diff --git a/api/client-server/whoami.yaml b/api/client-server/whoami.yaml
index e3262fe4..8f5abdf7 100644
--- a/api/client-server/whoami.yaml
+++ b/api/client-server/whoami.yaml
@@ -29,7 +29,14 @@ paths:
     get:
       summary: Gets information about the owner of an access token.
       description: |-
-        Gets information about the owner of a given access token.
+        Gets information about the owner of a given access token. 
+        
+        Note that, as with the rest of the Client-Server API, 
+        Application Services may masquerade as users within their 
+        namespace by giving a ``user_id`` query parameter. In this 
+        situation, the server should verify that the given ``user_id``
+        is registered by the appservice, and return it in the response 
+        body.
       operationId: getTokenOwner
       security:
         - accessToken: []
@@ -40,8 +47,8 @@ paths:
             The token belongs to a known user.
           examples:
             application/json: {
-                "user_id": "@joe:example.org"
-              }
+              "user_id": "@joe:example.org"
+            }
           schema:
             type: object
             required: ["user_id"]
@@ -49,5 +56,29 @@ paths:
               user_id:
                 type: string
                 description: The user id that owns the access token.
+        401:
+          description:
+            The token is not recognised
+          examples:
+            application/json: {
+              "errcode": "M_UNKNOWN_TOKEN",
+              "error": "Unrecognised access token."
+            }
+          schema:
+            "$ref": "definitions/error.yaml"
+        403:
+          description:
+            The appservice cannot masquerade as the user or has not registered them.
+          examples:
+            application/json: {
+              "errcode": "M_FORBIDDEN",
+              "error": "Application service has not registered this user."
+            }
+          schema:
+            "$ref": "definitions/error.yaml"
+        429:
+          description: This request was rate-limited.
+          schema:
+            "$ref": "definitions/error.yaml"
       tags:
         - User data
diff --git a/changelogs/client_server.rst b/changelogs/client_server.rst
index 5947e96c..34fbfdbe 100644
--- a/changelogs/client_server.rst
+++ b/changelogs/client_server.rst
@@ -23,6 +23,8 @@ Unreleased changes
     (`#1137 <https://github.com/matrix-org/matrix-doc/pull/1137>`_).
   - Clarify that ``m.tag`` ordering is done with numbers, not strings
     (`#1139 <https://github.com/matrix-org/matrix-doc/pull/1139>`_).
+  - Clarify that ``/account/whoami`` should consider application services
+    (`#1152 <https://github.com/matrix-org/matrix-doc/pull/1152>`_).
 
 - Changes to the API which will be backwards-compatible for clients: