diff --git a/changelogs/client_server/newsfragments/2379.clarification b/changelogs/client_server/newsfragments/2379.clarification
new file mode 100644
index 00000000..5a51936a
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2379.clarification
@@ -0,0 +1 @@
+Add link to RFC 9700 OAuth 2.0 Best Current Practices.
diff --git a/content/client-server-api/_index.md b/content/client-server-api/_index.md
index 61cdf91c..4cdb84ac 100644
--- a/content/client-server-api/_index.md
+++ b/content/client-server-api/_index.md
@@ -1742,6 +1742,9 @@ over the requirements to create a new account and is not limited by the steps
 defined in this specification. It also means that less trust is given to clients
 because they don't have access to the user's credentials anymore.
 
+The best practices from [RFC 9700](https://datatracker.ietf.org/doc/html/rfc9700)
+are applicable to this API and are recommended reading for implementors.
+
 {{% boxes/warning %}}
 The [User-Interactive Authentication API](#user-interactive-authentication-api)
 is not compatible with the OAuth 2.0 API, so the endpoints that depend on it for