2 files changed, 25 insertions, 20 deletions

diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index ed7ac288..45da2c55 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -8,7 +8,7 @@ Authentication will run the first time either the `request.user` or `request.aut
 
 The `request.user` property will typically be set to an instance of the `contrib.auth` package's `User` class.
 
-The `request.auth` property is used for any additional authentication information, for example, it may be used to represent an authentication token that the request was signed with.  
+The `request.auth` property is used for any additional authentication information, for example, it may be used to represent an authentication token that the request was signed with.
 
 ## How authentication is determined
 
@@ -36,7 +36,7 @@ You can also set the authentication policy on a per-view basis, using the `APIVi
 
         def get(self, request, format=None):
             content = {
-                'user': unicode(request.user),  # `django.contrib.auth.User` instance. 
+                'user': unicode(request.user),  # `django.contrib.auth.User` instance.
                 'auth': unicode(request.auth),  # None
             }
             return Response(content)
@@ -49,7 +49,7 @@ Or, if you're using the `@api_view` decorator with function based views.
     )
     def example_view(request, format=None):
         content = {
-            'user': unicode(request.user),  # `django.contrib.auth.User` instance. 
+            'user': unicode(request.user),  # `django.contrib.auth.User` instance.
             'auth': unicode(request.auth),  # None
         }
         return Response(content)
@@ -65,16 +65,20 @@ If successfully authenticated, `UserBasicAuthentication` provides the following
 * `request.user` will be a `django.contrib.auth.models.User` instance.
 * `request.auth` will be `None`.
 
-## TokenBasicAuthentication
+## TokenAuthentication
 
-This policy uses [HTTP Basic Authentication][basicauth], signed against a token key and secret.  Token basic authentication is appropriate for client-server setups, such as native desktop and mobile clients.
+This policy uses [HTTP Authentication][basicauth] with no authentication scheme.  Token basic authentication is appropriate for client-server setups, such as native desktop and mobile clients.  The token key should be passed in as a string to the "Authorization" HTTP header.  For example:
 
-**Note:** If you run `TokenBasicAuthentication` in production your API must be `https` only, or it will be completely insecure.
+    curl http://my.api.org/ -X POST -H "Authorization: 0123456789abcdef0123456789abcdef"
 
-If successfully authenticated, `TokenBasicAuthentication` provides the following credentials.
+**Note:** If you run `TokenAuthentication` in production your API must be `https` only, or it will be completely insecure.
+
+If successfully authenticated, `TokenAuthentication` provides the following credentials.
 
 * `request.user` will be a `django.contrib.auth.models.User` instance.
-* `request.auth` will be a `djangorestframework.models.BasicToken` instance.
+* `request.auth` will be a `djangorestframework.tokenauth.models.BasicToken` instance.
+
+To use the `TokenAuthentication` policy, you must have a token model.  Django REST Framework comes with a minimal default token model.  To use it, include `djangorestframework.tokenauth` in your installed applications and sync your database.  To use your own token model, subclass the `djangorestframework.tokenauth.TokenAuthentication` class and specify a `model` attribute that references your custom token model.  The token model must provide `user`, `key`, and `revoked` attributes.  Refer to the `djangorestframework.tokenauth.models.BasicToken` model as an example.
 
 ## OAuthAuthentication
 
diff --git a/docs/tutorial/3-class-based-views.md b/docs/tutorial/3-class-based-views.md
index d5ba045e..24785179 100644
--- a/docs/tutorial/3-class-based-views.md
+++ b/docs/tutorial/3-class-based-views.md
@@ -11,26 +11,27 @@ We'll start by rewriting the root view as a class based view.  All this involves
     from django.http import Http404
     from djangorestframework.views import APIView
     from djangorestframework.response import Response
-    from djangorestframework.status import status
+    from djangorestframework import status
+
 
     class CommentRoot(APIView):
         """
         List all comments, or create a new comment.
-        """ 
+        """
         def get(self, request, format=None):
             comments = Comment.objects.all()
-            serializer = ComentSerializer(instance=comments)
+            serializer = CommentSerializer(instance=comments)
             return Response(serializer.data)
 
-        def post(self, request, format=None)
-            serializer = ComentSerializer(request.DATA)
+        def post(self, request, format=None):
+            serializer = CommentSerializer(request.DATA)
             if serializer.is_valid():
                 comment = serializer.object
                 comment.save()
-                return Response(serializer.serialized, status=HTTP_201_CREATED)
-            return Response(serializer.serialized_errors, status=HTTP_400_BAD_REQUEST)
+                return Response(serializer.serialized, status=status.HTTP_201_CREATED)
+            return Response(serializer.serialized_errors, status=status.HTTP_400_BAD_REQUEST)
 
-     comment_root = CommentRoot.as_view()
+    comment_root = CommentRoot.as_view()
 
 So far, so good.  It looks pretty similar to the previous case, but we've got better seperation between the different HTTP methods.  We'll also need to update the instance view. 
 
@@ -38,18 +39,18 @@ So far, so good.  It looks pretty similar to the previous case, but we've got be
         """
         Retrieve, update or delete a comment instance.
         """
- 
+
         def get_object(self, pk):
             try:
                 return Comment.objects.get(pk=pk)
             except Comment.DoesNotExist:
                 raise Http404
- 
+
         def get(self, request, pk, format=None):
             comment = self.get_object(pk)
             serializer = CommentSerializer(instance=comment)
             return Response(serializer.data)
-    
+
         def put(self, request, pk, format=None):
             comment = self.get_object(pk)
             serializer = CommentSerializer(request.DATA, instance=comment)
@@ -64,7 +65,7 @@ So far, so good.  It looks pretty similar to the previous case, but we've got be
             comment.delete()
             return Response(status=status.HTTP_204_NO_CONTENT)
 
-        comment_instance = CommentInstance.as_view()
+    comment_instance = CommentInstance.as_view()
 
 That's looking good.  Again, it's still pretty similar to the function based view right now.
 Okay, we're done.  If you run the development server everything should be working just as before.