content/client-server-api/_index.md

@@ -477,7 +477,8 @@ the API that was used to obtain their current access token.
 
 {{% boxes/note %}}
 Currently the OAuth 2.0 API doesn't cover all the use cases of the legacy API,
-such as automated applications that cannot use a web browser.
+such as automated applications that cannot use a web browser, or
+user management by [application services](application-service-api/#server-admin-style-permissions).
 {{% /boxes/note %}}
 
 ### Authentication API discovery
@@ -501,12 +502,6 @@ user must do that directly in the homeserver's web UI. However, the client can
 signal to the homeserver that the user wishes to create a new account with the
 [`prompt=create`](#user-registration) parameter during authorization.
 
-{{% boxes/note %}}
-{{% added-in v="1.17" %}}
-Application services can use the `/register` endpoint to create users regardless
-of the authentication API supported by the homeserver.
-{{% /boxes/note %}}
-
 ### Login
 
 With the legacy API, a client can obtain an access token by using one of the