update readme

README.md

@@ -78,6 +78,18 @@ WantedBy=multi-user.target
 ```
 ## API
 
+### Login
+POST `/api/login`
+
+Data
+```
+{
+    "username": "example_username", 
+    "password": "example_password"
+}
+```
+This API call will return a JWT token that must be present for any other API calls to succeed. The validity duration of this token is based on the configured TOKEN_HOUR_LIFESPAN value. JWT token is returned as value of `access_token`, and must be supplied via a HTTP header in the form `"Authorization: Bearer <JWT_TOKEN>"` for all subsequent API calls.
+
 ### Unlock
 POST `/api/admin/unlock`
 
@@ -120,17 +132,11 @@ Data
 
 This operation can only be performed by a user with a role that is admin enabled. Removes user account corresponding to specified userName.
 
-#### Login
-POST `/api/login`
 
-Data
-```
-{
-    "username": "example_username", 
-    "password": "example_password"
-}
-```
-This API call will return a JWT token that must be present for any other API calls to succeed. The validity duration of this token is based on the configured TOKEN_HOUR_LIFESPAN value. JWT token is returned as value of `access_token`, and must be supplied via a HTTP header in the form `"Authorization: Bearer <JWT_TOKEN>"` for all subsequent API calls.
+#### List Users
+GET `/api/admin/users`
+
+This operation can only be performed by a user with a role that is admin enabled. Lists currently defined users.
 
 ### Role Operations
 
@@ -158,11 +164,6 @@ Users allocated to this role will only be able to access secrets that are part o
 
 Ldap group must be specified via the full distinguishedName. The simplest way to get this information is to run the command `dsquery group -name <known group name>` from a windows machine.
 
-#### List Users
-GET `/api/admin/users`
-
-This operation can only be performed by a user with a role that is admin enabled. Lists currently defined users.
-
 ### Secrets Operations
 
 #### Store