diff --git a/api/auth_token.go b/api/auth_token.go
index f65c0a7c5..dda415664 100644
--- a/api/auth_token.go
+++ b/api/auth_token.go
@@ -83,6 +83,8 @@ func (c *TokenAuth) RenewSelf(increment int) (*Secret, error) {
 	return ParseSecret(resp.Body)
 }
 
+// RevokeOrphan revokes a token without revoking the tree underneath it (so
+// child tokens are orphaned rather than revoked)
 func (c *TokenAuth) RevokeOrphan(token string) error {
 	r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-orphan/"+token)
 	resp, err := c.c.RawRequest(r)
@@ -94,6 +96,8 @@ func (c *TokenAuth) RevokeOrphan(token string) error {
 	return nil
 }
 
+// RevokePrefix revokes a token based on a prefix, which can be used to revoke
+// e.g. all tokens issued by a certain credential mount
 func (c *TokenAuth) RevokePrefix(token string) error {
 	r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-prefix/"+token)
 	resp, err := c.c.RawRequest(r)
@@ -105,6 +109,7 @@ func (c *TokenAuth) RevokePrefix(token string) error {
 	return nil
 }
 
+// RevokeSelf revokes the token making the call
 func (c *TokenAuth) RevokeSelf() error {
 	r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-self")
 	resp, err := c.c.RawRequest(r)
@@ -116,6 +121,9 @@ func (c *TokenAuth) RevokeSelf() error {
 	return nil
 }
 
+// RevokeTree is the "normal" revoke operation that revokes the given token and
+// the entire tree underneath -- all of its child tokens, their child tokens,
+// etc.
 func (c *TokenAuth) RevokeTree(token string) error {
 	r := c.c.NewRequest("PUT", "/v1/auth/token/revoke/"+token)
 	resp, err := c.c.RawRequest(r)