diff --git a/www/apps/book/app/advanced-development/api-routes/protected-routes/page.mdx b/www/apps/book/app/advanced-development/api-routes/protected-routes/page.mdx
index b178b50e4d..de78e2b806 100644
--- a/www/apps/book/app/advanced-development/api-routes/protected-routes/page.mdx
+++ b/www/apps/book/app/advanced-development/api-routes/protected-routes/page.mdx
@@ -67,7 +67,7 @@ export default defineMiddlewares({
 
 The `authenticate` middleware function accepts three parameters:
 
-1. The type of user authenticating. Use `user` for authenticating admin users, and `customer` for authenticating customers.
+1. The type of user authenticating. Use `user` for authenticating admin users, and `customer` for authenticating customers. You can also pass `*` to allow all types of users.
 2. An array of the types of authentication methods allowed. Both `user` and `customer` scopes support `session` and `bearer`. The `admin` scope also supports the `api-key` authentication method.
 3. An optional object of configurations accepting the following property:
     - `allowUnauthenticated`: (default: `false`) A boolean indicating whether authentication is required. For example, you may have an API route where you want to access the logged-in customer if available, but guest customers can still access it too.