diff --git a/docs/concepts/rest_apis.rst b/docs/concepts/rest_apis.rst
index ef1dfca031..69164d74c7 100644
--- a/docs/concepts/rest_apis.rst
+++ b/docs/concepts/rest_apis.rst
@@ -1,23 +1,30 @@
 edx-platform REST API Concepts
 ##############################
 
-APIs in the edx-platform fall into one of two categories.  **Personal APIs**
-that only let you manipluate resources related to your user (the single user
-associated with the OAuth2 Application) or **Machine-to-machine APIs** that
-allow you to manipulate other users and system resources so long as the user
-associated with the OAuth2 application has the permissions to do so.
+APIs in the edx-platform fall into one of two categories.
+
+#. **Personal APIs** that only let you manipluate resources related to your
+   user (the single user associated with the OAuth2 Application)
+
+#. **Machine-to-machine APIs** that allow you to manipulate other users and
+   system resources so long as the user associated with the OAuth2 application
+   has the permissions to do so.
 
 The best way to interact with the APIs is to get a JWT Token associated with a
 user and then pass that to the server as a part of the request header.
 
-You can get a JWT one of two ways, one is to exchange the username and password
-for a user to get their JWT, and the other is to get a JWT associated with an
-OAuth2 Application (the application is associated with your user) that allows you
-to manipulate other users and system resources so long as the user associated
-with the OAuth2 application has the permissions to do so.
+You can get a JWT one of two ways:
 
-JWTs by default expire every hour so when they expire you'll have to get a new
-one before you can call the API again.
+#. Exchange the username and password for a user to get their JWT (see
+   :ref:`JWT from user`)
+
+#. Get a JWT associated with an OAuth2 Application (the application is
+   associated with your user) that allows you to manipulate other users and
+   system resources so long as the user associated with the OAuth2 application
+   has the permissions to do so. (see :ref:`JWT from application`)
+
+.. note:: JWTs by default expire every hour so when they expire you'll have to
+   get a new one before you can call the API again.
 
 .. seealso::
 
@@ -27,6 +34,6 @@ one before you can call the API again.
 
    * `OAuth2, JWT and Mobile <https://openedx.atlassian.net/wiki/spaces/AC/pages/42599769/OAuth2+JWT+and+Mobile>`_
 
-   * `Open edX Rest API Conventions <https://openedx.atlassian.net/wiki/spaces/AC/pages/18350757/Open+edX+REST+API+Conventions>`
+   * `Open edX Rest API Conventions <https://openedx.atlassian.net/wiki/spaces/AC/pages/18350757/Open+edX+REST+API+Conventions>`_
 
-   * `edX Enterprise REST API Auth Guide <https://edx-enterprise-api.readthedocs.io/en/latest/authentication.html>`
+   * `edX Enterprise REST API Auth Guide <https://edx-enterprise-api.readthedocs.io/en/latest/authentication.html>`_
diff --git a/docs/references/auth_code_samples.rst b/docs/references/auth_code_samples.rst
index 353d9b14b6..0bd5980fb3 100644
--- a/docs/references/auth_code_samples.rst
+++ b/docs/references/auth_code_samples.rst
@@ -8,6 +8,8 @@ Authentication Related Code Samples
    examples are useful but you should generally not expose any of these tokens
    to systems or clients you don't trust.
 
+.. _JWT from user:
+
 Get a JWT with a Username and Password
 **************************************
 
@@ -39,6 +41,8 @@ Get a JWT with a Username and Password
 
 .. note:: The client type must be ``public`` for this to work.
 
+.. _JWT from application:
+
 Get a JWT with a client_id and client_secret
 ********************************************