diff --git a/go/internal/openapi/api_endpoint.go b/go/internal/openapi/api_endpoint.go
index b6746eea1..74775588a 100644
--- a/go/internal/openapi/api_endpoint.go
+++ b/go/internal/openapi/api_endpoint.go
@@ -1174,6 +1174,201 @@ func (a *EndpointAPIService) V1EndpointGetHeadersExecute(r ApiV1EndpointGetHeade
 	return localVarReturnValue, localVarHTTPResponse, nil
 }
 
+type ApiV1EndpointGetOauthConfigRequest struct {
+	ctx context.Context
+	ApiService *EndpointAPIService
+	appId string
+	endpointId string
+}
+
+func (r ApiV1EndpointGetOauthConfigRequest) Execute() (*EndpointOauthConfigOut, *http.Response, error) {
+	return r.ApiService.V1EndpointGetOauthConfigExecute(r)
+}
+
+/*
+V1EndpointGetOauthConfig Get Endpoint Oauth Config
+
+Get endpoint OAuth configuration.
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @param appId The app's ID or UID
+ @param endpointId The ep's ID or UID
+ @return ApiV1EndpointGetOauthConfigRequest
+*/
+func (a *EndpointAPIService) V1EndpointGetOauthConfig(ctx context.Context, appId string, endpointId string) ApiV1EndpointGetOauthConfigRequest {
+	return ApiV1EndpointGetOauthConfigRequest{
+		ApiService: a,
+		ctx: ctx,
+		appId: appId,
+		endpointId: endpointId,
+	}
+}
+
+// Execute executes the request
+//  @return EndpointOauthConfigOut
+func (a *EndpointAPIService) V1EndpointGetOauthConfigExecute(r ApiV1EndpointGetOauthConfigRequest) (*EndpointOauthConfigOut, *http.Response, error) {
+	var (
+		localVarHTTPMethod   = http.MethodGet
+		localVarPostBody     interface{}
+		formFiles            []formFile
+		localVarReturnValue  *EndpointOauthConfigOut
+	)
+
+	localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "EndpointAPIService.V1EndpointGetOauthConfig")
+	if err != nil {
+		return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v1/app/{app_id}/endpoint/{endpoint_id}/oauth"
+	localVarPath = strings.Replace(localVarPath, "{"+"app_id"+"}", url.PathEscape(parameterValueToString(r.appId, "appId")), -1)
+	localVarPath = strings.Replace(localVarPath, "{"+"endpoint_id"+"}", url.PathEscape(parameterValueToString(r.endpointId, "endpointId")), -1)
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := url.Values{}
+	localVarFormParams := url.Values{}
+	if strlen(r.appId) < 1 {
+		return localVarReturnValue, nil, reportError("appId must have at least 1 elements")
+	}
+	if strlen(r.appId) > 256 {
+		return localVarReturnValue, nil, reportError("appId must have less than 256 elements")
+	}
+	if strlen(r.endpointId) < 1 {
+		return localVarReturnValue, nil, reportError("endpointId must have at least 1 elements")
+	}
+	if strlen(r.endpointId) > 256 {
+		return localVarReturnValue, nil, reportError("endpointId must have less than 256 elements")
+	}
+
+	// to determine the Content-Type header
+	localVarHTTPContentTypes := []string{}
+
+	// set Content-Type header
+	localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+	if localVarHTTPContentType != "" {
+		localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+	}
+
+	// to determine the Accept header
+	localVarHTTPHeaderAccepts := []string{"application/json"}
+
+	// set Accept header
+	localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+	if localVarHTTPHeaderAccept != "" {
+		localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+	}
+	req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.client.callAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+	localVarHTTPResponse.Body.Close()
+	localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 {
+			var v HttpErrorOut
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+					newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
+					newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 401 {
+			var v HttpErrorOut
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+					newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
+					newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 403 {
+			var v HttpErrorOut
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+					newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
+					newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v HttpErrorOut
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+					newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
+					newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 409 {
+			var v HttpErrorOut
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+					newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
+					newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 422 {
+			var v HTTPValidationError
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+					newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
+					newErr.model = v
+			return localVarReturnValue, localVarHTTPResponse, newErr
+		}
+		if localVarHTTPResponse.StatusCode == 429 {
+			var v HttpErrorOut
+			err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				newErr.error = err.Error()
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+					newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
+					newErr.model = v
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := &GenericOpenAPIError{
+			body:  localVarBody,
+			error: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
 type ApiV1EndpointGetSecretRequest struct {
 	ctx context.Context
 	ApiService *EndpointAPIService
diff --git a/go/internal/openapi/model_endpoint_oauth_config_in.go b/go/internal/openapi/model_endpoint_oauth_config_in.go
index 37648820f..9422bf0b8 100644
--- a/go/internal/openapi/model_endpoint_oauth_config_in.go
+++ b/go/internal/openapi/model_endpoint_oauth_config_in.go
@@ -21,14 +21,14 @@ var _ MappedNullable = &EndpointOauthConfigIn{}
 
 // EndpointOauthConfigIn struct for EndpointOauthConfigIn
 type EndpointOauthConfigIn struct {
-	AuthMethod Oauth2AuthMethodIn `json:"authMethod"`
+	AuthMethod Oauth2AuthMethodInOut `json:"authMethod"`
 	// The client ID. Required for all authentication types.
 	ClientId string `json:"clientId"`
 	// Optional client secret. This is only used for `clientSecretBasic` and `clientSecretPost`.  For `clientSecretBasic`, the secret will be appended to the `Authorization` header. For `clientSecretPost`, this will be added to the body in a `client_secret` parameter.
 	ClientSecret *string `json:"clientSecret,omitempty"`
 	// Extra parameters added to the request body as key-value pairs.
 	ExtraParams *map[string]string `json:"extraParams,omitempty"`
-	GrantType Oauth2GrantTypeIn `json:"grantType"`
+	GrantType Oauth2GrantTypeInOut `json:"grantType"`
 	JwtParams *ClientSecretJwtParamsIn `json:"jwtParams,omitempty"`
 	// For `refreshToken` grant type.
 	RefreshToken *string `json:"refreshToken,omitempty"`
@@ -44,7 +44,7 @@ type _EndpointOauthConfigIn EndpointOauthConfigIn
 // This constructor will assign default values to properties that have it defined,
 // and makes sure properties required by API are set, but the set of arguments
 // will change when the set of required properties is changed
-func NewEndpointOauthConfigIn(authMethod Oauth2AuthMethodIn, clientId string, grantType Oauth2GrantTypeIn, tokenUrl string) *EndpointOauthConfigIn {
+func NewEndpointOauthConfigIn(authMethod Oauth2AuthMethodInOut, clientId string, grantType Oauth2GrantTypeInOut, tokenUrl string) *EndpointOauthConfigIn {
 	this := EndpointOauthConfigIn{}
 	this.AuthMethod = authMethod
 	this.ClientId = clientId
@@ -62,9 +62,9 @@ func NewEndpointOauthConfigInWithDefaults() *EndpointOauthConfigIn {
 }
 
 // GetAuthMethod returns the AuthMethod field value
-func (o *EndpointOauthConfigIn) GetAuthMethod() Oauth2AuthMethodIn {
+func (o *EndpointOauthConfigIn) GetAuthMethod() Oauth2AuthMethodInOut {
 	if o == nil {
-		var ret Oauth2AuthMethodIn
+		var ret Oauth2AuthMethodInOut
 		return ret
 	}
 
@@ -73,7 +73,7 @@ func (o *EndpointOauthConfigIn) GetAuthMethod() Oauth2AuthMethodIn {
 
 // GetAuthMethodOk returns a tuple with the AuthMethod field value
 // and a boolean to check if the value has been set.
-func (o *EndpointOauthConfigIn) GetAuthMethodOk() (*Oauth2AuthMethodIn, bool) {
+func (o *EndpointOauthConfigIn) GetAuthMethodOk() (*Oauth2AuthMethodInOut, bool) {
 	if o == nil {
 		return nil, false
 	}
@@ -81,7 +81,7 @@ func (o *EndpointOauthConfigIn) GetAuthMethodOk() (*Oauth2AuthMethodIn, bool) {
 }
 
 // SetAuthMethod sets field value
-func (o *EndpointOauthConfigIn) SetAuthMethod(v Oauth2AuthMethodIn) {
+func (o *EndpointOauthConfigIn) SetAuthMethod(v Oauth2AuthMethodInOut) {
 	o.AuthMethod = v
 }
 
@@ -174,9 +174,9 @@ func (o *EndpointOauthConfigIn) SetExtraParams(v map[string]string) {
 }
 
 // GetGrantType returns the GrantType field value
-func (o *EndpointOauthConfigIn) GetGrantType() Oauth2GrantTypeIn {
+func (o *EndpointOauthConfigIn) GetGrantType() Oauth2GrantTypeInOut {
 	if o == nil {
-		var ret Oauth2GrantTypeIn
+		var ret Oauth2GrantTypeInOut
 		return ret
 	}
 
@@ -185,7 +185,7 @@ func (o *EndpointOauthConfigIn) GetGrantType() Oauth2GrantTypeIn {
 
 // GetGrantTypeOk returns a tuple with the GrantType field value
 // and a boolean to check if the value has been set.
-func (o *EndpointOauthConfigIn) GetGrantTypeOk() (*Oauth2GrantTypeIn, bool) {
+func (o *EndpointOauthConfigIn) GetGrantTypeOk() (*Oauth2GrantTypeInOut, bool) {
 	if o == nil {
 		return nil, false
 	}
@@ -193,7 +193,7 @@ func (o *EndpointOauthConfigIn) GetGrantTypeOk() (*Oauth2GrantTypeIn, bool) {
 }
 
 // SetGrantType sets field value
-func (o *EndpointOauthConfigIn) SetGrantType(v Oauth2GrantTypeIn) {
+func (o *EndpointOauthConfigIn) SetGrantType(v Oauth2GrantTypeInOut) {
 	o.GrantType = v
 }
 
diff --git a/go/internal/openapi/model_endpoint_oauth_config_out.go b/go/internal/openapi/model_endpoint_oauth_config_out.go
new file mode 100644
index 000000000..e00cd5102
--- /dev/null
+++ b/go/internal/openapi/model_endpoint_oauth_config_out.go
@@ -0,0 +1,314 @@
+/*
+Svix API
+
+No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
+
+API version: 1.1.1
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package openapi
+
+import (
+	"encoding/json"
+	"bytes"
+	"fmt"
+)
+
+// checks if the EndpointOauthConfigOut type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &EndpointOauthConfigOut{}
+
+// EndpointOauthConfigOut struct for EndpointOauthConfigOut
+type EndpointOauthConfigOut struct {
+	AuthMethod Oauth2AuthMethodInOut `json:"authMethod"`
+	ClientId string `json:"clientId"`
+	ExtraParams *map[string]string `json:"extraParams,omitempty"`
+	GrantType Oauth2GrantTypeInOut `json:"grantType"`
+	Scopes []string `json:"scopes,omitempty"`
+	TokenUrl string `json:"tokenUrl"`
+}
+
+type _EndpointOauthConfigOut EndpointOauthConfigOut
+
+// NewEndpointOauthConfigOut instantiates a new EndpointOauthConfigOut object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewEndpointOauthConfigOut(authMethod Oauth2AuthMethodInOut, clientId string, grantType Oauth2GrantTypeInOut, tokenUrl string) *EndpointOauthConfigOut {
+	this := EndpointOauthConfigOut{}
+	this.AuthMethod = authMethod
+	this.ClientId = clientId
+	this.GrantType = grantType
+	this.TokenUrl = tokenUrl
+	return &this
+}
+
+// NewEndpointOauthConfigOutWithDefaults instantiates a new EndpointOauthConfigOut object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewEndpointOauthConfigOutWithDefaults() *EndpointOauthConfigOut {
+	this := EndpointOauthConfigOut{}
+	return &this
+}
+
+// GetAuthMethod returns the AuthMethod field value
+func (o *EndpointOauthConfigOut) GetAuthMethod() Oauth2AuthMethodInOut {
+	if o == nil {
+		var ret Oauth2AuthMethodInOut
+		return ret
+	}
+
+	return o.AuthMethod
+}
+
+// GetAuthMethodOk returns a tuple with the AuthMethod field value
+// and a boolean to check if the value has been set.
+func (o *EndpointOauthConfigOut) GetAuthMethodOk() (*Oauth2AuthMethodInOut, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.AuthMethod, true
+}
+
+// SetAuthMethod sets field value
+func (o *EndpointOauthConfigOut) SetAuthMethod(v Oauth2AuthMethodInOut) {
+	o.AuthMethod = v
+}
+
+// GetClientId returns the ClientId field value
+func (o *EndpointOauthConfigOut) GetClientId() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.ClientId
+}
+
+// GetClientIdOk returns a tuple with the ClientId field value
+// and a boolean to check if the value has been set.
+func (o *EndpointOauthConfigOut) GetClientIdOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.ClientId, true
+}
+
+// SetClientId sets field value
+func (o *EndpointOauthConfigOut) SetClientId(v string) {
+	o.ClientId = v
+}
+
+// GetExtraParams returns the ExtraParams field value if set, zero value otherwise.
+func (o *EndpointOauthConfigOut) GetExtraParams() map[string]string {
+	if o == nil || IsNil(o.ExtraParams) {
+		var ret map[string]string
+		return ret
+	}
+	return *o.ExtraParams
+}
+
+// GetExtraParamsOk returns a tuple with the ExtraParams field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EndpointOauthConfigOut) GetExtraParamsOk() (*map[string]string, bool) {
+	if o == nil || IsNil(o.ExtraParams) {
+		return nil, false
+	}
+	return o.ExtraParams, true
+}
+
+// HasExtraParams returns a boolean if a field has been set.
+func (o *EndpointOauthConfigOut) HasExtraParams() bool {
+	if o != nil && !IsNil(o.ExtraParams) {
+		return true
+	}
+
+	return false
+}
+
+// SetExtraParams gets a reference to the given map[string]string and assigns it to the ExtraParams field.
+func (o *EndpointOauthConfigOut) SetExtraParams(v map[string]string) {
+	o.ExtraParams = &v
+}
+
+// GetGrantType returns the GrantType field value
+func (o *EndpointOauthConfigOut) GetGrantType() Oauth2GrantTypeInOut {
+	if o == nil {
+		var ret Oauth2GrantTypeInOut
+		return ret
+	}
+
+	return o.GrantType
+}
+
+// GetGrantTypeOk returns a tuple with the GrantType field value
+// and a boolean to check if the value has been set.
+func (o *EndpointOauthConfigOut) GetGrantTypeOk() (*Oauth2GrantTypeInOut, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.GrantType, true
+}
+
+// SetGrantType sets field value
+func (o *EndpointOauthConfigOut) SetGrantType(v Oauth2GrantTypeInOut) {
+	o.GrantType = v
+}
+
+// GetScopes returns the Scopes field value if set, zero value otherwise.
+func (o *EndpointOauthConfigOut) GetScopes() []string {
+	if o == nil || IsNil(o.Scopes) {
+		var ret []string
+		return ret
+	}
+	return o.Scopes
+}
+
+// GetScopesOk returns a tuple with the Scopes field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EndpointOauthConfigOut) GetScopesOk() ([]string, bool) {
+	if o == nil || IsNil(o.Scopes) {
+		return nil, false
+	}
+	return o.Scopes, true
+}
+
+// HasScopes returns a boolean if a field has been set.
+func (o *EndpointOauthConfigOut) HasScopes() bool {
+	if o != nil && !IsNil(o.Scopes) {
+		return true
+	}
+
+	return false
+}
+
+// SetScopes gets a reference to the given []string and assigns it to the Scopes field.
+func (o *EndpointOauthConfigOut) SetScopes(v []string) {
+	o.Scopes = v
+}
+
+// GetTokenUrl returns the TokenUrl field value
+func (o *EndpointOauthConfigOut) GetTokenUrl() string {
+	if o == nil {
+		var ret string
+		return ret
+	}
+
+	return o.TokenUrl
+}
+
+// GetTokenUrlOk returns a tuple with the TokenUrl field value
+// and a boolean to check if the value has been set.
+func (o *EndpointOauthConfigOut) GetTokenUrlOk() (*string, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return &o.TokenUrl, true
+}
+
+// SetTokenUrl sets field value
+func (o *EndpointOauthConfigOut) SetTokenUrl(v string) {
+	o.TokenUrl = v
+}
+
+func (o EndpointOauthConfigOut) MarshalJSON() ([]byte, error) {
+	toSerialize,err := o.ToMap()
+	if err != nil {
+		return []byte{}, err
+	}
+	return json.Marshal(toSerialize)
+}
+
+func (o EndpointOauthConfigOut) ToMap() (map[string]interface{}, error) {
+	toSerialize := map[string]interface{}{}
+	toSerialize["authMethod"] = o.AuthMethod
+	toSerialize["clientId"] = o.ClientId
+	if !IsNil(o.ExtraParams) {
+		toSerialize["extraParams"] = o.ExtraParams
+	}
+	toSerialize["grantType"] = o.GrantType
+	if !IsNil(o.Scopes) {
+		toSerialize["scopes"] = o.Scopes
+	}
+	toSerialize["tokenUrl"] = o.TokenUrl
+	return toSerialize, nil
+}
+
+func (o *EndpointOauthConfigOut) UnmarshalJSON(data []byte) (err error) {
+	// This validates that all required properties are included in the JSON object
+	// by unmarshalling the object into a generic map with string keys and checking
+	// that every required field exists as a key in the generic map.
+	requiredProperties := []string{
+		"authMethod",
+		"clientId",
+		"grantType",
+		"tokenUrl",
+	}
+
+	allProperties := make(map[string]interface{})
+
+	err = json.Unmarshal(data, &allProperties)
+
+	if err != nil {
+		return err;
+	}
+
+	for _, requiredProperty := range(requiredProperties) {
+		if _, exists := allProperties[requiredProperty]; !exists {
+			return fmt.Errorf("no value given for required property %v", requiredProperty)
+		}
+	}
+
+	varEndpointOauthConfigOut := _EndpointOauthConfigOut{}
+
+	decoder := json.NewDecoder(bytes.NewReader(data))
+	decoder.DisallowUnknownFields()
+	err = decoder.Decode(&varEndpointOauthConfigOut)
+
+	if err != nil {
+		return err
+	}
+
+	*o = EndpointOauthConfigOut(varEndpointOauthConfigOut)
+
+	return err
+}
+
+type NullableEndpointOauthConfigOut struct {
+	value *EndpointOauthConfigOut
+	isSet bool
+}
+
+func (v NullableEndpointOauthConfigOut) Get() *EndpointOauthConfigOut {
+	return v.value
+}
+
+func (v *NullableEndpointOauthConfigOut) Set(val *EndpointOauthConfigOut) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableEndpointOauthConfigOut) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableEndpointOauthConfigOut) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableEndpointOauthConfigOut(val *EndpointOauthConfigOut) *NullableEndpointOauthConfigOut {
+	return &NullableEndpointOauthConfigOut{value: val, isSet: true}
+}
+
+func (v NullableEndpointOauthConfigOut) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableEndpointOauthConfigOut) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
+
diff --git a/go/internal/openapi/model_environment_settings_out.go b/go/internal/openapi/model_environment_settings_out.go
index 779d933bc..d1eec26a6 100644
--- a/go/internal/openapi/model_environment_settings_out.go
+++ b/go/internal/openapi/model_environment_settings_out.go
@@ -29,6 +29,7 @@ type EnvironmentSettingsOut struct {
 	CustomThemeOverride *CustomThemeOverride `json:"customThemeOverride,omitempty"`
 	DisplayName *string `json:"displayName,omitempty"`
 	EnableChannels *bool `json:"enableChannels,omitempty"`
+	EnableEndpointOauthConfig *bool `json:"enableEndpointOauthConfig,omitempty"`
 	EnableIntegrationManagement *bool `json:"enableIntegrationManagement,omitempty"`
 	EnableMessageStream *bool `json:"enableMessageStream,omitempty"`
 	EnableMessageTags *bool `json:"enableMessageTags,omitempty"`
@@ -45,6 +46,8 @@ func NewEnvironmentSettingsOut() *EnvironmentSettingsOut {
 	this := EnvironmentSettingsOut{}
 	var enableChannels bool = false
 	this.EnableChannels = &enableChannels
+	var enableEndpointOauthConfig bool = false
+	this.EnableEndpointOauthConfig = &enableEndpointOauthConfig
 	var enableIntegrationManagement bool = false
 	this.EnableIntegrationManagement = &enableIntegrationManagement
 	var enableMessageStream bool = false
@@ -67,6 +70,8 @@ func NewEnvironmentSettingsOutWithDefaults() *EnvironmentSettingsOut {
 	this := EnvironmentSettingsOut{}
 	var enableChannels bool = false
 	this.EnableChannels = &enableChannels
+	var enableEndpointOauthConfig bool = false
+	this.EnableEndpointOauthConfig = &enableEndpointOauthConfig
 	var enableIntegrationManagement bool = false
 	this.EnableIntegrationManagement = &enableIntegrationManagement
 	var enableMessageStream bool = false
@@ -402,6 +407,38 @@ func (o *EnvironmentSettingsOut) SetEnableChannels(v bool) {
 	o.EnableChannels = &v
 }
 
+// GetEnableEndpointOauthConfig returns the EnableEndpointOauthConfig field value if set, zero value otherwise.
+func (o *EnvironmentSettingsOut) GetEnableEndpointOauthConfig() bool {
+	if o == nil || IsNil(o.EnableEndpointOauthConfig) {
+		var ret bool
+		return ret
+	}
+	return *o.EnableEndpointOauthConfig
+}
+
+// GetEnableEndpointOauthConfigOk returns a tuple with the EnableEndpointOauthConfig field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *EnvironmentSettingsOut) GetEnableEndpointOauthConfigOk() (*bool, bool) {
+	if o == nil || IsNil(o.EnableEndpointOauthConfig) {
+		return nil, false
+	}
+	return o.EnableEndpointOauthConfig, true
+}
+
+// HasEnableEndpointOauthConfig returns a boolean if a field has been set.
+func (o *EnvironmentSettingsOut) HasEnableEndpointOauthConfig() bool {
+	if o != nil && !IsNil(o.EnableEndpointOauthConfig) {
+		return true
+	}
+
+	return false
+}
+
+// SetEnableEndpointOauthConfig gets a reference to the given bool and assigns it to the EnableEndpointOauthConfig field.
+func (o *EnvironmentSettingsOut) SetEnableEndpointOauthConfig(v bool) {
+	o.EnableEndpointOauthConfig = &v
+}
+
 // GetEnableIntegrationManagement returns the EnableIntegrationManagement field value if set, zero value otherwise.
 func (o *EnvironmentSettingsOut) GetEnableIntegrationManagement() bool {
 	if o == nil || IsNil(o.EnableIntegrationManagement) {
@@ -634,6 +671,9 @@ func (o EnvironmentSettingsOut) ToMap() (map[string]interface{}, error) {
 	if !IsNil(o.EnableChannels) {
 		toSerialize["enableChannels"] = o.EnableChannels
 	}
+	if !IsNil(o.EnableEndpointOauthConfig) {
+		toSerialize["enableEndpointOauthConfig"] = o.EnableEndpointOauthConfig
+	}
 	if !IsNil(o.EnableIntegrationManagement) {
 		toSerialize["enableIntegrationManagement"] = o.EnableIntegrationManagement
 	}
diff --git a/go/internal/openapi/model_oauth2_auth_method_in.go b/go/internal/openapi/model_oauth2_auth_method_in.go
deleted file mode 100644
index 396e2b9c8..000000000
--- a/go/internal/openapi/model_oauth2_auth_method_in.go
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
-Svix API
-
-No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
-
-API version: 1.1.1
-*/
-
-// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
-
-package openapi
-
-import (
-	"encoding/json"
-	"fmt"
-)
-
-// Oauth2AuthMethodIn The method used for authenticating to the OAuth authorization server.  `clientSecretJwt` will construct a JWT used for authentication with the oauth authorization server. This method is less commonly used and may not be supported by all oauth providers. `clientSecretBasic` will authenticate to the oauth authorization server using an `Authorization` header with the client secret as the value. This is the most common means of authentication. `clientSecretPost` will authenticate to the oauth authorization server by passing the client secret in a `client_secret` field in the request body. This method may not be supported by all oauth providers, and in general `clientSecretBasic` should be preferred.
-type Oauth2AuthMethodIn string
-
-// List of Oauth2AuthMethodIn
-const (
-	OAUTH2AUTHMETHODIN_CLIENT_SECRET_JWT Oauth2AuthMethodIn = "clientSecretJwt"
-	OAUTH2AUTHMETHODIN_CLIENT_SECRET_BASIC Oauth2AuthMethodIn = "clientSecretBasic"
-	OAUTH2AUTHMETHODIN_CLIENT_SECRET_POST Oauth2AuthMethodIn = "clientSecretPost"
-)
-
-// All allowed values of Oauth2AuthMethodIn enum
-var AllowedOauth2AuthMethodInEnumValues = []Oauth2AuthMethodIn{
-	"clientSecretJwt",
-	"clientSecretBasic",
-	"clientSecretPost",
-}
-
-func (v *Oauth2AuthMethodIn) UnmarshalJSON(src []byte) error {
-	var value string
-	err := json.Unmarshal(src, &value)
-	if err != nil {
-		return err
-	}
-	enumTypeValue := Oauth2AuthMethodIn(value)
-	for _, existing := range AllowedOauth2AuthMethodInEnumValues {
-		if existing == enumTypeValue {
-			*v = enumTypeValue
-			return nil
-		}
-	}
-
-	return fmt.Errorf("%+v is not a valid Oauth2AuthMethodIn", value)
-}
-
-// NewOauth2AuthMethodInFromValue returns a pointer to a valid Oauth2AuthMethodIn
-// for the value passed as argument, or an error if the value passed is not allowed by the enum
-func NewOauth2AuthMethodInFromValue(v string) (*Oauth2AuthMethodIn, error) {
-	ev := Oauth2AuthMethodIn(v)
-	if ev.IsValid() {
-		return &ev, nil
-	} else {
-		return nil, fmt.Errorf("invalid value '%v' for Oauth2AuthMethodIn: valid values are %v", v, AllowedOauth2AuthMethodInEnumValues)
-	}
-}
-
-// IsValid return true if the value is valid for the enum, false otherwise
-func (v Oauth2AuthMethodIn) IsValid() bool {
-	for _, existing := range AllowedOauth2AuthMethodInEnumValues {
-		if existing == v {
-			return true
-		}
-	}
-	return false
-}
-
-// Ptr returns reference to Oauth2AuthMethodIn value
-func (v Oauth2AuthMethodIn) Ptr() *Oauth2AuthMethodIn {
-	return &v
-}
-
-type NullableOauth2AuthMethodIn struct {
-	value *Oauth2AuthMethodIn
-	isSet bool
-}
-
-func (v NullableOauth2AuthMethodIn) Get() *Oauth2AuthMethodIn {
-	return v.value
-}
-
-func (v *NullableOauth2AuthMethodIn) Set(val *Oauth2AuthMethodIn) {
-	v.value = val
-	v.isSet = true
-}
-
-func (v NullableOauth2AuthMethodIn) IsSet() bool {
-	return v.isSet
-}
-
-func (v *NullableOauth2AuthMethodIn) Unset() {
-	v.value = nil
-	v.isSet = false
-}
-
-func NewNullableOauth2AuthMethodIn(val *Oauth2AuthMethodIn) *NullableOauth2AuthMethodIn {
-	return &NullableOauth2AuthMethodIn{value: val, isSet: true}
-}
-
-func (v NullableOauth2AuthMethodIn) MarshalJSON() ([]byte, error) {
-	return json.Marshal(v.value)
-}
-
-func (v *NullableOauth2AuthMethodIn) UnmarshalJSON(src []byte) error {
-	v.isSet = true
-	return json.Unmarshal(src, &v.value)
-}
-
diff --git a/go/internal/openapi/model_oauth2_auth_method_in_out.go b/go/internal/openapi/model_oauth2_auth_method_in_out.go
new file mode 100644
index 000000000..3c5e3bb02
--- /dev/null
+++ b/go/internal/openapi/model_oauth2_auth_method_in_out.go
@@ -0,0 +1,113 @@
+/*
+Svix API
+
+No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
+
+API version: 1.1.1
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package openapi
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// Oauth2AuthMethodInOut The method used for authenticating to the OAuth authorization server.  `clientSecretJwt` will construct a JWT used for authentication with the oauth authorization server. This method is less commonly used and may not be supported by all oauth providers. `clientSecretBasic` will authenticate to the oauth authorization server using an `Authorization` header with the client secret as the value. This is the most common means of authentication. `clientSecretPost` will authenticate to the oauth authorization server by passing the client secret in a `client_secret` field in the request body. This method may not be supported by all oauth providers, and in general `clientSecretBasic` should be preferred.
+type Oauth2AuthMethodInOut string
+
+// List of Oauth2AuthMethodInOut
+const (
+	OAUTH2AUTHMETHODINOUT_CLIENT_SECRET_JWT Oauth2AuthMethodInOut = "clientSecretJwt"
+	OAUTH2AUTHMETHODINOUT_CLIENT_SECRET_BASIC Oauth2AuthMethodInOut = "clientSecretBasic"
+	OAUTH2AUTHMETHODINOUT_CLIENT_SECRET_POST Oauth2AuthMethodInOut = "clientSecretPost"
+)
+
+// All allowed values of Oauth2AuthMethodInOut enum
+var AllowedOauth2AuthMethodInOutEnumValues = []Oauth2AuthMethodInOut{
+	"clientSecretJwt",
+	"clientSecretBasic",
+	"clientSecretPost",
+}
+
+func (v *Oauth2AuthMethodInOut) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := Oauth2AuthMethodInOut(value)
+	for _, existing := range AllowedOauth2AuthMethodInOutEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid Oauth2AuthMethodInOut", value)
+}
+
+// NewOauth2AuthMethodInOutFromValue returns a pointer to a valid Oauth2AuthMethodInOut
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOauth2AuthMethodInOutFromValue(v string) (*Oauth2AuthMethodInOut, error) {
+	ev := Oauth2AuthMethodInOut(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for Oauth2AuthMethodInOut: valid values are %v", v, AllowedOauth2AuthMethodInOutEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v Oauth2AuthMethodInOut) IsValid() bool {
+	for _, existing := range AllowedOauth2AuthMethodInOutEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to Oauth2AuthMethodInOut value
+func (v Oauth2AuthMethodInOut) Ptr() *Oauth2AuthMethodInOut {
+	return &v
+}
+
+type NullableOauth2AuthMethodInOut struct {
+	value *Oauth2AuthMethodInOut
+	isSet bool
+}
+
+func (v NullableOauth2AuthMethodInOut) Get() *Oauth2AuthMethodInOut {
+	return v.value
+}
+
+func (v *NullableOauth2AuthMethodInOut) Set(val *Oauth2AuthMethodInOut) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOauth2AuthMethodInOut) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOauth2AuthMethodInOut) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOauth2AuthMethodInOut(val *Oauth2AuthMethodInOut) *NullableOauth2AuthMethodInOut {
+	return &NullableOauth2AuthMethodInOut{value: val, isSet: true}
+}
+
+func (v NullableOauth2AuthMethodInOut) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOauth2AuthMethodInOut) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
diff --git a/go/internal/openapi/model_oauth2_grant_type_in.go b/go/internal/openapi/model_oauth2_grant_type_in.go
deleted file mode 100644
index a42d2e970..000000000
--- a/go/internal/openapi/model_oauth2_grant_type_in.go
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
-Svix API
-
-No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
-
-API version: 1.1.1
-*/
-
-// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
-
-package openapi
-
-import (
-	"encoding/json"
-	"fmt"
-)
-
-// Oauth2GrantTypeIn the model 'Oauth2GrantTypeIn'
-type Oauth2GrantTypeIn string
-
-// List of Oauth2GrantTypeIn
-const (
-	OAUTH2GRANTTYPEIN_CLIENT_CREDENTIALS Oauth2GrantTypeIn = "clientCredentials"
-	OAUTH2GRANTTYPEIN_REFRESH_TOKEN Oauth2GrantTypeIn = "refreshToken"
-)
-
-// All allowed values of Oauth2GrantTypeIn enum
-var AllowedOauth2GrantTypeInEnumValues = []Oauth2GrantTypeIn{
-	"clientCredentials",
-	"refreshToken",
-}
-
-func (v *Oauth2GrantTypeIn) UnmarshalJSON(src []byte) error {
-	var value string
-	err := json.Unmarshal(src, &value)
-	if err != nil {
-		return err
-	}
-	enumTypeValue := Oauth2GrantTypeIn(value)
-	for _, existing := range AllowedOauth2GrantTypeInEnumValues {
-		if existing == enumTypeValue {
-			*v = enumTypeValue
-			return nil
-		}
-	}
-
-	return fmt.Errorf("%+v is not a valid Oauth2GrantTypeIn", value)
-}
-
-// NewOauth2GrantTypeInFromValue returns a pointer to a valid Oauth2GrantTypeIn
-// for the value passed as argument, or an error if the value passed is not allowed by the enum
-func NewOauth2GrantTypeInFromValue(v string) (*Oauth2GrantTypeIn, error) {
-	ev := Oauth2GrantTypeIn(v)
-	if ev.IsValid() {
-		return &ev, nil
-	} else {
-		return nil, fmt.Errorf("invalid value '%v' for Oauth2GrantTypeIn: valid values are %v", v, AllowedOauth2GrantTypeInEnumValues)
-	}
-}
-
-// IsValid return true if the value is valid for the enum, false otherwise
-func (v Oauth2GrantTypeIn) IsValid() bool {
-	for _, existing := range AllowedOauth2GrantTypeInEnumValues {
-		if existing == v {
-			return true
-		}
-	}
-	return false
-}
-
-// Ptr returns reference to Oauth2GrantTypeIn value
-func (v Oauth2GrantTypeIn) Ptr() *Oauth2GrantTypeIn {
-	return &v
-}
-
-type NullableOauth2GrantTypeIn struct {
-	value *Oauth2GrantTypeIn
-	isSet bool
-}
-
-func (v NullableOauth2GrantTypeIn) Get() *Oauth2GrantTypeIn {
-	return v.value
-}
-
-func (v *NullableOauth2GrantTypeIn) Set(val *Oauth2GrantTypeIn) {
-	v.value = val
-	v.isSet = true
-}
-
-func (v NullableOauth2GrantTypeIn) IsSet() bool {
-	return v.isSet
-}
-
-func (v *NullableOauth2GrantTypeIn) Unset() {
-	v.value = nil
-	v.isSet = false
-}
-
-func NewNullableOauth2GrantTypeIn(val *Oauth2GrantTypeIn) *NullableOauth2GrantTypeIn {
-	return &NullableOauth2GrantTypeIn{value: val, isSet: true}
-}
-
-func (v NullableOauth2GrantTypeIn) MarshalJSON() ([]byte, error) {
-	return json.Marshal(v.value)
-}
-
-func (v *NullableOauth2GrantTypeIn) UnmarshalJSON(src []byte) error {
-	v.isSet = true
-	return json.Unmarshal(src, &v.value)
-}
-
diff --git a/go/internal/openapi/model_oauth2_grant_type_in_out.go b/go/internal/openapi/model_oauth2_grant_type_in_out.go
new file mode 100644
index 000000000..54ee68e12
--- /dev/null
+++ b/go/internal/openapi/model_oauth2_grant_type_in_out.go
@@ -0,0 +1,111 @@
+/*
+Svix API
+
+No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
+
+API version: 1.1.1
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package openapi
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// Oauth2GrantTypeInOut the model 'Oauth2GrantTypeInOut'
+type Oauth2GrantTypeInOut string
+
+// List of Oauth2GrantTypeInOut
+const (
+	OAUTH2GRANTTYPEINOUT_CLIENT_CREDENTIALS Oauth2GrantTypeInOut = "clientCredentials"
+	OAUTH2GRANTTYPEINOUT_REFRESH_TOKEN Oauth2GrantTypeInOut = "refreshToken"
+)
+
+// All allowed values of Oauth2GrantTypeInOut enum
+var AllowedOauth2GrantTypeInOutEnumValues = []Oauth2GrantTypeInOut{
+	"clientCredentials",
+	"refreshToken",
+}
+
+func (v *Oauth2GrantTypeInOut) UnmarshalJSON(src []byte) error {
+	var value string
+	err := json.Unmarshal(src, &value)
+	if err != nil {
+		return err
+	}
+	enumTypeValue := Oauth2GrantTypeInOut(value)
+	for _, existing := range AllowedOauth2GrantTypeInOutEnumValues {
+		if existing == enumTypeValue {
+			*v = enumTypeValue
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%+v is not a valid Oauth2GrantTypeInOut", value)
+}
+
+// NewOauth2GrantTypeInOutFromValue returns a pointer to a valid Oauth2GrantTypeInOut
+// for the value passed as argument, or an error if the value passed is not allowed by the enum
+func NewOauth2GrantTypeInOutFromValue(v string) (*Oauth2GrantTypeInOut, error) {
+	ev := Oauth2GrantTypeInOut(v)
+	if ev.IsValid() {
+		return &ev, nil
+	} else {
+		return nil, fmt.Errorf("invalid value '%v' for Oauth2GrantTypeInOut: valid values are %v", v, AllowedOauth2GrantTypeInOutEnumValues)
+	}
+}
+
+// IsValid return true if the value is valid for the enum, false otherwise
+func (v Oauth2GrantTypeInOut) IsValid() bool {
+	for _, existing := range AllowedOauth2GrantTypeInOutEnumValues {
+		if existing == v {
+			return true
+		}
+	}
+	return false
+}
+
+// Ptr returns reference to Oauth2GrantTypeInOut value
+func (v Oauth2GrantTypeInOut) Ptr() *Oauth2GrantTypeInOut {
+	return &v
+}
+
+type NullableOauth2GrantTypeInOut struct {
+	value *Oauth2GrantTypeInOut
+	isSet bool
+}
+
+func (v NullableOauth2GrantTypeInOut) Get() *Oauth2GrantTypeInOut {
+	return v.value
+}
+
+func (v *NullableOauth2GrantTypeInOut) Set(val *Oauth2GrantTypeInOut) {
+	v.value = val
+	v.isSet = true
+}
+
+func (v NullableOauth2GrantTypeInOut) IsSet() bool {
+	return v.isSet
+}
+
+func (v *NullableOauth2GrantTypeInOut) Unset() {
+	v.value = nil
+	v.isSet = false
+}
+
+func NewNullableOauth2GrantTypeInOut(val *Oauth2GrantTypeInOut) *NullableOauth2GrantTypeInOut {
+	return &NullableOauth2GrantTypeInOut{value: val, isSet: true}
+}
+
+func (v NullableOauth2GrantTypeInOut) MarshalJSON() ([]byte, error) {
+	return json.Marshal(v.value)
+}
+
+func (v *NullableOauth2GrantTypeInOut) UnmarshalJSON(src []byte) error {
+	v.isSet = true
+	return json.Unmarshal(src, &v.value)
+}
+
diff --git a/lib-openapi.json b/lib-openapi.json
index 24cf61b56..1daa450e3 100644
--- a/lib-openapi.json
+++ b/lib-openapi.json
@@ -74,6 +74,8 @@
                             "pattern": "^[a-zA-Z0-9\\-_.]+$",
                             "type": "string"
                         },
+                        "maxItems": 25,
+                        "minItems": 1,
                         "type": "array",
                         "uniqueItems": true
                     },
@@ -1467,7 +1469,7 @@
             "EndpointOauthConfigIn": {
                 "properties": {
                     "authMethod": {
-                        "$ref": "#/components/schemas/Oauth2AuthMethodIn"
+                        "$ref": "#/components/schemas/Oauth2AuthMethodInOut"
                     },
                     "clientId": {
                         "description": "The client ID. Required for all authentication types.",
@@ -1487,7 +1489,7 @@
                         "type": "object"
                     },
                     "grantType": {
-                        "$ref": "#/components/schemas/Oauth2GrantTypeIn",
+                        "$ref": "#/components/schemas/Oauth2GrantTypeInOut",
                         "description": "The OAuth grant type."
                     },
                     "jwtParams": {
@@ -1522,6 +1524,43 @@
                 ],
                 "type": "object"
             },
+            "EndpointOauthConfigOut": {
+                "properties": {
+                    "authMethod": {
+                        "$ref": "#/components/schemas/Oauth2AuthMethodInOut"
+                    },
+                    "clientId": {
+                        "type": "string"
+                    },
+                    "extraParams": {
+                        "additionalProperties": {
+                            "type": "string"
+                        },
+                        "nullable": true,
+                        "type": "object"
+                    },
+                    "grantType": {
+                        "$ref": "#/components/schemas/Oauth2GrantTypeInOut"
+                    },
+                    "scopes": {
+                        "items": {
+                            "type": "string"
+                        },
+                        "nullable": true,
+                        "type": "array"
+                    },
+                    "tokenUrl": {
+                        "type": "string"
+                    }
+                },
+                "required": [
+                    "authMethod",
+                    "clientId",
+                    "grantType",
+                    "tokenUrl"
+                ],
+                "type": "object"
+            },
             "EndpointOut": {
                 "properties": {
                     "channels": {
@@ -2101,6 +2140,10 @@
                         "default": false,
                         "type": "boolean"
                     },
+                    "enableEndpointOauthConfig": {
+                        "default": false,
+                        "type": "boolean"
+                    },
                     "enableIntegrationManagement": {
                         "default": false,
                         "type": "boolean"
@@ -4343,7 +4386,7 @@
                 },
                 "type": "object"
             },
-            "Oauth2AuthMethodIn": {
+            "Oauth2AuthMethodInOut": {
                 "description": "The method used for authenticating to the OAuth authorization server.\n\n`clientSecretJwt` will construct a JWT used for authentication with the oauth authorization server. This method is less commonly used and may not be supported by all oauth providers. `clientSecretBasic` will authenticate to the oauth authorization server using an `Authorization` header with the client secret as the value. This is the most common means of authentication. `clientSecretPost` will authenticate to the oauth authorization server by passing the client secret in a `client_secret` field in the request body. This method may not be supported by all oauth providers, and in general `clientSecretBasic` should be preferred.",
                 "enum": [
                     "clientSecretJwt",
@@ -4352,7 +4395,7 @@
                 ],
                 "type": "string"
             },
-            "Oauth2GrantTypeIn": {
+            "Oauth2GrantTypeInOut": {
                 "enum": [
                     "clientCredentials",
                     "refreshToken"
@@ -5592,6 +5635,8 @@
                             "pattern": "^[a-zA-Z0-9\\-_.]+$",
                             "type": "string"
                         },
+                        "maxItems": 25,
+                        "minItems": 1,
                         "type": "array",
                         "uniqueItems": true
                     },
@@ -11629,6 +11674,195 @@
                     }
                 ]
             },
+            "get": {
+                "description": "Get endpoint OAuth configuration.",
+                "operationId": "v1.endpoint.get-oauth-config",
+                "parameters": [
+                    {
+                        "description": "The app's ID or UID",
+                        "in": "path",
+                        "name": "app_id",
+                        "required": true,
+                        "schema": {
+                            "description": "The app's ID or UID",
+                            "example": "unique-app-identifier",
+                            "maxLength": 256,
+                            "minLength": 1,
+                            "pattern": "^[a-zA-Z0-9\\-_.]+$",
+                            "type": "string"
+                        },
+                        "style": "simple"
+                    },
+                    {
+                        "description": "The ep's ID or UID",
+                        "in": "path",
+                        "name": "endpoint_id",
+                        "required": true,
+                        "schema": {
+                            "description": "The ep's ID or UID",
+                            "example": "unique-ep-identifier",
+                            "maxLength": 256,
+                            "minLength": 1,
+                            "pattern": "^[a-zA-Z0-9\\-_.]+$",
+                            "type": "string"
+                        },
+                        "style": "simple"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "$ref": "#/components/schemas/EndpointOauthConfigOut"
+                                }
+                            }
+                        },
+                        "description": ""
+                    },
+                    "400": {
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "$ref": "#/components/schemas/HttpErrorOut"
+                                }
+                            }
+                        },
+                        "description": "Bad request"
+                    },
+                    "401": {
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "$ref": "#/components/schemas/HttpErrorOut"
+                                }
+                            }
+                        },
+                        "description": "Unauthorized"
+                    },
+                    "403": {
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "$ref": "#/components/schemas/HttpErrorOut"
+                                }
+                            }
+                        },
+                        "description": "Forbidden"
+                    },
+                    "404": {
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "$ref": "#/components/schemas/HttpErrorOut"
+                                }
+                            }
+                        },
+                        "description": "Not Found"
+                    },
+                    "409": {
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "$ref": "#/components/schemas/HttpErrorOut"
+                                }
+                            }
+                        },
+                        "description": "Conflict"
+                    },
+                    "422": {
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "$ref": "#/components/schemas/HTTPValidationError"
+                                }
+                            }
+                        },
+                        "description": "Validation Error"
+                    },
+                    "429": {
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "$ref": "#/components/schemas/HttpErrorOut"
+                                }
+                            }
+                        },
+                        "description": "Too Many Requests"
+                    }
+                },
+                "security": [
+                    {
+                        "HTTPBearer": []
+                    }
+                ],
+                "summary": "Get Endpoint Oauth Config",
+                "tags": [
+                    "Endpoint"
+                ],
+                "x-codeSamples": [
+                    {
+                        "label": "JavaScript",
+                        "lang": "JavaScript",
+                        "source": "const endpointOauthConfigOut = await svix.endpoint.getOauthConfig(\"app_id\", \"endpoint_id\");"
+                    },
+                    {
+                        "label": "TypeScript",
+                        "lang": "JavaScript",
+                        "source": "const endpointOauthConfigOut = await svix.endpoint.getOauthConfig(\"app_id\", \"endpoint_id\");"
+                    },
+                    {
+                        "label": "Python",
+                        "lang": "Python",
+                        "source": "endpoint_oauth_config_out = svix.endpoint.get_oauth_config(\"app_id\", \"endpoint_id\")"
+                    },
+                    {
+                        "label": "Python (Async)",
+                        "lang": "Python",
+                        "source": "endpoint_oauth_config_out = await svix.endpoint.get_oauth_config(\"app_id\", \"endpoint_id\")"
+                    },
+                    {
+                        "label": "Go",
+                        "lang": "Go",
+                        "source": "endpointOauthConfigOut, err := svixClient.Endpoint.GetOauthConfig(ctx, \"app_id\", \"endpoint_id\")"
+                    },
+                    {
+                        "label": "Kotlin",
+                        "lang": "Kotlin",
+                        "source": "val endpointOauthConfigOut = svix.endpoint.getOauthConfig(\"app_id\", \"endpoint_id\")"
+                    },
+                    {
+                        "label": "Java",
+                        "lang": "Java",
+                        "source": "EndpointOauthConfigOut endpointOauthConfigOut = svix.getEndpoint().getOauthConfig(\"app_id\", \"endpoint_id\");"
+                    },
+                    {
+                        "label": "Ruby",
+                        "lang": "Ruby",
+                        "source": "endpoint_oauth_config_out = svix.endpoint.get_oauth_config(\"app_id\", \"endpoint_id\")"
+                    },
+                    {
+                        "label": "Rust",
+                        "lang": "Rust",
+                        "source": "let endpoint_oauth_config_out = svix.endpoint().get_oauth_config(\"app_id\", \"endpoint_id\").await?;"
+                    },
+                    {
+                        "label": "C#",
+                        "lang": "C#",
+                        "source": "var endpointOauthConfigOut = await svix.Endpoint.GetOauthConfigAsync(\"app_id\", \"endpoint_id\");"
+                    },
+                    {
+                        "label": "CLI",
+                        "lang": "Shell",
+                        "source": "svix endpoint get-oauth-config \"app_id\" \"endpoint_id\""
+                    },
+                    {
+                        "label": "cURL",
+                        "lang": "Shell",
+                        "source": "curl -X 'GET' \\\n  'https://api.eu.svix.com/api/v1/app/{app_id}/endpoint/{endpoint_id}/oauth' \\\n  -H 'Authorization: Bearer AUTH_TOKEN' \\\n  -H 'Accept: application/json' \\\n  -H 'Content-Type: application/json'\n"
+                    }
+                ]
+            },
             "put": {
                 "description": "Create / update endpoint OAuth configuration.",
                 "operationId": "v1.endpoint.update-oauth-config",