diff --git a/openapi-sdk.yaml b/openapi-sdk.yaml
index 2bb178817..f8408973f 100644
--- a/openapi-sdk.yaml
+++ b/openapi-sdk.yaml
@@ -8317,10 +8317,10 @@ components:
description: 'The token provided when you got the expired access token.'
type: string
client_id:
- description: 'The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.'
+ description: 'The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.'
type: string
client_secret:
- description: 'The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.'
+ description: 'The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.'
type: string
type: object
ReportCreateRequest:
diff --git a/openapi.yaml b/openapi.yaml
index 99098f471..f435429fd 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -8202,10 +8202,10 @@ components:
description: 'The token provided when you got the expired access token.'
type: string
client_id:
- description: 'The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.'
+ description: 'The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.'
type: string
client_secret:
- description: 'The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.'
+ description: 'The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.'
type: string
type: object
ReportCreateRequest:
diff --git a/sdks/dotnet/docs/OAuthTokenRefreshRequest.md b/sdks/dotnet/docs/OAuthTokenRefreshRequest.md
index 5e33e77d9..adf42295c 100644
--- a/sdks/dotnet/docs/OAuthTokenRefreshRequest.md
+++ b/sdks/dotnet/docs/OAuthTokenRefreshRequest.md
@@ -4,7 +4,7 @@
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
-**GrantType** | **string** | When refreshing an existing token use `refresh_token`. | [default to "refresh_token"]**RefreshToken** | **string** | The token provided when you got the expired access token. | **ClientId** | **string** | The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | [optional] **ClientSecret** | **string** | The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | [optional]
+**GrantType** | **string** | When refreshing an existing token use `refresh_token`. | [default to "refresh_token"]**RefreshToken** | **string** | The token provided when you got the expired access token. | **ClientId** | **string** | The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | [optional] **ClientSecret** | **string** | The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | [optional]
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/sdks/dotnet/src/Dropbox.Sign/Model/OAuthTokenRefreshRequest.cs b/sdks/dotnet/src/Dropbox.Sign/Model/OAuthTokenRefreshRequest.cs
index 934de0d88..9be4f7721 100644
--- a/sdks/dotnet/src/Dropbox.Sign/Model/OAuthTokenRefreshRequest.cs
+++ b/sdks/dotnet/src/Dropbox.Sign/Model/OAuthTokenRefreshRequest.cs
@@ -43,8 +43,8 @@ protected OAuthTokenRefreshRequest() { }
///
/// When refreshing an existing token use `refresh_token`. (required) (default to "refresh_token").
/// The token provided when you got the expired access token. (required).
- /// The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled..
- /// The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled..
+ /// The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings..
+ /// The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings..
public OAuthTokenRefreshRequest(string grantType = @"refresh_token", string refreshToken = default(string), string clientId = default(string), string clientSecret = default(string))
{
@@ -95,16 +95,16 @@ public static OAuthTokenRefreshRequest Init(string jsonData)
public string RefreshToken { get; set; }
///
- /// The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+ /// The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
///
- /// The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+ /// The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
[DataMember(Name = "client_id", EmitDefaultValue = true)]
public string ClientId { get; set; }
///
- /// The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+ /// The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
///
- /// The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+ /// The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
[DataMember(Name = "client_secret", EmitDefaultValue = true)]
public string ClientSecret { get; set; }
diff --git a/sdks/java-v1/docs/OAuthTokenRefreshRequest.md b/sdks/java-v1/docs/OAuthTokenRefreshRequest.md
index f0ce43061..bb0a0e5f6 100644
--- a/sdks/java-v1/docs/OAuthTokenRefreshRequest.md
+++ b/sdks/java-v1/docs/OAuthTokenRefreshRequest.md
@@ -10,8 +10,8 @@
|------------ | ------------- | ------------- | -------------|
| `grantType`*_required_ | ```String``` | When refreshing an existing token use `refresh_token`. | |
| `refreshToken`*_required_ | ```String``` | The token provided when you got the expired access token. | |
-| `clientId` | ```String``` | The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | |
-| `clientSecret` | ```String``` | The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | |
+| `clientId` | ```String``` | The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | |
+| `clientSecret` | ```String``` | The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | |
diff --git a/sdks/java-v1/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java b/sdks/java-v1/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java
index d8226d6a7..58cdfdb6d 100644
--- a/sdks/java-v1/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java
+++ b/sdks/java-v1/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java
@@ -117,9 +117,8 @@ public OAuthTokenRefreshRequest clientId(@javax.annotation.Nullable String clien
}
/**
- * The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the
- * \"Client Credentials Required\" setting is enabled for token refresh; optional if
- * disabled.
+ * The client ID for your API app. Required for new API apps. To enhance security, we recommend
+ * making it required for existing apps in your app settings.
*
* @return clientId
*/
@@ -141,9 +140,8 @@ public OAuthTokenRefreshRequest clientSecret(@javax.annotation.Nullable String c
}
/**
- * The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if
- * the \"Client Credentials Required\" setting is enabled for token refresh; optional
- * if disabled.
+ * The client secret for your API app. Required for new API apps. To enhance security, we
+ * recommend making it required for existing apps in your app settings.
*
* @return clientSecret
*/
diff --git a/sdks/java-v2/docs/OAuthTokenRefreshRequest.md b/sdks/java-v2/docs/OAuthTokenRefreshRequest.md
index f0ce43061..bb0a0e5f6 100644
--- a/sdks/java-v2/docs/OAuthTokenRefreshRequest.md
+++ b/sdks/java-v2/docs/OAuthTokenRefreshRequest.md
@@ -10,8 +10,8 @@
|------------ | ------------- | ------------- | -------------|
| `grantType`*_required_ | ```String``` | When refreshing an existing token use `refresh_token`. | |
| `refreshToken`*_required_ | ```String``` | The token provided when you got the expired access token. | |
-| `clientId` | ```String``` | The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | |
-| `clientSecret` | ```String``` | The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | |
+| `clientId` | ```String``` | The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | |
+| `clientSecret` | ```String``` | The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | |
diff --git a/sdks/java-v2/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java b/sdks/java-v2/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java
index 550d2ee1b..3a059a063 100644
--- a/sdks/java-v2/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java
+++ b/sdks/java-v2/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java
@@ -131,7 +131,7 @@ public OAuthTokenRefreshRequest clientId(@jakarta.annotation.Nullable String cli
}
/**
- * The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+ * The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
* @return clientId
*/
@jakarta.annotation.Nullable
@@ -156,7 +156,7 @@ public OAuthTokenRefreshRequest clientSecret(@jakarta.annotation.Nullable String
}
/**
- * The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+ * The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
* @return clientSecret
*/
@jakarta.annotation.Nullable
diff --git a/sdks/node/docs/model/OAuthTokenRefreshRequest.md b/sdks/node/docs/model/OAuthTokenRefreshRequest.md
index 8a24bdc15..b09d1e8b6 100644
--- a/sdks/node/docs/model/OAuthTokenRefreshRequest.md
+++ b/sdks/node/docs/model/OAuthTokenRefreshRequest.md
@@ -8,7 +8,7 @@ Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
| `grantType`*_required_ | ```string``` | When refreshing an existing token use `refresh_token`. | [default to 'refresh_token'] |
| `refreshToken`*_required_ | ```string``` | The token provided when you got the expired access token. | |
-| `clientId` | ```string``` | The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | |
-| `clientSecret` | ```string``` | The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | |
+| `clientId` | ```string``` | The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | |
+| `clientSecret` | ```string``` | The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | |
[[Back to Model list]](../../README.md#models) [[Back to API list]](../../README.md#endpoints) [[Back to README]](../../README.md)
diff --git a/sdks/node/model/oAuthTokenRefreshRequest.ts b/sdks/node/model/oAuthTokenRefreshRequest.ts
index 2f8971dd5..0474497d8 100644
--- a/sdks/node/model/oAuthTokenRefreshRequest.ts
+++ b/sdks/node/model/oAuthTokenRefreshRequest.ts
@@ -34,11 +34,11 @@ export class OAuthTokenRefreshRequest {
*/
"refreshToken": string;
/**
- * The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+ * The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
*/
"clientId"?: string;
/**
- * The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+ * The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
*/
"clientSecret"?: string;
diff --git a/sdks/php/docs/Model/OAuthTokenRefreshRequest.md b/sdks/php/docs/Model/OAuthTokenRefreshRequest.md
index 9ba09db42..590ca4bc3 100644
--- a/sdks/php/docs/Model/OAuthTokenRefreshRequest.md
+++ b/sdks/php/docs/Model/OAuthTokenRefreshRequest.md
@@ -8,7 +8,7 @@ Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
| `grant_type`*_required_ | ```string``` | When refreshing an existing token use `refresh_token`. | [default to 'refresh_token'] |
| `refresh_token`*_required_ | ```string``` | The token provided when you got the expired access token. | |
-| `client_id` | ```string``` | The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | |
-| `client_secret` | ```string``` | The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | |
+| `client_id` | ```string``` | The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | |
+| `client_secret` | ```string``` | The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | |
[[Back to Model list]](../../README.md#models) [[Back to API list]](../../README.md#endpoints) [[Back to README]](../../README.md)
diff --git a/sdks/php/src/Model/OAuthTokenRefreshRequest.php b/sdks/php/src/Model/OAuthTokenRefreshRequest.php
index 01ebaaa9a..8736361b2 100644
--- a/sdks/php/src/Model/OAuthTokenRefreshRequest.php
+++ b/sdks/php/src/Model/OAuthTokenRefreshRequest.php
@@ -391,7 +391,7 @@ public function getClientId()
/**
* Sets client_id
*
- * @param string|null $client_id The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+ * @param string|null $client_id The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
*
* @return self
*/
@@ -418,7 +418,7 @@ public function getClientSecret()
/**
* Sets client_secret
*
- * @param string|null $client_secret The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+ * @param string|null $client_secret The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
*
* @return self
*/
diff --git a/sdks/python/docs/OAuthTokenRefreshRequest.md b/sdks/python/docs/OAuthTokenRefreshRequest.md
index 3dd28092c..05a4e8006 100644
--- a/sdks/python/docs/OAuthTokenRefreshRequest.md
+++ b/sdks/python/docs/OAuthTokenRefreshRequest.md
@@ -7,8 +7,8 @@ Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
| `grant_type`*_required_ | ```str``` | When refreshing an existing token use `refresh_token`. | [default to 'refresh_token'] |
| `refresh_token`*_required_ | ```str``` | The token provided when you got the expired access token. | |
-| `client_id` | ```str``` | The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | |
-| `client_secret` | ```str``` | The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | |
+| `client_id` | ```str``` | The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | |
+| `client_secret` | ```str``` | The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | |
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/sdks/python/dropbox_sign/models/o_auth_token_refresh_request.py b/sdks/python/dropbox_sign/models/o_auth_token_refresh_request.py
index 025a5813b..7a1aa9ae1 100644
--- a/sdks/python/dropbox_sign/models/o_auth_token_refresh_request.py
+++ b/sdks/python/dropbox_sign/models/o_auth_token_refresh_request.py
@@ -40,11 +40,11 @@ class OAuthTokenRefreshRequest(BaseModel):
)
client_id: Optional[StrictStr] = Field(
default=None,
- description='The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.',
+ description="The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.",
)
client_secret: Optional[StrictStr] = Field(
default=None,
- description='The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.',
+ description="The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.",
)
__properties: ClassVar[List[str]] = [
"grant_type",
diff --git a/sdks/ruby/docs/OAuthTokenRefreshRequest.md b/sdks/ruby/docs/OAuthTokenRefreshRequest.md
index 4bd1757c8..0980f70be 100644
--- a/sdks/ruby/docs/OAuthTokenRefreshRequest.md
+++ b/sdks/ruby/docs/OAuthTokenRefreshRequest.md
@@ -8,6 +8,6 @@
| ---- | ---- | ----------- | ----- |
| `grant_type`*_required_ | ```String``` | When refreshing an existing token use `refresh_token`. | [default to 'refresh_token'] |
| `refresh_token`*_required_ | ```String``` | The token provided when you got the expired access token. | |
-| `client_id` | ```String``` | The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | |
-| `client_secret` | ```String``` | The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled. | |
+| `client_id` | ```String``` | The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | |
+| `client_secret` | ```String``` | The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings. | |
diff --git a/sdks/ruby/lib/dropbox-sign/models/o_auth_token_refresh_request.rb b/sdks/ruby/lib/dropbox-sign/models/o_auth_token_refresh_request.rb
index 67157622e..9fafd8e61 100644
--- a/sdks/ruby/lib/dropbox-sign/models/o_auth_token_refresh_request.rb
+++ b/sdks/ruby/lib/dropbox-sign/models/o_auth_token_refresh_request.rb
@@ -26,11 +26,11 @@ class OAuthTokenRefreshRequest
# @return [String]
attr_accessor :refresh_token
- # The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+ # The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
# @return [String]
attr_accessor :client_id
- # The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+ # The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
# @return [String]
attr_accessor :client_secret
diff --git a/translations/en.yaml b/translations/en.yaml
index 42f635bef..ef2199191 100644
--- a/translations/en.yaml
+++ b/translations/en.yaml
@@ -231,8 +231,8 @@
"OAuthTokenRefresh::DESCRIPTION": Access tokens are only valid for a given period of time (typically one hour) for security reasons. Whenever acquiring an new access token its TTL is also given (see `expires_in`), along with a refresh token that can be used to acquire a new access token after the current one has expired.
"OAuthTokenRefresh::GRANT_TYPE": When refreshing an existing token use `refresh_token`.
"OAuthTokenRefresh::REFRESH_TOKEN": The token provided when you got the expired access token.
-"OAuthTokenRefresh::CLIENT_ID": The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.
-"OAuthTokenRefresh::CLIENT_SECRET": The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.
+"OAuthTokenRefresh::CLIENT_ID": The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
+"OAuthTokenRefresh::CLIENT_SECRET": The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.
"ReportCreate::SUMMARY": Create Report
"ReportCreate::DESCRIPTION": |-