diff --git a/authentication.md b/authentication.md
deleted file mode 100644
index dd7810e..0000000
--- a/authentication.md
+++ /dev/null
@@ -1,39 +0,0 @@
-## Authentication
-`PyStream` uses two ways of authentication, the `username` and `password` to gain access to the server and
-a `session_token` generated by the server to access directories and streaming content.
-
-### Username and Password
-> [Signature Authentication][signature-authentication]
-#### Frontend
-- UI creates hex values for username and password using native JS
-- These hex values are then used the calculate the hash
-- Calculated hash is then base64 encoded using native JS, before sending the signature to the API in an authorization header
-
-#### Backend
-- API decodes the base64 encoded ascii string, then decodes the HEX received in authorization header
-- Then the value is broken down to, username, signature and timestamp
-- The decoded username is used to get the stored password from env variables, which are then hex encoded
-- API creates a hash signature using the hex username, hex password, and the timestamp
-- These signatures are then compared for authentication purpose
-
-### Session Token
-> [Symmetric Encryption][symmetric-encryption]
-- Once the login has been successful, the API creates a randomly generated 64 bit url safe token
-- This token is stored as unique key for each user
-- The API then forms a payload with the username, key, and the timestamp
-- This payload is then encrypted using Cryptography's Fernet, which can be retrieved only using the key
-- This encrypted payload is stored as a cookie before sending a `JSONResponse` with a `redirect_url`
-> Since the UI uses `AJAX` for authentication POST call, a `RedirectResponse` from FastAPI will not work,
-> as the call will simply follow the redirect to `GET` the content instead of redirecting the page.
-- The `redirect_url` from the JSON response is fetched, to alter `location.href`
-> This form of redirect will transfer cookies to the new page but not the headers,
-> so the username and password are lost in the frontend at this point
-- From then on, all calls to the backend including redirects, directory navigation and, streaming will carry the cookie
-- The `session_token` is the only form of authentication from this point onward
-
-### References
-- [symmetric-encryption]
-- [signature-authentication]
-
-[symmetric-encryption]: https://cryptography.io/en/latest/fernet/
-[signature-authentication]: https://developers.expediagroup.com/docs/products/rapid/resources/reference/signature-authentication