diff --git a/openapi-raw.yaml b/openapi-raw.yaml
index facc85abe..e99eba9c5 100644
--- a/openapi-raw.yaml
+++ b/openapi-raw.yaml
@@ -2233,6 +2233,23 @@ paths:
               examples:
                 default_example:
                   $ref: '#/components/examples/OAuthTokenGenerateResponseExample'
+        4XX:
+          description: failed_operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              examples:
+                400_example:
+                  $ref: '#/components/examples/Error400ResponseExample'
+                401_example:
+                  $ref: '#/components/examples/Error401ResponseExample'
+                402_example:
+                  $ref: '#/components/examples/Error402ResponseExample'
+                403_example:
+                  $ref: '#/components/examples/Error403ResponseExample'
+                4XX_example:
+                  $ref: '#/components/examples/Error4XXResponseExample'
       security: []
       servers:
         -
@@ -2316,6 +2333,23 @@ paths:
               examples:
                 default_example:
                   $ref: '#/components/examples/OAuthTokenRefreshResponseExample'
+        4XX:
+          description: failed_operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              examples:
+                400_example:
+                  $ref: '#/components/examples/Error400ResponseExample'
+                401_example:
+                  $ref: '#/components/examples/Error401ResponseExample'
+                402_example:
+                  $ref: '#/components/examples/Error402ResponseExample'
+                403_example:
+                  $ref: '#/components/examples/Error403ResponseExample'
+                4XX_example:
+                  $ref: '#/components/examples/Error4XXResponseExample'
       security: []
       servers:
         -
@@ -7288,6 +7322,12 @@ components:
         refresh_token:
           description: '_t__OAuthTokenRefresh::REFRESH_TOKEN'
           type: string
+        client_id:
+          description: '_t__OAuthTokenRefresh::CLIENT_ID'
+          type: string
+        client_secret:
+          description: '_t__OAuthTokenRefresh::CLIENT_SECRET'
+          type: string
       type: object
     ReportCreateRequest:
       required:
diff --git a/openapi-sdk.yaml b/openapi-sdk.yaml
index ae2e0628b..13767b7ac 100644
--- a/openapi-sdk.yaml
+++ b/openapi-sdk.yaml
@@ -2239,6 +2239,23 @@ paths:
               examples:
                 default_example:
                   $ref: '#/components/examples/OAuthTokenGenerateResponseExample'
+        4XX:
+          description: failed_operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              examples:
+                400_example:
+                  $ref: '#/components/examples/Error400ResponseExample'
+                401_example:
+                  $ref: '#/components/examples/Error401ResponseExample'
+                402_example:
+                  $ref: '#/components/examples/Error402ResponseExample'
+                403_example:
+                  $ref: '#/components/examples/Error403ResponseExample'
+                4XX_example:
+                  $ref: '#/components/examples/Error4XXResponseExample'
       security: []
       servers:
         -
@@ -2322,6 +2339,23 @@ paths:
               examples:
                 default_example:
                   $ref: '#/components/examples/OAuthTokenRefreshResponseExample'
+        4XX:
+          description: failed_operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              examples:
+                400_example:
+                  $ref: '#/components/examples/Error400ResponseExample'
+                401_example:
+                  $ref: '#/components/examples/Error401ResponseExample'
+                402_example:
+                  $ref: '#/components/examples/Error402ResponseExample'
+                403_example:
+                  $ref: '#/components/examples/Error403ResponseExample'
+                4XX_example:
+                  $ref: '#/components/examples/Error4XXResponseExample'
       security: []
       servers:
         -
@@ -7382,6 +7416,12 @@ components:
         refresh_token:
           description: 'The token provided when you got the expired access token.'
           type: string
+        client_id:
+          description: 'The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.'
+          type: string
+        client_secret:
+          description: 'The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.'
+          type: string
       type: object
     ReportCreateRequest:
       required:
diff --git a/openapi.yaml b/openapi.yaml
index 84dce9f1e..45e195384 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -2239,6 +2239,23 @@ paths:
               examples:
                 default_example:
                   $ref: '#/components/examples/OAuthTokenGenerateResponseExample'
+        4XX:
+          description: failed_operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              examples:
+                400_example:
+                  $ref: '#/components/examples/Error400ResponseExample'
+                401_example:
+                  $ref: '#/components/examples/Error401ResponseExample'
+                402_example:
+                  $ref: '#/components/examples/Error402ResponseExample'
+                403_example:
+                  $ref: '#/components/examples/Error403ResponseExample'
+                4XX_example:
+                  $ref: '#/components/examples/Error4XXResponseExample'
       security: []
       servers:
         -
@@ -2322,6 +2339,23 @@ paths:
               examples:
                 default_example:
                   $ref: '#/components/examples/OAuthTokenRefreshResponseExample'
+        4XX:
+          description: failed_operation
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+              examples:
+                400_example:
+                  $ref: '#/components/examples/Error400ResponseExample'
+                401_example:
+                  $ref: '#/components/examples/Error401ResponseExample'
+                402_example:
+                  $ref: '#/components/examples/Error402ResponseExample'
+                403_example:
+                  $ref: '#/components/examples/Error403ResponseExample'
+                4XX_example:
+                  $ref: '#/components/examples/Error4XXResponseExample'
       security: []
       servers:
         -
@@ -7382,6 +7416,12 @@ components:
         refresh_token:
           description: 'The token provided when you got the expired access token.'
           type: string
+        client_id:
+          description: 'The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.'
+          type: string
+        client_secret:
+          description: 'The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.'
+          type: string
       type: object
     ReportCreateRequest:
       required:
diff --git a/sdks/dotnet/docs/OAuthApi.md b/sdks/dotnet/docs/OAuthApi.md
index 5af912344..c80ee2758 100644
--- a/sdks/dotnet/docs/OAuthApi.md
+++ b/sdks/dotnet/docs/OAuthApi.md
@@ -99,6 +99,7 @@ No authorization required
 | Status code | Description | Response headers |
 |-------------|-------------|------------------|
 | **200** | successful operation |  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  |
+| **4XX** | failed_operation |  -  |
 
 [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
 
@@ -191,6 +192,7 @@ No authorization required
 | Status code | Description | Response headers |
 |-------------|-------------|------------------|
 | **200** | successful operation |  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  |
+| **4XX** | failed_operation |  -  |
 
 [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
 
diff --git a/sdks/dotnet/docs/OAuthTokenRefreshRequest.md b/sdks/dotnet/docs/OAuthTokenRefreshRequest.md
index c9866d3bf..5e33e77d9 100644
--- a/sdks/dotnet/docs/OAuthTokenRefreshRequest.md
+++ b/sdks/dotnet/docs/OAuthTokenRefreshRequest.md
@@ -4,7 +4,7 @@
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**GrantType** | **string** |  When refreshing an existing token use `refresh_token`.  | [default to "refresh_token"]**RefreshToken** | **string** |  The token provided when you got the expired access token.  | 
+**GrantType** | **string** |  When refreshing an existing token use `refresh_token`.  | [default to "refresh_token"]**RefreshToken** | **string** |  The token provided when you got the expired access token.  | **ClientId** | **string** |  The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  | [optional] **ClientSecret** | **string** |  The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/sdks/dotnet/src/Dropbox.Sign/Model/OAuthTokenRefreshRequest.cs b/sdks/dotnet/src/Dropbox.Sign/Model/OAuthTokenRefreshRequest.cs
index dbfb22b5f..934de0d88 100644
--- a/sdks/dotnet/src/Dropbox.Sign/Model/OAuthTokenRefreshRequest.cs
+++ b/sdks/dotnet/src/Dropbox.Sign/Model/OAuthTokenRefreshRequest.cs
@@ -43,7 +43,9 @@ protected OAuthTokenRefreshRequest() { }
         /// </summary>
         /// <param name="grantType">When refreshing an existing token use &#x60;refresh_token&#x60;. (required) (default to &quot;refresh_token&quot;).</param>
         /// <param name="refreshToken">The token provided when you got the expired access token. (required).</param>
-        public OAuthTokenRefreshRequest(string grantType = @"refresh_token", string refreshToken = default(string))
+        /// <param name="clientId">The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \&quot;Client Credentials Required\&quot; setting is enabled for token refresh; optional if disabled..</param>
+        /// <param name="clientSecret">The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \&quot;Client Credentials Required\&quot; setting is enabled for token refresh; optional if disabled..</param>
+        public OAuthTokenRefreshRequest(string grantType = @"refresh_token", string refreshToken = default(string), string clientId = default(string), string clientSecret = default(string))
         {
 
             // to ensure "grantType" is required (not null)
@@ -58,6 +60,8 @@ protected OAuthTokenRefreshRequest() { }
                 throw new ArgumentNullException("refreshToken is a required property for OAuthTokenRefreshRequest and cannot be null");
             }
             this.RefreshToken = refreshToken;
+            this.ClientId = clientId;
+            this.ClientSecret = clientSecret;
         }
 
         /// <summary>
@@ -90,6 +94,20 @@ public static OAuthTokenRefreshRequest Init(string jsonData)
         [DataMember(Name = "refresh_token", IsRequired = true, EmitDefaultValue = true)]
         public string RefreshToken { get; set; }
 
+        /// <summary>
+        /// The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \&quot;Client Credentials Required\&quot; setting is enabled for token refresh; optional if disabled.
+        /// </summary>
+        /// <value>The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \&quot;Client Credentials Required\&quot; setting is enabled for token refresh; optional if disabled.</value>
+        [DataMember(Name = "client_id", EmitDefaultValue = true)]
+        public string ClientId { get; set; }
+
+        /// <summary>
+        /// The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \&quot;Client Credentials Required\&quot; setting is enabled for token refresh; optional if disabled.
+        /// </summary>
+        /// <value>The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \&quot;Client Credentials Required\&quot; setting is enabled for token refresh; optional if disabled.</value>
+        [DataMember(Name = "client_secret", EmitDefaultValue = true)]
+        public string ClientSecret { get; set; }
+
         /// <summary>
         /// Returns the string presentation of the object
         /// </summary>
@@ -100,6 +118,8 @@ public override string ToString()
             sb.Append("class OAuthTokenRefreshRequest {\n");
             sb.Append("  GrantType: ").Append(GrantType).Append("\n");
             sb.Append("  RefreshToken: ").Append(RefreshToken).Append("\n");
+            sb.Append("  ClientId: ").Append(ClientId).Append("\n");
+            sb.Append("  ClientSecret: ").Append(ClientSecret).Append("\n");
             sb.Append("}\n");
             return sb.ToString();
         }
@@ -144,6 +164,16 @@ public bool Equals(OAuthTokenRefreshRequest input)
                     this.RefreshToken == input.RefreshToken ||
                     (this.RefreshToken != null &&
                     this.RefreshToken.Equals(input.RefreshToken))
+                ) &&
+                (
+                    this.ClientId == input.ClientId ||
+                    (this.ClientId != null &&
+                    this.ClientId.Equals(input.ClientId))
+                ) &&
+                (
+                    this.ClientSecret == input.ClientSecret ||
+                    (this.ClientSecret != null &&
+                    this.ClientSecret.Equals(input.ClientSecret))
                 );
         }
 
@@ -164,6 +194,14 @@ public override int GetHashCode()
                 {
                     hashCode = (hashCode * 59) + this.RefreshToken.GetHashCode();
                 }
+                if (this.ClientId != null)
+                {
+                    hashCode = (hashCode * 59) + this.ClientId.GetHashCode();
+                }
+                if (this.ClientSecret != null)
+                {
+                    hashCode = (hashCode * 59) + this.ClientSecret.GetHashCode();
+                }
                 return hashCode;
             }
         }
@@ -194,6 +232,20 @@ public List<OpenApiType> GetOpenApiTypes()
                 Type = "string",
                 Value = RefreshToken,
             });
+            types.Add(new OpenApiType()
+            {
+                Name = "client_id",
+                Property = "ClientId",
+                Type = "string",
+                Value = ClientId,
+            });
+            types.Add(new OpenApiType()
+            {
+                Name = "client_secret",
+                Property = "ClientSecret",
+                Type = "string",
+                Value = ClientSecret,
+            });
 
             return types;
         }
diff --git a/sdks/java-v1/docs/OAuthApi.md b/sdks/java-v1/docs/OAuthApi.md
index 533052ba2..a2eaa2508 100644
--- a/sdks/java-v1/docs/OAuthApi.md
+++ b/sdks/java-v1/docs/OAuthApi.md
@@ -77,6 +77,7 @@ No authorization required
 | Status code | Description | Response headers |
 |-------------|-------------|------------------|
 | **200** | successful operation |  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  |
+| **4XX** | failed_operation |  -  |
 
 
 ## oauthTokenRefresh
@@ -144,4 +145,5 @@ No authorization required
 | Status code | Description | Response headers |
 |-------------|-------------|------------------|
 | **200** | successful operation |  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  |
+| **4XX** | failed_operation |  -  |
 
diff --git a/sdks/java-v1/docs/OAuthTokenRefreshRequest.md b/sdks/java-v1/docs/OAuthTokenRefreshRequest.md
index 2b985fa91..f0ce43061 100644
--- a/sdks/java-v1/docs/OAuthTokenRefreshRequest.md
+++ b/sdks/java-v1/docs/OAuthTokenRefreshRequest.md
@@ -10,6 +10,8 @@
 |------------ | ------------- | ------------- | -------------|
 | `grantType`<sup>*_required_</sup> | ```String``` |  When refreshing an existing token use `refresh_token`.  |  |
 | `refreshToken`<sup>*_required_</sup> | ```String``` |  The token provided when you got the expired access token.  |  |
+| `clientId` | ```String``` |  The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  |  |
+| `clientSecret` | ```String``` |  The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  |  |
 
 
 
diff --git a/sdks/java-v1/src/main/java/com/dropbox/sign/api/OAuthApi.java b/sdks/java-v1/src/main/java/com/dropbox/sign/api/OAuthApi.java
index f9e6d08f3..db4fbb10c 100644
--- a/sdks/java-v1/src/main/java/com/dropbox/sign/api/OAuthApi.java
+++ b/sdks/java-v1/src/main/java/com/dropbox/sign/api/OAuthApi.java
@@ -55,6 +55,7 @@ public void setApiClient(ApiClient apiClient) {
      *     <table summary="Response Details" border="1">
      * <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
      * <tr><td> 200 </td><td> successful operation </td><td>  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  </td></tr>
+     * <tr><td> 4XX </td><td> failed_operation </td><td>  -  </td></tr>
      * </table>
      */
     public OAuthTokenResponse oauthTokenGenerate(
@@ -73,6 +74,7 @@ public OAuthTokenResponse oauthTokenGenerate(
      *     <table summary="Response Details" border="1">
      * <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
      * <tr><td> 200 </td><td> successful operation </td><td>  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  </td></tr>
+     * <tr><td> 4XX </td><td> failed_operation </td><td>  -  </td></tr>
      * </table>
      */
     public ApiResponse<OAuthTokenResponse> oauthTokenGenerateWithHttpInfo(
@@ -125,6 +127,7 @@ public ApiResponse<OAuthTokenResponse> oauthTokenGenerateWithHttpInfo(
      *     <table summary="Response Details" border="1">
      * <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
      * <tr><td> 200 </td><td> successful operation </td><td>  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  </td></tr>
+     * <tr><td> 4XX </td><td> failed_operation </td><td>  -  </td></tr>
      * </table>
      */
     public OAuthTokenResponse oauthTokenRefresh(OAuthTokenRefreshRequest oauthTokenRefreshRequest)
@@ -145,6 +148,7 @@ public OAuthTokenResponse oauthTokenRefresh(OAuthTokenRefreshRequest oauthTokenR
      *     <table summary="Response Details" border="1">
      * <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
      * <tr><td> 200 </td><td> successful operation </td><td>  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  </td></tr>
+     * <tr><td> 4XX </td><td> failed_operation </td><td>  -  </td></tr>
      * </table>
      */
     public ApiResponse<OAuthTokenResponse> oauthTokenRefreshWithHttpInfo(
diff --git a/sdks/java-v1/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java b/sdks/java-v1/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java
index 6aa0a0552..75979827e 100644
--- a/sdks/java-v1/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java
+++ b/sdks/java-v1/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java
@@ -26,7 +26,9 @@
 /** OAuthTokenRefreshRequest */
 @JsonPropertyOrder({
     OAuthTokenRefreshRequest.JSON_PROPERTY_GRANT_TYPE,
-    OAuthTokenRefreshRequest.JSON_PROPERTY_REFRESH_TOKEN
+    OAuthTokenRefreshRequest.JSON_PROPERTY_REFRESH_TOKEN,
+    OAuthTokenRefreshRequest.JSON_PROPERTY_CLIENT_ID,
+    OAuthTokenRefreshRequest.JSON_PROPERTY_CLIENT_SECRET
 })
 @javax.annotation.Generated(
         value = "org.openapitools.codegen.languages.JavaClientCodegen",
@@ -39,6 +41,12 @@ public class OAuthTokenRefreshRequest {
     public static final String JSON_PROPERTY_REFRESH_TOKEN = "refresh_token";
     private String refreshToken;
 
+    public static final String JSON_PROPERTY_CLIENT_ID = "client_id";
+    private String clientId;
+
+    public static final String JSON_PROPERTY_CLIENT_SECRET = "client_secret";
+    private String clientSecret;
+
     public OAuthTokenRefreshRequest() {}
 
     /**
@@ -103,6 +111,54 @@ public void setRefreshToken(String refreshToken) {
         this.refreshToken = refreshToken;
     }
 
+    public OAuthTokenRefreshRequest clientId(String clientId) {
+        this.clientId = clientId;
+        return this;
+    }
+
+    /**
+     * The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the
+     * \&quot;Client Credentials Required\&quot; setting is enabled for token refresh; optional if
+     * disabled.
+     *
+     * @return clientId
+     */
+    @javax.annotation.Nullable @JsonProperty(JSON_PROPERTY_CLIENT_ID)
+    @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
+    public String getClientId() {
+        return clientId;
+    }
+
+    @JsonProperty(JSON_PROPERTY_CLIENT_ID)
+    @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
+    public void setClientId(String clientId) {
+        this.clientId = clientId;
+    }
+
+    public OAuthTokenRefreshRequest clientSecret(String clientSecret) {
+        this.clientSecret = clientSecret;
+        return this;
+    }
+
+    /**
+     * The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if
+     * the \&quot;Client Credentials Required\&quot; setting is enabled for token refresh; optional
+     * if disabled.
+     *
+     * @return clientSecret
+     */
+    @javax.annotation.Nullable @JsonProperty(JSON_PROPERTY_CLIENT_SECRET)
+    @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
+    public String getClientSecret() {
+        return clientSecret;
+    }
+
+    @JsonProperty(JSON_PROPERTY_CLIENT_SECRET)
+    @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
+    public void setClientSecret(String clientSecret) {
+        this.clientSecret = clientSecret;
+    }
+
     /** Return true if this OAuthTokenRefreshRequest object is equal to o. */
     @Override
     public boolean equals(Object o) {
@@ -114,12 +170,14 @@ public boolean equals(Object o) {
         }
         OAuthTokenRefreshRequest oauthTokenRefreshRequest = (OAuthTokenRefreshRequest) o;
         return Objects.equals(this.grantType, oauthTokenRefreshRequest.grantType)
-                && Objects.equals(this.refreshToken, oauthTokenRefreshRequest.refreshToken);
+                && Objects.equals(this.refreshToken, oauthTokenRefreshRequest.refreshToken)
+                && Objects.equals(this.clientId, oauthTokenRefreshRequest.clientId)
+                && Objects.equals(this.clientSecret, oauthTokenRefreshRequest.clientSecret);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(grantType, refreshToken);
+        return Objects.hash(grantType, refreshToken, clientId, clientSecret);
     }
 
     @Override
@@ -128,6 +186,8 @@ public String toString() {
         sb.append("class OAuthTokenRefreshRequest {\n");
         sb.append("    grantType: ").append(toIndentedString(grantType)).append("\n");
         sb.append("    refreshToken: ").append(toIndentedString(refreshToken)).append("\n");
+        sb.append("    clientId: ").append(toIndentedString(clientId)).append("\n");
+        sb.append("    clientSecret: ").append(toIndentedString(clientSecret)).append("\n");
         sb.append("}");
         return sb.toString();
     }
@@ -176,6 +236,46 @@ public Map<String, Object> createFormData() throws ApiException {
                             JSON.getDefault().getMapper().writeValueAsString(refreshToken));
                 }
             }
+            if (clientId != null) {
+                if (isFileTypeOrListOfFiles(clientId)) {
+                    fileTypeFound = true;
+                }
+
+                if (clientId.getClass().equals(java.io.File.class)
+                        || clientId.getClass().equals(Integer.class)
+                        || clientId.getClass().equals(String.class)
+                        || clientId.getClass().isEnum()) {
+                    map.put("client_id", clientId);
+                } else if (isListOfFile(clientId)) {
+                    for (int i = 0; i < getListSize(clientId); i++) {
+                        map.put("client_id[" + i + "]", getFromList(clientId, i));
+                    }
+                } else {
+                    map.put(
+                            "client_id",
+                            JSON.getDefault().getMapper().writeValueAsString(clientId));
+                }
+            }
+            if (clientSecret != null) {
+                if (isFileTypeOrListOfFiles(clientSecret)) {
+                    fileTypeFound = true;
+                }
+
+                if (clientSecret.getClass().equals(java.io.File.class)
+                        || clientSecret.getClass().equals(Integer.class)
+                        || clientSecret.getClass().equals(String.class)
+                        || clientSecret.getClass().isEnum()) {
+                    map.put("client_secret", clientSecret);
+                } else if (isListOfFile(clientSecret)) {
+                    for (int i = 0; i < getListSize(clientSecret); i++) {
+                        map.put("client_secret[" + i + "]", getFromList(clientSecret, i));
+                    }
+                } else {
+                    map.put(
+                            "client_secret",
+                            JSON.getDefault().getMapper().writeValueAsString(clientSecret));
+                }
+            }
         } catch (Exception e) {
             throw new ApiException(e);
         }
diff --git a/sdks/java-v2/docs/OAuthApi.md b/sdks/java-v2/docs/OAuthApi.md
index 533052ba2..a2eaa2508 100644
--- a/sdks/java-v2/docs/OAuthApi.md
+++ b/sdks/java-v2/docs/OAuthApi.md
@@ -77,6 +77,7 @@ No authorization required
 | Status code | Description | Response headers |
 |-------------|-------------|------------------|
 | **200** | successful operation |  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  |
+| **4XX** | failed_operation |  -  |
 
 
 ## oauthTokenRefresh
@@ -144,4 +145,5 @@ No authorization required
 | Status code | Description | Response headers |
 |-------------|-------------|------------------|
 | **200** | successful operation |  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  |
+| **4XX** | failed_operation |  -  |
 
diff --git a/sdks/java-v2/docs/OAuthTokenRefreshRequest.md b/sdks/java-v2/docs/OAuthTokenRefreshRequest.md
index 2b985fa91..f0ce43061 100644
--- a/sdks/java-v2/docs/OAuthTokenRefreshRequest.md
+++ b/sdks/java-v2/docs/OAuthTokenRefreshRequest.md
@@ -10,6 +10,8 @@
 |------------ | ------------- | ------------- | -------------|
 | `grantType`<sup>*_required_</sup> | ```String``` |  When refreshing an existing token use `refresh_token`.  |  |
 | `refreshToken`<sup>*_required_</sup> | ```String``` |  The token provided when you got the expired access token.  |  |
+| `clientId` | ```String``` |  The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  |  |
+| `clientSecret` | ```String``` |  The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  |  |
 
 
 
diff --git a/sdks/java-v2/src/main/java/com/dropbox/sign/api/OAuthApi.java b/sdks/java-v2/src/main/java/com/dropbox/sign/api/OAuthApi.java
index 98b580202..4d881a94e 100644
--- a/sdks/java-v2/src/main/java/com/dropbox/sign/api/OAuthApi.java
+++ b/sdks/java-v2/src/main/java/com/dropbox/sign/api/OAuthApi.java
@@ -8,6 +8,7 @@
 
 import jakarta.ws.rs.core.GenericType;
 
+import com.dropbox.sign.model.ErrorResponse;
 import com.dropbox.sign.model.OAuthTokenGenerateRequest;
 import com.dropbox.sign.model.OAuthTokenRefreshRequest;
 import com.dropbox.sign.model.OAuthTokenResponse;
@@ -58,6 +59,7 @@ public void setApiClient(ApiClient apiClient) {
      <table summary="Response Details" border="1">
        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
        <tr><td> 200 </td><td> successful operation </td><td>  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  </td></tr>
+       <tr><td> 4XX </td><td> failed_operation </td><td>  -  </td></tr>
      </table>
    */
   public OAuthTokenResponse oauthTokenGenerate(OAuthTokenGenerateRequest oauthTokenGenerateRequest) throws ApiException {
@@ -75,6 +77,7 @@ public OAuthTokenResponse oauthTokenGenerate(OAuthTokenGenerateRequest oauthToke
      <table summary="Response Details" border="1">
        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
        <tr><td> 200 </td><td> successful operation </td><td>  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  </td></tr>
+       <tr><td> 4XX </td><td> failed_operation </td><td>  -  </td></tr>
      </table>
    */
   public ApiResponse<OAuthTokenResponse> oauthTokenGenerateWithHttpInfo(OAuthTokenGenerateRequest oauthTokenGenerateRequest) throws ApiException {
@@ -116,6 +119,7 @@ public ApiResponse<OAuthTokenResponse> oauthTokenGenerateWithHttpInfo(OAuthToken
      <table summary="Response Details" border="1">
        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
        <tr><td> 200 </td><td> successful operation </td><td>  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  </td></tr>
+       <tr><td> 4XX </td><td> failed_operation </td><td>  -  </td></tr>
      </table>
    */
   public OAuthTokenResponse oauthTokenRefresh(OAuthTokenRefreshRequest oauthTokenRefreshRequest) throws ApiException {
@@ -133,6 +137,7 @@ public OAuthTokenResponse oauthTokenRefresh(OAuthTokenRefreshRequest oauthTokenR
      <table summary="Response Details" border="1">
        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
        <tr><td> 200 </td><td> successful operation </td><td>  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  </td></tr>
+       <tr><td> 4XX </td><td> failed_operation </td><td>  -  </td></tr>
      </table>
    */
   public ApiResponse<OAuthTokenResponse> oauthTokenRefreshWithHttpInfo(OAuthTokenRefreshRequest oauthTokenRefreshRequest) throws ApiException {
diff --git a/sdks/java-v2/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java b/sdks/java-v2/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java
index 28eb1cdfb..fafe689fc 100644
--- a/sdks/java-v2/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java
+++ b/sdks/java-v2/src/main/java/com/dropbox/sign/model/OAuthTokenRefreshRequest.java
@@ -34,7 +34,9 @@
  */
 @JsonPropertyOrder({
   OAuthTokenRefreshRequest.JSON_PROPERTY_GRANT_TYPE,
-  OAuthTokenRefreshRequest.JSON_PROPERTY_REFRESH_TOKEN
+  OAuthTokenRefreshRequest.JSON_PROPERTY_REFRESH_TOKEN,
+  OAuthTokenRefreshRequest.JSON_PROPERTY_CLIENT_ID,
+  OAuthTokenRefreshRequest.JSON_PROPERTY_CLIENT_SECRET
 })
 @jakarta.annotation.Generated(value = "org.openapitools.codegen.languages.JavaClientCodegen", comments = "Generator version: 7.8.0")
 @JsonIgnoreProperties(ignoreUnknown=true)
@@ -45,6 +47,12 @@ public class OAuthTokenRefreshRequest {
   public static final String JSON_PROPERTY_REFRESH_TOKEN = "refresh_token";
   private String refreshToken;
 
+  public static final String JSON_PROPERTY_CLIENT_ID = "client_id";
+  private String clientId;
+
+  public static final String JSON_PROPERTY_CLIENT_SECRET = "client_secret";
+  private String clientSecret;
+
   public OAuthTokenRefreshRequest() { 
   }
 
@@ -113,6 +121,56 @@ public void setRefreshToken(String refreshToken) {
   }
 
 
+  public OAuthTokenRefreshRequest clientId(String clientId) {
+    this.clientId = clientId;
+    return this;
+  }
+
+  /**
+   * The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \&quot;Client Credentials Required\&quot; setting is enabled for token refresh; optional if disabled.
+   * @return clientId
+   */
+  @jakarta.annotation.Nullable
+  @JsonProperty(JSON_PROPERTY_CLIENT_ID)
+  @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
+
+  public String getClientId() {
+    return clientId;
+  }
+
+
+  @JsonProperty(JSON_PROPERTY_CLIENT_ID)
+  @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
+  public void setClientId(String clientId) {
+    this.clientId = clientId;
+  }
+
+
+  public OAuthTokenRefreshRequest clientSecret(String clientSecret) {
+    this.clientSecret = clientSecret;
+    return this;
+  }
+
+  /**
+   * The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \&quot;Client Credentials Required\&quot; setting is enabled for token refresh; optional if disabled.
+   * @return clientSecret
+   */
+  @jakarta.annotation.Nullable
+  @JsonProperty(JSON_PROPERTY_CLIENT_SECRET)
+  @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
+
+  public String getClientSecret() {
+    return clientSecret;
+  }
+
+
+  @JsonProperty(JSON_PROPERTY_CLIENT_SECRET)
+  @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
+  public void setClientSecret(String clientSecret) {
+    this.clientSecret = clientSecret;
+  }
+
+
   /**
    * Return true if this OAuthTokenRefreshRequest object is equal to o.
    */
@@ -126,12 +184,14 @@ public boolean equals(Object o) {
     }
     OAuthTokenRefreshRequest oauthTokenRefreshRequest = (OAuthTokenRefreshRequest) o;
     return Objects.equals(this.grantType, oauthTokenRefreshRequest.grantType) &&
-        Objects.equals(this.refreshToken, oauthTokenRefreshRequest.refreshToken);
+        Objects.equals(this.refreshToken, oauthTokenRefreshRequest.refreshToken) &&
+        Objects.equals(this.clientId, oauthTokenRefreshRequest.clientId) &&
+        Objects.equals(this.clientSecret, oauthTokenRefreshRequest.clientSecret);
   }
 
   @Override
   public int hashCode() {
-    return Objects.hash(grantType, refreshToken);
+    return Objects.hash(grantType, refreshToken, clientId, clientSecret);
   }
 
   @Override
@@ -140,6 +200,8 @@ public String toString() {
     sb.append("class OAuthTokenRefreshRequest {\n");
     sb.append("    grantType: ").append(toIndentedString(grantType)).append("\n");
     sb.append("    refreshToken: ").append(toIndentedString(refreshToken)).append("\n");
+    sb.append("    clientId: ").append(toIndentedString(clientId)).append("\n");
+    sb.append("    clientSecret: ").append(toIndentedString(clientSecret)).append("\n");
     sb.append("}");
     return sb.toString();
   }
@@ -186,6 +248,44 @@ public Map<String, Object> createFormData() throws ApiException {
             map.put("refresh_token", JSON.getDefault().getMapper().writeValueAsString(refreshToken));
         }
     }
+    if (clientId != null) {
+        if (isFileTypeOrListOfFiles(clientId)) {
+            fileTypeFound = true;
+        }
+
+        if (clientId.getClass().equals(java.io.File.class) ||
+            clientId.getClass().equals(Integer.class) ||
+            clientId.getClass().equals(String.class) ||
+            clientId.getClass().isEnum()) {
+            map.put("client_id", clientId);
+        } else if (isListOfFile(clientId)) {
+            for(int i = 0; i< getListSize(clientId); i++) {
+                map.put("client_id[" + i + "]", getFromList(clientId, i));
+            }
+        }
+        else {
+            map.put("client_id", JSON.getDefault().getMapper().writeValueAsString(clientId));
+        }
+    }
+    if (clientSecret != null) {
+        if (isFileTypeOrListOfFiles(clientSecret)) {
+            fileTypeFound = true;
+        }
+
+        if (clientSecret.getClass().equals(java.io.File.class) ||
+            clientSecret.getClass().equals(Integer.class) ||
+            clientSecret.getClass().equals(String.class) ||
+            clientSecret.getClass().isEnum()) {
+            map.put("client_secret", clientSecret);
+        } else if (isListOfFile(clientSecret)) {
+            for(int i = 0; i< getListSize(clientSecret); i++) {
+                map.put("client_secret[" + i + "]", getFromList(clientSecret, i));
+            }
+        }
+        else {
+            map.put("client_secret", JSON.getDefault().getMapper().writeValueAsString(clientSecret));
+        }
+    }
     } catch (Exception e) {
         throw new ApiException(e);
     }
diff --git a/sdks/node/api/oAuthApi.ts b/sdks/node/api/oAuthApi.ts
index c1b080359..1478d53e0 100644
--- a/sdks/node/api/oAuthApi.ts
+++ b/sdks/node/api/oAuthApi.ts
@@ -236,6 +236,17 @@ export class OAuthApi {
               return;
             }
 
+            if (
+              handleErrorRangeResponse(
+                reject,
+                error.response,
+                "4XX",
+                "ErrorResponse"
+              )
+            ) {
+              return;
+            }
+
             reject(error);
           }
         );
@@ -361,6 +372,17 @@ export class OAuthApi {
               return;
             }
 
+            if (
+              handleErrorRangeResponse(
+                reject,
+                error.response,
+                "4XX",
+                "ErrorResponse"
+              )
+            ) {
+              return;
+            }
+
             reject(error);
           }
         );
diff --git a/sdks/node/dist/api.js b/sdks/node/dist/api.js
index 94fc0d284..d95c19e31 100644
--- a/sdks/node/dist/api.js
+++ b/sdks/node/dist/api.js
@@ -18331,6 +18331,16 @@ OAuthTokenRefreshRequest.attributeTypeMap = [
     name: "refreshToken",
     baseName: "refresh_token",
     type: "string"
+  },
+  {
+    name: "clientId",
+    baseName: "client_id",
+    type: "string"
+  },
+  {
+    name: "clientSecret",
+    baseName: "client_secret",
+    type: "string"
   }
 ];
 
@@ -27300,6 +27310,14 @@ var OAuthApi = class {
               )) {
                 return;
               }
+              if (handleErrorRangeResponse6(
+                reject,
+                error.response,
+                "4XX",
+                "ErrorResponse"
+              )) {
+                return;
+              }
               reject(error);
             }
           );
@@ -27395,6 +27413,14 @@ var OAuthApi = class {
               )) {
                 return;
               }
+              if (handleErrorRangeResponse6(
+                reject,
+                error.response,
+                "4XX",
+                "ErrorResponse"
+              )) {
+                return;
+              }
               reject(error);
             }
           );
@@ -27428,6 +27454,16 @@ function handleErrorCodeResponse6(reject, response, code, returnType) {
   reject(new HttpError(response, body, response.status));
   return true;
 }
+function handleErrorRangeResponse6(reject, response, code, returnType) {
+  let rangeCodeLeft = Number(code[0] + "00");
+  let rangeCodeRight = Number(code[0] + "99");
+  if (response.status >= rangeCodeLeft && response.status <= rangeCodeRight) {
+    const body = ObjectSerializer.deserialize(response.data, returnType);
+    reject(new HttpError(response, body, response.status));
+    return true;
+  }
+  return false;
+}
 
 // api/reportApi.ts
 var defaultBasePath7 = "https://api.hellosign.com/v3";
@@ -27573,7 +27609,7 @@ var ReportApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse6(
+                if (handleErrorRangeResponse7(
                   reject,
                   error.response,
                   "4XX",
@@ -27615,7 +27651,7 @@ function handleErrorCodeResponse7(reject, response, code, returnType) {
   reject(new HttpError(response, body, response.status));
   return true;
 }
-function handleErrorRangeResponse6(reject, response, code, returnType) {
+function handleErrorRangeResponse7(reject, response, code, returnType) {
   let rangeCodeLeft = Number(code[0] + "00");
   let rangeCodeRight = Number(code[0] + "99");
   if (response.status >= rangeCodeLeft && response.status <= rangeCodeRight) {
@@ -27770,7 +27806,7 @@ var SignatureRequestApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse7(
+                if (handleErrorRangeResponse8(
                   reject,
                   error.response,
                   "4XX",
@@ -27885,7 +27921,7 @@ var SignatureRequestApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse7(
+                if (handleErrorRangeResponse8(
                   reject,
                   error.response,
                   "4XX",
@@ -27968,7 +28004,7 @@ var SignatureRequestApi = class {
                 reject(error);
                 return;
               }
-              if (handleErrorRangeResponse7(
+              if (handleErrorRangeResponse8(
                 reject,
                 error.response,
                 "4XX",
@@ -28082,7 +28118,7 @@ var SignatureRequestApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse7(
+                if (handleErrorRangeResponse8(
                   reject,
                   error.response,
                   "4XX",
@@ -28197,7 +28233,7 @@ var SignatureRequestApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse7(
+                if (handleErrorRangeResponse8(
                   reject,
                   error.response,
                   "4XX",
@@ -28299,7 +28335,7 @@ var SignatureRequestApi = class {
               )) {
                 return;
               }
-              if (handleErrorRangeResponse7(
+              if (handleErrorRangeResponse8(
                 reject,
                 error.response,
                 "4XX",
@@ -28395,7 +28431,7 @@ var SignatureRequestApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse7(
+                if (handleErrorRangeResponse8(
                   reject,
                   error.response,
                   "4XX",
@@ -28497,7 +28533,7 @@ var SignatureRequestApi = class {
               )) {
                 return;
               }
-              if (handleErrorRangeResponse7(
+              if (handleErrorRangeResponse8(
                 reject,
                 error.response,
                 "4XX",
@@ -28593,7 +28629,7 @@ var SignatureRequestApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse7(
+                if (handleErrorRangeResponse8(
                   reject,
                   error.response,
                   "4XX",
@@ -28706,7 +28742,7 @@ var SignatureRequestApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse7(
+                if (handleErrorRangeResponse8(
                   reject,
                   error.response,
                   "4XX",
@@ -28803,7 +28839,7 @@ var SignatureRequestApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse7(
+                if (handleErrorRangeResponse8(
                   reject,
                   error.response,
                   "4XX",
@@ -28926,7 +28962,7 @@ var SignatureRequestApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse7(
+                if (handleErrorRangeResponse8(
                   reject,
                   error.response,
                   "4XX",
@@ -29004,7 +29040,7 @@ var SignatureRequestApi = class {
                 reject(error);
                 return;
               }
-              if (handleErrorRangeResponse7(
+              if (handleErrorRangeResponse8(
                 reject,
                 error.response,
                 "4XX",
@@ -29118,7 +29154,7 @@ var SignatureRequestApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse7(
+                if (handleErrorRangeResponse8(
                   reject,
                   error.response,
                   "4XX",
@@ -29233,7 +29269,7 @@ var SignatureRequestApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse7(
+                if (handleErrorRangeResponse8(
                   reject,
                   error.response,
                   "4XX",
@@ -29356,7 +29392,7 @@ var SignatureRequestApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse7(
+                if (handleErrorRangeResponse8(
                   reject,
                   error.response,
                   "4XX",
@@ -29398,7 +29434,7 @@ function handleErrorCodeResponse8(reject, response, code, returnType) {
   reject(new HttpError(response, body, response.status));
   return true;
 }
-function handleErrorRangeResponse7(reject, response, code, returnType) {
+function handleErrorRangeResponse8(reject, response, code, returnType) {
   let rangeCodeLeft = Number(code[0] + "00");
   let rangeCodeRight = Number(code[0] + "99");
   if (response.status >= rangeCodeLeft && response.status <= rangeCodeRight) {
@@ -29563,7 +29599,7 @@ var TeamApi = class {
               )) {
                 return;
               }
-              if (handleErrorRangeResponse8(
+              if (handleErrorRangeResponse9(
                 reject,
                 error.response,
                 "4XX",
@@ -29673,7 +29709,7 @@ var TeamApi = class {
               )) {
                 return;
               }
-              if (handleErrorRangeResponse8(
+              if (handleErrorRangeResponse9(
                 reject,
                 error.response,
                 "4XX",
@@ -29747,7 +29783,7 @@ var TeamApi = class {
                 reject(error);
                 return;
               }
-              if (handleErrorRangeResponse8(
+              if (handleErrorRangeResponse9(
                 reject,
                 error.response,
                 "4XX",
@@ -29834,7 +29870,7 @@ var TeamApi = class {
               )) {
                 return;
               }
-              if (handleErrorRangeResponse8(
+              if (handleErrorRangeResponse9(
                 reject,
                 error.response,
                 "4XX",
@@ -29928,7 +29964,7 @@ var TeamApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse8(
+                if (handleErrorRangeResponse9(
                   reject,
                   error.response,
                   "4XX",
@@ -30023,7 +30059,7 @@ var TeamApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse8(
+                if (handleErrorRangeResponse9(
                   reject,
                   error.response,
                   "4XX",
@@ -30132,7 +30168,7 @@ var TeamApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse8(
+                if (handleErrorRangeResponse9(
                   reject,
                   error.response,
                   "4XX",
@@ -30246,7 +30282,7 @@ var TeamApi = class {
               )) {
                 return;
               }
-              if (handleErrorRangeResponse8(
+              if (handleErrorRangeResponse9(
                 reject,
                 error.response,
                 "4XX",
@@ -30354,7 +30390,7 @@ var TeamApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse8(
+                if (handleErrorRangeResponse9(
                   reject,
                   error.response,
                   "4XX",
@@ -30465,7 +30501,7 @@ var TeamApi = class {
               )) {
                 return;
               }
-              if (handleErrorRangeResponse8(
+              if (handleErrorRangeResponse9(
                 reject,
                 error.response,
                 "4XX",
@@ -30506,7 +30542,7 @@ function handleErrorCodeResponse9(reject, response, code, returnType) {
   reject(new HttpError(response, body, response.status));
   return true;
 }
-function handleErrorRangeResponse8(reject, response, code, returnType) {
+function handleErrorRangeResponse9(reject, response, code, returnType) {
   let rangeCodeLeft = Number(code[0] + "00");
   let rangeCodeRight = Number(code[0] + "99");
   if (response.status >= rangeCodeLeft && response.status <= rangeCodeRight) {
@@ -30674,7 +30710,7 @@ var TemplateApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse9(
+                if (handleErrorRangeResponse10(
                   reject,
                   error.response,
                   "4XX",
@@ -30789,7 +30825,7 @@ var TemplateApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse9(
+                if (handleErrorRangeResponse10(
                   reject,
                   error.response,
                   "4XX",
@@ -30904,7 +30940,7 @@ var TemplateApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse9(
+                if (handleErrorRangeResponse10(
                   reject,
                   error.response,
                   "4XX",
@@ -30987,7 +31023,7 @@ var TemplateApi = class {
                 reject(error);
                 return;
               }
-              if (handleErrorRangeResponse9(
+              if (handleErrorRangeResponse10(
                 reject,
                 error.response,
                 "4XX",
@@ -31088,7 +31124,7 @@ var TemplateApi = class {
               )) {
                 return;
               }
-              if (handleErrorRangeResponse9(
+              if (handleErrorRangeResponse10(
                 reject,
                 error.response,
                 "4XX",
@@ -31184,7 +31220,7 @@ var TemplateApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse9(
+                if (handleErrorRangeResponse10(
                   reject,
                   error.response,
                   "4XX",
@@ -31286,7 +31322,7 @@ var TemplateApi = class {
               )) {
                 return;
               }
-              if (handleErrorRangeResponse9(
+              if (handleErrorRangeResponse10(
                 reject,
                 error.response,
                 "4XX",
@@ -31382,7 +31418,7 @@ var TemplateApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse9(
+                if (handleErrorRangeResponse10(
                   reject,
                   error.response,
                   "4XX",
@@ -31495,7 +31531,7 @@ var TemplateApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse9(
+                if (handleErrorRangeResponse10(
                   reject,
                   error.response,
                   "4XX",
@@ -31618,7 +31654,7 @@ var TemplateApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse9(
+                if (handleErrorRangeResponse10(
                   reject,
                   error.response,
                   "4XX",
@@ -31741,7 +31777,7 @@ var TemplateApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse9(
+                if (handleErrorRangeResponse10(
                   reject,
                   error.response,
                   "4XX",
@@ -31783,7 +31819,7 @@ function handleErrorCodeResponse10(reject, response, code, returnType) {
   reject(new HttpError(response, body, response.status));
   return true;
 }
-function handleErrorRangeResponse9(reject, response, code, returnType) {
+function handleErrorRangeResponse10(reject, response, code, returnType) {
   let rangeCodeLeft = Number(code[0] + "00");
   let rangeCodeRight = Number(code[0] + "99");
   if (response.status >= rangeCodeLeft && response.status <= rangeCodeRight) {
@@ -31943,7 +31979,7 @@ var UnclaimedDraftApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse10(
+                if (handleErrorRangeResponse11(
                   reject,
                   error.response,
                   "4XX",
@@ -32058,7 +32094,7 @@ var UnclaimedDraftApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse10(
+                if (handleErrorRangeResponse11(
                   reject,
                   error.response,
                   "4XX",
@@ -32173,7 +32209,7 @@ var UnclaimedDraftApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse10(
+                if (handleErrorRangeResponse11(
                   reject,
                   error.response,
                   "4XX",
@@ -32296,7 +32332,7 @@ var UnclaimedDraftApi = class {
                 )) {
                   return;
                 }
-                if (handleErrorRangeResponse10(
+                if (handleErrorRangeResponse11(
                   reject,
                   error.response,
                   "4XX",
@@ -32338,7 +32374,7 @@ function handleErrorCodeResponse11(reject, response, code, returnType) {
   reject(new HttpError(response, body, response.status));
   return true;
 }
-function handleErrorRangeResponse10(reject, response, code, returnType) {
+function handleErrorRangeResponse11(reject, response, code, returnType) {
   let rangeCodeLeft = Number(code[0] + "00");
   let rangeCodeRight = Number(code[0] + "99");
   if (response.status >= rangeCodeLeft && response.status <= rangeCodeRight) {
diff --git a/sdks/node/docs/model/OAuthTokenRefreshRequest.md b/sdks/node/docs/model/OAuthTokenRefreshRequest.md
index d5dc06d1b..8a24bdc15 100644
--- a/sdks/node/docs/model/OAuthTokenRefreshRequest.md
+++ b/sdks/node/docs/model/OAuthTokenRefreshRequest.md
@@ -8,5 +8,7 @@ Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 | `grantType`<sup>*_required_</sup> | ```string``` |  When refreshing an existing token use `refresh_token`.  |  [default to 'refresh_token'] |
 | `refreshToken`<sup>*_required_</sup> | ```string``` |  The token provided when you got the expired access token.  |  |
+| `clientId` | ```string``` |  The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  |  |
+| `clientSecret` | ```string``` |  The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  |  |
 
 [[Back to Model list]](../../README.md#models) [[Back to API list]](../../README.md#endpoints) [[Back to README]](../../README.md)
diff --git a/sdks/node/model/oAuthTokenRefreshRequest.ts b/sdks/node/model/oAuthTokenRefreshRequest.ts
index e6c6848b6..2f8971dd5 100644
--- a/sdks/node/model/oAuthTokenRefreshRequest.ts
+++ b/sdks/node/model/oAuthTokenRefreshRequest.ts
@@ -33,6 +33,14 @@ export class OAuthTokenRefreshRequest {
    * The token provided when you got the expired access token.
    */
   "refreshToken": string;
+  /**
+   * The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+   */
+  "clientId"?: string;
+  /**
+   * The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+   */
+  "clientSecret"?: string;
 
   static discriminator: string | undefined = undefined;
 
@@ -47,6 +55,16 @@ export class OAuthTokenRefreshRequest {
       baseName: "refresh_token",
       type: "string",
     },
+    {
+      name: "clientId",
+      baseName: "client_id",
+      type: "string",
+    },
+    {
+      name: "clientSecret",
+      baseName: "client_secret",
+      type: "string",
+    },
   ];
 
   static getAttributeTypeMap(): AttributeTypeMap {
diff --git a/sdks/node/types/model/oAuthTokenRefreshRequest.d.ts b/sdks/node/types/model/oAuthTokenRefreshRequest.d.ts
index 53211884e..71f3d108f 100644
--- a/sdks/node/types/model/oAuthTokenRefreshRequest.d.ts
+++ b/sdks/node/types/model/oAuthTokenRefreshRequest.d.ts
@@ -2,6 +2,8 @@ import { AttributeTypeMap } from "./";
 export declare class OAuthTokenRefreshRequest {
     "grantType": string;
     "refreshToken": string;
+    "clientId"?: string;
+    "clientSecret"?: string;
     static discriminator: string | undefined;
     static attributeTypeMap: AttributeTypeMap;
     static getAttributeTypeMap(): AttributeTypeMap;
diff --git a/sdks/php/docs/Model/OAuthTokenRefreshRequest.md b/sdks/php/docs/Model/OAuthTokenRefreshRequest.md
index c9525386c..9ba09db42 100644
--- a/sdks/php/docs/Model/OAuthTokenRefreshRequest.md
+++ b/sdks/php/docs/Model/OAuthTokenRefreshRequest.md
@@ -8,5 +8,7 @@ Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 | `grant_type`<sup>*_required_</sup> | ```string``` |  When refreshing an existing token use `refresh_token`.  |  [default to 'refresh_token'] |
 | `refresh_token`<sup>*_required_</sup> | ```string``` |  The token provided when you got the expired access token.  |  |
+| `client_id` | ```string``` |  The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  |  |
+| `client_secret` | ```string``` |  The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  |  |
 
 [[Back to Model list]](../../README.md#models) [[Back to API list]](../../README.md#endpoints) [[Back to README]](../../README.md)
diff --git a/sdks/php/src/Api/OAuthApi.php b/sdks/php/src/Api/OAuthApi.php
index 6fa77398a..81468626d 100644
--- a/sdks/php/src/Api/OAuthApi.php
+++ b/sdks/php/src/Api/OAuthApi.php
@@ -211,6 +211,15 @@ public function oauthTokenGenerateWithHttpInfo(Model\OAuthTokenGenerateRequest $
                 );
             }
 
+            $result = $this->handleRangeCodeResponse(
+                $response,
+                '4XX',
+                '\Dropbox\Sign\Model\ErrorResponse'
+            );
+            if ($result) {
+                return $result;
+            }
+
             switch ($statusCode) {
                 case 200:
                     if ('\Dropbox\Sign\Model\OAuthTokenResponse' === '\SplFileObject') {
@@ -269,6 +278,9 @@ public function oauthTokenGenerateWithHttpInfo(Model\OAuthTokenGenerateRequest $
                 $response->getHeaders(),
             ];
         } catch (ApiException $e) {
+            if ($this->handleRangeCodeException($e, '4XX', '\Dropbox\Sign\Model\ErrorResponse')) {
+                throw $e;
+            }
             switch ($e->getCode()) {
                 case 200:
                     $data = ObjectSerializer::deserialize(
@@ -582,6 +594,15 @@ public function oauthTokenRefreshWithHttpInfo(Model\OAuthTokenRefreshRequest $o_
                 );
             }
 
+            $result = $this->handleRangeCodeResponse(
+                $response,
+                '4XX',
+                '\Dropbox\Sign\Model\ErrorResponse'
+            );
+            if ($result) {
+                return $result;
+            }
+
             switch ($statusCode) {
                 case 200:
                     if ('\Dropbox\Sign\Model\OAuthTokenResponse' === '\SplFileObject') {
@@ -640,6 +661,9 @@ public function oauthTokenRefreshWithHttpInfo(Model\OAuthTokenRefreshRequest $o_
                 $response->getHeaders(),
             ];
         } catch (ApiException $e) {
+            if ($this->handleRangeCodeException($e, '4XX', '\Dropbox\Sign\Model\ErrorResponse')) {
+                throw $e;
+            }
             switch ($e->getCode()) {
                 case 200:
                     $data = ObjectSerializer::deserialize(
diff --git a/sdks/php/src/Model/OAuthTokenRefreshRequest.php b/sdks/php/src/Model/OAuthTokenRefreshRequest.php
index c4c7f93be..11cf05a3b 100644
--- a/sdks/php/src/Model/OAuthTokenRefreshRequest.php
+++ b/sdks/php/src/Model/OAuthTokenRefreshRequest.php
@@ -59,6 +59,8 @@ class OAuthTokenRefreshRequest implements ModelInterface, ArrayAccess, JsonSeria
     protected static $openAPITypes = [
         'grant_type' => 'string',
         'refresh_token' => 'string',
+        'client_id' => 'string',
+        'client_secret' => 'string',
     ];
 
     /**
@@ -71,6 +73,8 @@ class OAuthTokenRefreshRequest implements ModelInterface, ArrayAccess, JsonSeria
     protected static $openAPIFormats = [
         'grant_type' => null,
         'refresh_token' => null,
+        'client_id' => null,
+        'client_secret' => null,
     ];
 
     /**
@@ -81,6 +85,8 @@ class OAuthTokenRefreshRequest implements ModelInterface, ArrayAccess, JsonSeria
     protected static array $openAPINullables = [
         'grant_type' => false,
         'refresh_token' => false,
+        'client_id' => false,
+        'client_secret' => false,
     ];
 
     /**
@@ -163,6 +169,8 @@ public function isNullableSetToNull(string $property): bool
     protected static $attributeMap = [
         'grant_type' => 'grant_type',
         'refresh_token' => 'refresh_token',
+        'client_id' => 'client_id',
+        'client_secret' => 'client_secret',
     ];
 
     /**
@@ -173,6 +181,8 @@ public function isNullableSetToNull(string $property): bool
     protected static $setters = [
         'grant_type' => 'setGrantType',
         'refresh_token' => 'setRefreshToken',
+        'client_id' => 'setClientId',
+        'client_secret' => 'setClientSecret',
     ];
 
     /**
@@ -183,6 +193,8 @@ public function isNullableSetToNull(string $property): bool
     protected static $getters = [
         'grant_type' => 'getGrantType',
         'refresh_token' => 'getRefreshToken',
+        'client_id' => 'getClientId',
+        'client_secret' => 'getClientSecret',
     ];
 
     /**
@@ -243,6 +255,8 @@ public function __construct(array $data = null)
     {
         $this->setIfExists('grant_type', $data ?? [], 'refresh_token');
         $this->setIfExists('refresh_token', $data ?? [], null);
+        $this->setIfExists('client_id', $data ?? [], null);
+        $this->setIfExists('client_secret', $data ?? [], null);
     }
 
     /**
@@ -364,6 +378,60 @@ public function setRefreshToken(string $refresh_token)
         return $this;
     }
 
+    /**
+     * Gets client_id
+     *
+     * @return string|null
+     */
+    public function getClientId()
+    {
+        return $this->container['client_id'];
+    }
+
+    /**
+     * Sets client_id
+     *
+     * @param string|null $client_id The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+     *
+     * @return self
+     */
+    public function setClientId(?string $client_id)
+    {
+        if (is_null($client_id)) {
+            throw new InvalidArgumentException('non-nullable client_id cannot be null');
+        }
+        $this->container['client_id'] = $client_id;
+
+        return $this;
+    }
+
+    /**
+     * Gets client_secret
+     *
+     * @return string|null
+     */
+    public function getClientSecret()
+    {
+        return $this->container['client_secret'];
+    }
+
+    /**
+     * Sets client_secret
+     *
+     * @param string|null $client_secret The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+     *
+     * @return self
+     */
+    public function setClientSecret(?string $client_secret)
+    {
+        if (is_null($client_secret)) {
+            throw new InvalidArgumentException('non-nullable client_secret cannot be null');
+        }
+        $this->container['client_secret'] = $client_secret;
+
+        return $this;
+    }
+
     /**
      * Returns true if offset exists. False otherwise.
      *
diff --git a/sdks/python/docs/OAuthApi.md b/sdks/python/docs/OAuthApi.md
index 969109c45..b26775683 100644
--- a/sdks/python/docs/OAuthApi.md
+++ b/sdks/python/docs/OAuthApi.md
@@ -67,6 +67,7 @@ No authorization required
 | Status code | Description | Response headers |
 |-------------|-------------|------------------|
 **200** | successful operation |  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  |
+**4XX** | failed_operation |  -  |
 
 [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
 
@@ -126,6 +127,7 @@ No authorization required
 | Status code | Description | Response headers |
 |-------------|-------------|------------------|
 **200** | successful operation |  * X-RateLimit-Limit -  <br>  * X-RateLimit-Remaining -  <br>  * X-Ratelimit-Reset -  <br>  |
+**4XX** | failed_operation |  -  |
 
 [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
 
diff --git a/sdks/python/docs/OAuthTokenRefreshRequest.md b/sdks/python/docs/OAuthTokenRefreshRequest.md
index 9322c48d6..87662c9e1 100644
--- a/sdks/python/docs/OAuthTokenRefreshRequest.md
+++ b/sdks/python/docs/OAuthTokenRefreshRequest.md
@@ -7,6 +7,8 @@ Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 | `grant_type`<sup>*_required_</sup> | ```str``` |  When refreshing an existing token use `refresh_token`.  |  [default to 'refresh_token'] |
 | `refresh_token`<sup>*_required_</sup> | ```str``` |  The token provided when you got the expired access token.  |  |
+| `client_id` | ```str``` |  The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  |  |
+| `client_secret` | ```str``` |  The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  |  |
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 
diff --git a/sdks/python/dropbox_sign/api/o_auth_api.py b/sdks/python/dropbox_sign/api/o_auth_api.py
index d5035a186..bedd1bfff 100644
--- a/sdks/python/dropbox_sign/api/o_auth_api.py
+++ b/sdks/python/dropbox_sign/api/o_auth_api.py
@@ -93,6 +93,7 @@ def oauth_token_generate(
 
         _response_types_map: Dict[str, Optional[str]] = {
             "200": "OAuthTokenResponse",
+            "4XX": "ErrorResponse",
         }
         response_data = self.api_client.call_api(
             *_param, _request_timeout=_request_timeout
@@ -157,6 +158,7 @@ def oauth_token_generate_with_http_info(
 
         _response_types_map: Dict[str, Optional[str]] = {
             "200": "OAuthTokenResponse",
+            "4XX": "ErrorResponse",
         }
         response_data = self.api_client.call_api(
             *_param, _request_timeout=_request_timeout
@@ -221,6 +223,7 @@ def oauth_token_generate_without_preload_content(
 
         _response_types_map: Dict[str, Optional[str]] = {
             "200": "OAuthTokenResponse",
+            "4XX": "ErrorResponse",
         }
         response_data = self.api_client.call_api(
             *_param, _request_timeout=_request_timeout
@@ -366,6 +369,7 @@ def oauth_token_refresh(
 
         _response_types_map: Dict[str, Optional[str]] = {
             "200": "OAuthTokenResponse",
+            "4XX": "ErrorResponse",
         }
         response_data = self.api_client.call_api(
             *_param, _request_timeout=_request_timeout
@@ -430,6 +434,7 @@ def oauth_token_refresh_with_http_info(
 
         _response_types_map: Dict[str, Optional[str]] = {
             "200": "OAuthTokenResponse",
+            "4XX": "ErrorResponse",
         }
         response_data = self.api_client.call_api(
             *_param, _request_timeout=_request_timeout
@@ -494,6 +499,7 @@ def oauth_token_refresh_without_preload_content(
 
         _response_types_map: Dict[str, Optional[str]] = {
             "200": "OAuthTokenResponse",
+            "4XX": "ErrorResponse",
         }
         response_data = self.api_client.call_api(
             *_param, _request_timeout=_request_timeout
diff --git a/sdks/python/dropbox_sign/models/o_auth_token_refresh_request.py b/sdks/python/dropbox_sign/models/o_auth_token_refresh_request.py
index 09535d939..573036386 100644
--- a/sdks/python/dropbox_sign/models/o_auth_token_refresh_request.py
+++ b/sdks/python/dropbox_sign/models/o_auth_token_refresh_request.py
@@ -19,7 +19,7 @@
 import json
 
 from pydantic import BaseModel, ConfigDict, Field, StrictStr
-from typing import Any, ClassVar, Dict, List
+from typing import Any, ClassVar, Dict, List, Optional
 from typing import Optional, Set, Tuple
 from typing_extensions import Self
 import io
@@ -38,7 +38,20 @@ class OAuthTokenRefreshRequest(BaseModel):
     refresh_token: StrictStr = Field(
         description="The token provided when you got the expired access token."
     )
-    __properties: ClassVar[List[str]] = ["grant_type", "refresh_token"]
+    client_id: Optional[StrictStr] = Field(
+        default=None,
+        description='The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.',
+    )
+    client_secret: Optional[StrictStr] = Field(
+        default=None,
+        description='The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.',
+    )
+    __properties: ClassVar[List[str]] = [
+        "grant_type",
+        "refresh_token",
+        "client_id",
+        "client_secret",
+    ]
 
     model_config = ConfigDict(
         populate_by_name=True,
@@ -109,6 +122,8 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
                     else "refresh_token"
                 ),
                 "refresh_token": obj.get("refresh_token"),
+                "client_id": obj.get("client_id"),
+                "client_secret": obj.get("client_secret"),
             }
         )
         return _obj
@@ -128,6 +143,8 @@ def openapi_types(cls) -> Dict[str, str]:
         return {
             "grant_type": "(str,)",
             "refresh_token": "(str,)",
+            "client_id": "(str,)",
+            "client_secret": "(str,)",
         }
 
     @classmethod
diff --git a/sdks/ruby/docs/OAuthTokenRefreshRequest.md b/sdks/ruby/docs/OAuthTokenRefreshRequest.md
index fe729fe82..4bd1757c8 100644
--- a/sdks/ruby/docs/OAuthTokenRefreshRequest.md
+++ b/sdks/ruby/docs/OAuthTokenRefreshRequest.md
@@ -8,4 +8,6 @@
 | ---- | ---- | ----------- | ----- |
 | `grant_type`<sup>*_required_</sup> | ```String``` |  When refreshing an existing token use `refresh_token`.  |  [default to 'refresh_token'] |
 | `refresh_token`<sup>*_required_</sup> | ```String``` |  The token provided when you got the expired access token.  |  |
+| `client_id` | ```String``` |  The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  |  |
+| `client_secret` | ```String``` |  The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the &quot;Client Credentials Required&quot; setting is enabled for token refresh; optional if disabled.  |  |
 
diff --git a/sdks/ruby/lib/dropbox-sign/api/o_auth_api.rb b/sdks/ruby/lib/dropbox-sign/api/o_auth_api.rb
index eb0c67745..6e9d748e8 100644
--- a/sdks/ruby/lib/dropbox-sign/api/o_auth_api.rb
+++ b/sdks/ruby/lib/dropbox-sign/api/o_auth_api.rb
@@ -108,6 +108,20 @@ def oauth_token_generate_with_http_info(o_auth_token_generate_request, opts = {}
                e.message
         end
 
+        range_code = "4XX".split('').first
+        range_code_left = "#{range_code}00".to_i
+        range_code_right = "#{range_code}99".to_i
+        if e.code >= range_code_left && e.code <= range_code_right
+          body = @api_client.convert_to_type(
+            JSON.parse("[#{e.response_body}]", :symbolize_names => true)[0],
+            "Dropbox::Sign::ErrorResponse"
+          )
+
+          fail ApiError.new(:code => e.code,
+                            :response_headers => e.response_headers,
+                            :response_body => body),
+               e.message
+        end
 
       end
 
@@ -203,6 +217,20 @@ def oauth_token_refresh_with_http_info(o_auth_token_refresh_request, opts = {})
                e.message
         end
 
+        range_code = "4XX".split('').first
+        range_code_left = "#{range_code}00".to_i
+        range_code_right = "#{range_code}99".to_i
+        if e.code >= range_code_left && e.code <= range_code_right
+          body = @api_client.convert_to_type(
+            JSON.parse("[#{e.response_body}]", :symbolize_names => true)[0],
+            "Dropbox::Sign::ErrorResponse"
+          )
+
+          fail ApiError.new(:code => e.code,
+                            :response_headers => e.response_headers,
+                            :response_body => body),
+               e.message
+        end
 
       end
 
diff --git a/sdks/ruby/lib/dropbox-sign/models/o_auth_token_refresh_request.rb b/sdks/ruby/lib/dropbox-sign/models/o_auth_token_refresh_request.rb
index 7628e0b2e..3ac73212e 100644
--- a/sdks/ruby/lib/dropbox-sign/models/o_auth_token_refresh_request.rb
+++ b/sdks/ruby/lib/dropbox-sign/models/o_auth_token_refresh_request.rb
@@ -26,11 +26,21 @@ class OAuthTokenRefreshRequest
     # @return [String]
     attr_accessor :refresh_token
 
+    # The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+    # @return [String]
+    attr_accessor :client_id
+
+    # The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the \"Client Credentials Required\" setting is enabled for token refresh; optional if disabled.
+    # @return [String]
+    attr_accessor :client_secret
+
     # Attribute mapping from ruby-style variable name to JSON key.
     def self.attribute_map
       {
         :'grant_type' => :'grant_type',
-        :'refresh_token' => :'refresh_token'
+        :'refresh_token' => :'refresh_token',
+        :'client_id' => :'client_id',
+        :'client_secret' => :'client_secret'
       }
     end
 
@@ -43,7 +53,9 @@ def self.acceptable_attributes
     def self.openapi_types
       {
         :'grant_type' => :'String',
-        :'refresh_token' => :'String'
+        :'refresh_token' => :'String',
+        :'client_id' => :'String',
+        :'client_secret' => :'String'
       }
     end
 
@@ -102,6 +114,14 @@ def initialize(attributes = {})
       if attributes.key?(:'refresh_token')
         self.refresh_token = attributes[:'refresh_token']
       end
+
+      if attributes.key?(:'client_id')
+        self.client_id = attributes[:'client_id']
+      end
+
+      if attributes.key?(:'client_secret')
+        self.client_secret = attributes[:'client_secret']
+      end
     end
 
     # Show invalid properties with the reasons. Usually used together with valid?
@@ -133,7 +153,9 @@ def ==(o)
       return true if self.equal?(o)
       self.class == o.class &&
           grant_type == o.grant_type &&
-          refresh_token == o.refresh_token
+          refresh_token == o.refresh_token &&
+          client_id == o.client_id &&
+          client_secret == o.client_secret
     end
 
     # @see the `==` method
@@ -145,7 +167,7 @@ def eql?(o)
     # Calculates hash code according to all attributes.
     # @return [Integer] Hash code
     def hash
-      [grant_type, refresh_token].hash
+      [grant_type, refresh_token, client_id, client_secret].hash
     end
 
     # Builds the object from hash
diff --git a/translations/en.yaml b/translations/en.yaml
index 5cbf3ca41..74340f9bb 100644
--- a/translations/en.yaml
+++ b/translations/en.yaml
@@ -183,6 +183,8 @@
 "OAuthTokenRefresh::DESCRIPTION": Access tokens are only valid for a given period of time (typically one hour) for security reasons. Whenever acquiring an new access token its TTL is also given (see `expires_in`), along with a refresh token that can be used to acquire a new access token after the current one has expired.
 "OAuthTokenRefresh::GRANT_TYPE": When refreshing an existing token use `refresh_token`.
 "OAuthTokenRefresh::REFRESH_TOKEN": The token provided when you got the expired access token.
+"OAuthTokenRefresh::CLIENT_ID": The client ID for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.
+"OAuthTokenRefresh::CLIENT_SECRET": The client secret for your API app. Mandatory from August 1st, 2025. Until then, required if the "Client Credentials Required" setting is enabled for token refresh; optional if disabled.
 
 "ReportCreate::SUMMARY": Create Report
 "ReportCreate::DESCRIPTION": |-