diff --git a/apps/docs/src/content/docs/guides/ticket-proofs.mdx b/apps/docs/src/content/docs/guides/ticket-proofs.mdx
index 48fb698..3ddb12f 100644
--- a/apps/docs/src/content/docs/guides/ticket-proofs.mdx
+++ b/apps/docs/src/content/docs/guides/ticket-proofs.mdx
@@ -107,7 +107,7 @@ As we saw in the original proof request, the `attendeeEmail` entry is revealed:
 
 To understand how this works, read on!
 
-# What's in a ticket proof
+# Configuring a ticket proof request
 
 Ticket proofs enable the user to prove that they hold an event ticket matching certain criteria. They also allow the user to selectively reveal certain pieces of data contained in the ticket, such as their email address or name.
 
@@ -224,6 +224,12 @@ const request = ticketProofRequest({
 });
 ```
 
+## Watermark
 
+You can add a watermark to your proof, which allows you to uniquely identify a proof. Precisely which value to use for the watermark depends on your application and use-case, but you might use a unique session ID, or a single-use number generated by your application.
 
-## Watermark
\ No newline at end of file
+If you add a watermark to your proof request, you can check the watermark when later verifying the proof. A typical workflow might involve your client application requesting a random number from your server, which stores the number. The number is passed as a watermark in the proof request, and then you can send the proof to the server for verification. The server then checks that the watermark is equal to the random number it generated. By requiring the watermark to equal some single-use secret value, you ensure that the client cannot re-use a previously-generated proof.
+
+# Verifying a ticket proof
+
+TODO.
\ No newline at end of file