CreateTokenView`. The token will need to have the specified :ref:`authentication_permissions`.
 
 .. _TableInsertView:
 

docs/plugins.rst

@@ -25,7 +25,7 @@ Things you can do with plugins include:
 * Customize how database values are rendered in the Datasette interface, for example
   `datasette-render-binary <https://github.com/simonw/datasette-render-binary>`__ and
   `datasette-pretty-json <https://github.com/simonw/datasette-pretty-json>`__.
-* Customize how Datasette's authentication and permissions systems work, for example `datasette-auth-tokens <https://github.com/simonw/datasette-auth-tokens>`__ and
+* Customize how Datasette's authentication and permissions systems work, for example `datasette-auth-passwords <https://github.com/simonw/datasette-auth-passwords>`__ and
   `datasette-permissions-sql <https://github.com/simonw/datasette-permissions-sql>`__.
 
 .. _plugins_installing: