diff --git a/README.md b/README.md
index 79d74b23b1a3b28b7b7e9e0f8d7f38f03e5acee0..3b20268978f05da469dcfd006e2cfd3d150c0d06 100755
--- a/README.md
+++ b/README.md
@@ -40,3 +40,18 @@ In production it makes sense to run stechuhr with gunicorn:
 source env/bin/activate
 gunicorn stechuhr_server.server:app
 ```
+
+# Configuration
+
+## ID verification
+
+in `config.toml` you can add a list of regex patterns that stechuhr (*both on server and on client!*) uses to verify the Card IDs. These two patterns for example allow upper/lowercase hex strings with lengths either between 6 and 16 characters OR exactly 24 characters:
+
+```toml
+id_patterns = [
+    "^[A-Fa-f0-9]{24}$",
+    "^[A-Fa-f0-9]{6,16}$",
+]
+```
+
+If in doubt consider [testing your regexes here](https://regexplained.com/)
\ No newline at end of file
diff --git a/test.sh b/test.sh
index f5a34e82fcc6499f6e5732dcd3175f6aa82bfb2c..618a65fc1df2de80077fc4336c3d2f6eaf28e89b 100644
--- a/test.sh
+++ b/test.sh
@@ -1,3 +1,3 @@
 #! /bin/bash
 
-curl --header "Content-Type: application/json"  --request POST --data '{"location":"lerchenfeld", "entrance":"haupteingang", "direction":"in", "id":"543GFDHG"}' http://localhost:8000/
+curl --header "Content-Type: application/json"  --request POST --data '{"location":"lerchenfeld", "entrance":"haupteingang", "direction":"in", "id":"DEADBEEF42"}' http://localhost:8000/