From bee718b5bb4fa7e4233cc1bbf0306b0ae5d8c989 Mon Sep 17 00:00:00 2001
From: Tyler Warner <twarner@rand.com>
Date: Thu, 25 Sep 2025 07:51:30 -0500
Subject: [PATCH 1/2] Add support for Secure Service Account API.

---
 Aps.Sdk.sln                                   |  19 +-
 Directory.Packages.props                      |   1 +
 README.md                                     |   1 +
 .../secureserviceaccount.sln                  |  28 +
 ...Authentication.SecureServiceAccount.csproj |  25 +
 .../source/Http/AccountManagementApi.gen.cs   | 596 +++++++++++++++++
 .../source/Http/ExchangeTokenApi.gen.cs       | 290 ++++++++
 .../source/Http/KeyManagementApi.gen.cs       | 535 +++++++++++++++
 .../source/LocalMarshalling.cs                | 109 +++
 .../source/Model/GrantType.gen.cs             |  50 ++
 .../source/Model/Key.gen.cs                   |  82 +++
 .../source/Model/KeyCreated.gen.cs            |  56 ++
 .../source/Model/KeyStatus.gen.cs             |  57 ++
 .../source/Model/KeyUpdatePayload.gen.cs      |  67 ++
 .../source/Model/KeysResponse.gen.cs          |  60 ++
 .../source/Model/Scopes.gen.cs                | 166 +++++
 .../source/Model/ServiceAccount.gen.cs        | 121 ++++
 .../Model/ServiceAccountCreatePayload.gen.cs  | 111 +++
 .../source/Model/ServiceAccountCreated.gen.cs |  70 ++
 .../source/Model/ServiceAccountStatus.gen.cs  |  57 ++
 .../Model/ServiceAccountUpdatePayload.gen.cs  |  67 ++
 .../Model/ServiceAccountsResponse.gen.cs      |  60 ++
 .../source/Model/ThreeLeggedToken.gen.cs      |  82 +++
 .../source/ServiceApiException.cs             |  51 ++
 .../source/ServiceCollectionExtensions.gen.cs |  46 ++
 .../custom-code/SecureServiceAccountClient.cs | 630 ++++++++++++++++++
 ...ntication.SecureServiceAccount.Test.csproj |  20 +
 .../test/TestSecureServiceAccount.cs          | 175 +++++
 28 files changed, 3629 insertions(+), 3 deletions(-)
 create mode 100644 authentication/secureserviceaccount/secureserviceaccount.sln
 create mode 100644 authentication/secureserviceaccount/source/Autodesk.Authentication.SecureServiceAccount.csproj
 create mode 100644 authentication/secureserviceaccount/source/Http/AccountManagementApi.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Http/ExchangeTokenApi.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Http/KeyManagementApi.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/LocalMarshalling.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/GrantType.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/Key.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/KeyCreated.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/KeyStatus.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/KeyUpdatePayload.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/KeysResponse.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/Scopes.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/ServiceAccount.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/ServiceAccountCreatePayload.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/ServiceAccountCreated.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/ServiceAccountStatus.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/ServiceAccountUpdatePayload.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/ServiceAccountsResponse.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/Model/ThreeLeggedToken.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/ServiceApiException.cs
 create mode 100644 authentication/secureserviceaccount/source/ServiceCollectionExtensions.gen.cs
 create mode 100644 authentication/secureserviceaccount/source/custom-code/SecureServiceAccountClient.cs
 create mode 100644 authentication/secureserviceaccount/test/Autodesk.Authentication.SecureServiceAccount.Test.csproj
 create mode 100644 authentication/secureserviceaccount/test/TestSecureServiceAccount.cs

diff --git a/Aps.Sdk.sln b/Aps.Sdk.sln
index f95318c7..e1568aff 100644
--- a/Aps.Sdk.sln
+++ b/Aps.Sdk.sln
@@ -35,14 +35,15 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Autodesk.Construction.Accou
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Autodesk.Sdk.Manager", "sdkmanager\Autodesk.Sdk.Manager.csproj", "{38D360E7-663C-4A84-ADAF-D795FBF2426B}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "secureserviceaccount", "secureserviceaccount", "{02EA681E-C7D8-13C7-8484-4AC65E1B71E8}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Autodesk.Authentication.SecureServiceAccount", "authentication\secureserviceaccount\source\Autodesk.Authentication.SecureServiceAccount.csproj", "{564373E6-71AF-B523-9AB6-EF4BAC93148F}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
 		Release|Any CPU = Release|Any CPU
 	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{ED05FF2A-8775-4552-B0FF-C9BCD6CB66D4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{ED05FF2A-8775-4552-B0FF-C9BCD6CB66D4}.Debug|Any CPU.Build.0 = Debug|Any CPU
@@ -76,6 +77,13 @@ Global
 		{38D360E7-663C-4A84-ADAF-D795FBF2426B}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{38D360E7-663C-4A84-ADAF-D795FBF2426B}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{38D360E7-663C-4A84-ADAF-D795FBF2426B}.Release|Any CPU.Build.0 = Release|Any CPU
+		{564373E6-71AF-B523-9AB6-EF4BAC93148F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{564373E6-71AF-B523-9AB6-EF4BAC93148F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{564373E6-71AF-B523-9AB6-EF4BAC93148F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{564373E6-71AF-B523-9AB6-EF4BAC93148F}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
 		{ED05FF2A-8775-4552-B0FF-C9BCD6CB66D4} = {3E6CDD5D-9AEA-4A9C-9085-00D791DD34E4}
@@ -86,5 +94,10 @@ Global
 		{8C6376C9-61E6-4836-831E-8B3E8FDAE65F} = {0CDF551D-4B04-4860-BB8F-F3A77BC899ED}
 		{2E7E4313-B859-4A56-9B52-A4A170C255B9} = {A291A1E6-780A-4EDD-A053-BD03218434FD}
 		{5929BCE7-665A-472C-8498-A368E6675645} = {2E7E4313-B859-4A56-9B52-A4A170C255B9}
+		{02EA681E-C7D8-13C7-8484-4AC65E1B71E8} = {F4C92067-B21E-4309-A426-C7CEC0BD6213}
+		{564373E6-71AF-B523-9AB6-EF4BAC93148F} = {02EA681E-C7D8-13C7-8484-4AC65E1B71E8}
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {4C7BFC9B-2B0C-429F-AA42-D9CC92B0CB40}
 	EndGlobalSection
 EndGlobal
diff --git a/Directory.Packages.props b/Directory.Packages.props
index b78ce39d..1558521d 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -17,5 +17,6 @@
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
     <PackageVersion Include="MSTest.TestAdapter" Version="3.6.4" />
     <PackageVersion Include="MSTest.TestFramework" Version="3.6.4" />
+    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="8.14.0" />
   </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/README.md b/README.md
index d0adbb65..5012399e 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,7 @@ The Developer Portal has everything APS:
 - [Data Management](https://www.nuget.org/packages/Autodesk.DataManagement)
 - [Model Derivative](https://www.nuget.org/packages/Autodesk.ModelDerivative)
 - [OSS](https://www.nuget.org/packages/Autodesk.Oss)
+- [Secure Service Account](https://www.nuget.org/packages/Autodesk.SecureServiceAccount)
 - [SDK Manager](https://www.nuget.org/packages/Autodesk.SDKManager)
 - [Webhooks](https://www.nuget.org/packages/Autodesk.Webhooks)
 
diff --git a/authentication/secureserviceaccount/secureserviceaccount.sln b/authentication/secureserviceaccount/secureserviceaccount.sln
new file mode 100644
index 00000000..4aefbac2
--- /dev/null
+++ b/authentication/secureserviceaccount/secureserviceaccount.sln
@@ -0,0 +1,28 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.31903.59
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Autodesk.Authentication.SecureServiceAccount", "source\Autodesk.Authentication.SecureServiceAccount.csproj", "{1CFB83E1-D54E-47EF-8E4A-85307A766059}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Autodesk.Authentication.SecureServiceAccount.Test", "test\Autodesk.Authentication.SecureServiceAccount.Test.csproj", "{0BD9E57E-E19A-635F-A2FB-550E9EBEBA1B}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{1CFB83E1-D54E-47EF-8E4A-85307A766059}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{1CFB83E1-D54E-47EF-8E4A-85307A766059}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{1CFB83E1-D54E-47EF-8E4A-85307A766059}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{1CFB83E1-D54E-47EF-8E4A-85307A766059}.Release|Any CPU.Build.0 = Release|Any CPU
+		{0BD9E57E-E19A-635F-A2FB-550E9EBEBA1B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{0BD9E57E-E19A-635F-A2FB-550E9EBEBA1B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{0BD9E57E-E19A-635F-A2FB-550E9EBEBA1B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{0BD9E57E-E19A-635F-A2FB-550E9EBEBA1B}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/authentication/secureserviceaccount/source/Autodesk.Authentication.SecureServiceAccount.csproj b/authentication/secureserviceaccount/source/Autodesk.Authentication.SecureServiceAccount.csproj
new file mode 100644
index 00000000..0c07ef78
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Autodesk.Authentication.SecureServiceAccount.csproj
@@ -0,0 +1,25 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+	<PropertyGroup>
+		<GeneratePackageOnBuild>true</GeneratePackageOnBuild>
+		<GenerateDocumentationFile>true</GenerateDocumentationFile>
+		<Authors>Autodesk Platform Services SDK Team</Authors>
+		<PackageDescription>Client SDK for Secure Service Account API</PackageDescription>
+		<PackageReleaseNotes>
+			•	Initial release of Secure Service Account API.
+		</PackageReleaseNotes>
+		<Copyright>Autodesk Inc.</Copyright>
+		<PackageId>Autodesk.SecureServiceAccount</PackageId>
+		<PackageVersion>1.0.0</PackageVersion>
+		<PackageLicenseFile>LICENSE.txt</PackageLicenseFile>
+		<PackageReadmeFile>README.md</PackageReadmeFile>
+		<RepositoryUrl>https://github.com/autodesk-platform-services/aps-sdk-net.git</RepositoryUrl>
+	</PropertyGroup>
+	<ItemGroup>
+		<PackageReference Include="Autodesk.SDKManager" />
+		<PackageReference Include="System.IdentityModel.Tokens.Jwt" />
+		<None Include="../../../LICENSE.txt" Pack="true" PackagePath="" />
+		<None Include="../../../README.md" Pack="true" PackagePath="" />
+	</ItemGroup>
+
+</Project>
diff --git a/authentication/secureserviceaccount/source/Http/AccountManagementApi.gen.cs b/authentication/secureserviceaccount/source/Http/AccountManagementApi.gen.cs
new file mode 100644
index 00000000..6e013b19
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Http/AccountManagementApi.gen.cs
@@ -0,0 +1,596 @@
+/* 
+ * APS SDK
+ *
+ * The APS Platform contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Autodesk.Authentication.SecureServiceAccount.Client;
+using Autodesk.Authentication.SecureServiceAccount.Model;
+using Autodesk.Forge.Core;
+using Autodesk.SDKManager;
+using Microsoft.Extensions.Logging;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Http;
+
+/// <summary>
+/// Represents a collection of functions to interact with the API endpoints
+/// </summary>
+public interface IAccountManagementApi
+{
+   /// <summary>
+   /// Creates a service account.
+   /// Only a server-to-server application can own service accounts.
+   /// An application can have up to 10 service accounts at any given time.
+   /// Upon a successful response, the operation returns the service account ID and email address.
+   /// </summary>
+   /// <param name="serviceAccountCreatePayload">
+   /// Describes the creation of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="ServiceAccountCreated"/>&gt;&gt;
+   /// </returns>
+   System.Threading.Tasks.Task<ApiResponse<ServiceAccountCreated>> CreateServiceAccountAsync(ServiceAccountCreatePayload serviceAccountCreatePayload = default(ServiceAccountCreatePayload), string accessToken = default(string), bool throwOnError = true);
+
+   /// <summary>
+   /// Deletes an existing service account.
+   /// When a service account is deleted, all associated keys will also be deleted.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="HttpResponseMessage"/>&gt;
+   /// </returns>
+   System.Threading.Tasks.Task<HttpResponseMessage> DeleteServiceAccountAsync(string serviceAccountId = default(string), string accessToken = default(string), bool throwOnError = true);
+
+   /// <summary>
+   /// Retrieves the details for a service account.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="ServiceAccount"/>&gt;&gt;
+   /// </returns>
+   System.Threading.Tasks.Task<ApiResponse<ServiceAccount>> GetServiceAccountAsync(string serviceAccountId = default(string), string accessToken = default(string), bool throwOnError = true);
+
+   /// <summary>
+   /// Retrieves all service accounts associated with an application.
+   /// </summary>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="ServiceAccountsResponse"/>&gt;&gt;
+   /// </returns>
+   System.Threading.Tasks.Task<ApiResponse<ServiceAccountsResponse>> GetServiceAccountsAsync(string accessToken = default(string), bool throwOnError = true);
+
+   /// <summary>
+   /// Enables or disables a service account.
+   /// When a service account is in the disabled state, it loses its capability to manage its service account key.
+   /// Assertions signed by the key will be treated as invalid.
+   /// This operation allows enabling a service account that is in a diabled state.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="serviceAccountUpdatePayload">
+   /// Describes the updates to the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="HttpResponseMessage"/>&gt;
+   /// </returns>
+   System.Threading.Tasks.Task<HttpResponseMessage> UpdateServiceAccountAsync(string serviceAccountId = default(string), ServiceAccountUpdatePayload serviceAccountUpdatePayload = default(ServiceAccountUpdatePayload), string accessToken = default(string), bool throwOnError = true);
+}
+
+/// <summary>
+/// Represents a collection of functions to interact with the API endpoints.
+/// </summary>
+public partial class AccountManagementApi : IAccountManagementApi
+{
+   private readonly ILogger _logger;
+
+   /// <summary>
+   /// Initializes a new instance of the <see cref="AccountManagementApi"/> class using <see cref="SDKManager.SDKManager"/>.
+   /// </summary>
+   /// <param name="sdkManager">
+   /// An instance of <see cref="SDKManager.SDKManager"/>.
+   /// </param>
+   public AccountManagementApi(SDKManager.SDKManager sdkManager)
+   {
+      Service = sdkManager.ApsClient.Service;
+      _logger = sdkManager.Logger;
+   }
+
+   private static void SetQueryParameter(string name, object value, Dictionary<string, object> dictionary)
+   {
+      if (value is Enum)
+      {
+         var type = value.GetType();
+         var memberInfos = type.GetMember(value.ToString());
+         var enumValueMemberInfo = memberInfos.FirstOrDefault(m => m.DeclaringType == type);
+         var valueAttributes = enumValueMemberInfo.GetCustomAttributes(typeof(EnumMemberAttribute), false);
+         if (valueAttributes.Length > 0)
+         {
+            dictionary.Add(name, ((EnumMemberAttribute)valueAttributes[0]).Value);
+         }
+      }
+      else if (value is int)
+      {
+         if ((int)value > 0)
+         {
+            dictionary.Add(name, value);
+         }
+      }
+      else
+      {
+         if (value != null)
+         {
+            dictionary.Add(name, value);
+         }
+      }
+   }
+
+   private static void SetHeader(string baseName, object value, HttpRequestMessage request)
+   {
+      if (value is DateTime)
+      {
+         if ((DateTime)value != DateTime.MinValue)
+         {
+            request.Headers.TryAddWithoutValidation(baseName, LocalMarshalling.ParameterToString(value)); // header parameter
+         }
+      }
+      else
+      {
+         if (value != null)
+         {
+            if (!string.Equals(baseName, "Content-Range"))
+            {
+               request.Headers.TryAddWithoutValidation(baseName, LocalMarshalling.ParameterToString(value)); // header parameter
+            }
+            else
+            {
+               request.Content.Headers.Add(baseName, LocalMarshalling.ParameterToString(value));
+            }
+         }
+      }
+
+   }
+
+   /// <summary>
+   /// Gets or sets the <see cref="ApsConfiguration"/> object.
+   /// </summary>
+   /// <value>
+   /// An instance of the <see cref="ForgeService"/>.
+   /// </value>
+   public ForgeService Service { get; set; }
+
+   /// <summary>
+   /// Creates a service account.
+   /// Only a server-to-server application can own service accounts.
+   /// An application can have up to 10 service accounts at any given time.
+   /// Upon a successful response, the operation returns the service account ID and email address.
+   /// </summary>
+   /// <param name="serviceAccountCreatePayload">
+   /// Describes the creation of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="ServiceAccountCreated"/>&gt;&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<ApiResponse<ServiceAccountCreated>> CreateServiceAccountAsync(ServiceAccountCreatePayload serviceAccountCreatePayload = default(ServiceAccountCreatePayload), string accessToken = default(string), bool throwOnError = true)
+   {
+      _logger.LogInformation($"Entered into {nameof(CreateServiceAccountAsync)}");
+
+      using var request = new HttpRequestMessage();
+
+      var queryParam = new Dictionary<string, object>();
+      request.RequestUri =
+         Marshalling.BuildRequestUri("/authentication/v2/service-accounts",
+            routeParameters: new Dictionary<string, object>
+            {
+            },
+            queryParameters: queryParam
+         );
+
+      request.Headers.TryAddWithoutValidation("Accept", "application/json");
+      request.Headers.TryAddWithoutValidation("User-Agent", "APS SDK/SECURE SERVICE ACCOUNT/C#/2.0.0");
+
+      if (!string.IsNullOrEmpty(accessToken))
+      {
+         request.Headers.TryAddWithoutValidation("Authorization", $"Bearer {accessToken}");
+      }
+
+      request.Content = Marshalling.Serialize(serviceAccountCreatePayload);
+
+      request.Method = HttpMethod.Post;
+
+      // Make the HTTP request.
+      var response = await Service.Client.SendAsync(request);
+
+      if (throwOnError)
+      {
+         try
+         {
+            await response.EnsureSuccessStatusCodeAsync();
+         }
+         catch (HttpRequestException ex)
+         {
+            throw new SecureServiceAccountApiException(ex.Message, response, ex);
+         }
+      }
+      else if (!response.IsSuccessStatusCode)
+      {
+         _logger.LogError($"Response unsuccess with status code: {response.StatusCode}");
+         return new ApiResponse<ServiceAccountCreated>(response, default(ServiceAccountCreated));
+      }
+      _logger.LogInformation($"Exited from {nameof(CreateServiceAccountAsync)} with response statusCode: {response.StatusCode}");
+      return new ApiResponse<ServiceAccountCreated>(response, await LocalMarshalling.DeserializeAsync<ServiceAccountCreated>(response.Content));
+   }
+
+   /// <summary>
+   /// Deletes an existing service account.
+   /// When a service account is deleted, all associated keys will also be deleted.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="HttpResponseMessage"/>&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<HttpResponseMessage> DeleteServiceAccountAsync(string serviceAccountId = default(string), string accessToken = default(string), bool throwOnError = true)
+   {
+      _logger.LogInformation($"Entered into {nameof(DeleteServiceAccountAsync)}");
+
+      using var request = new HttpRequestMessage();
+
+      var queryParam = new Dictionary<string, object>();
+      request.RequestUri =
+          Marshalling.BuildRequestUri("/authentication/v2/service-accounts/{serviceAccountId}",
+              routeParameters: new Dictionary<string, object>
+              {
+                  { "serviceAccountId", serviceAccountId},
+              },
+              queryParameters: queryParam
+          );
+
+      request.Headers.TryAddWithoutValidation("Accept", "application/json");
+      request.Headers.TryAddWithoutValidation("User-Agent", "APS SDK/SECURE SERVICE ACCOUNT/C#/2.0.0");
+
+      if (!string.IsNullOrEmpty(accessToken))
+      {
+         request.Headers.TryAddWithoutValidation("Authorization", $"Bearer {accessToken}");
+      }
+
+      request.Method = HttpMethod.Delete;
+
+      // Make the HTTP request.
+      var response = await Service.Client.SendAsync(request);
+
+      if (throwOnError)
+      {
+         try
+         {
+            await response.EnsureSuccessStatusCodeAsync();
+         }
+         catch (HttpRequestException ex)
+         {
+            throw new SecureServiceAccountApiException(ex.Message, response, ex);
+         }
+      }
+      else if (!response.IsSuccessStatusCode)
+      {
+         _logger.LogError($"Response unsuccess with status code: {response.StatusCode}");
+         return response;
+      }
+      _logger.LogInformation($"Exited from {nameof(DeleteServiceAccountAsync)} with response statusCode: {response.StatusCode}");
+      return response;
+   }
+
+   /// <summary>
+   /// Retrieves the details for a service account.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="ServiceAccount"/>&gt;&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<ApiResponse<ServiceAccount>> GetServiceAccountAsync(string serviceAccountId = default(string), string accessToken = default(string), bool throwOnError = true)
+   {
+      _logger.LogInformation($"Entered into {nameof(GetServiceAccountAsync)}");
+
+      using var request = new HttpRequestMessage();
+
+      var queryParam = new Dictionary<string, object>();
+      request.RequestUri =
+          Marshalling.BuildRequestUri("/authentication/v2/service-accounts/{serviceAccountId}",
+              routeParameters: new Dictionary<string, object>
+              {
+                  { "serviceAccountId", serviceAccountId},
+              },
+              queryParameters: queryParam
+          );
+
+      request.Headers.TryAddWithoutValidation("Accept", "application/json");
+      request.Headers.TryAddWithoutValidation("User-Agent", "APS SDK/SECURE SERVICE ACCOUNT/C#/2.0.0");
+
+      if (!string.IsNullOrEmpty(accessToken))
+      {
+         request.Headers.TryAddWithoutValidation("Authorization", $"Bearer {accessToken}");
+      }
+
+      request.Method = HttpMethod.Get;
+
+      // Make the HTTP request.
+      var response = await Service.Client.SendAsync(request);
+
+      if (throwOnError)
+      {
+         try
+         {
+            await response.EnsureSuccessStatusCodeAsync();
+         }
+         catch (HttpRequestException ex)
+         {
+            throw new SecureServiceAccountApiException(ex.Message, response, ex);
+         }
+      }
+      else if (!response.IsSuccessStatusCode)
+      {
+         _logger.LogError($"Response unsuccess with status code: {response.StatusCode}");
+         return new ApiResponse<ServiceAccount>(response, default(ServiceAccount));
+      }
+      _logger.LogInformation($"Exited from {nameof(GetServiceAccountAsync)} with response statusCode: {response.StatusCode}");
+      return new ApiResponse<ServiceAccount>(response, await LocalMarshalling.DeserializeAsync<ServiceAccount>(response.Content));
+   }
+
+   /// <summary>
+   /// Retrieves all service accounts associated with an application.
+   /// </summary>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="ServiceAccountsResponse"/>&gt;&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<ApiResponse<ServiceAccountsResponse>> GetServiceAccountsAsync(string accessToken = default(string), bool throwOnError = true)
+   {
+      _logger.LogInformation($"Entered into {nameof(GetServiceAccountsAsync)}");
+
+      using var request = new HttpRequestMessage();
+
+      var queryParam = new Dictionary<string, object>();
+      request.RequestUri =
+          Marshalling.BuildRequestUri("/authentication/v2/service-accounts",
+              routeParameters: new Dictionary<string, object>
+              {
+              },
+              queryParameters: queryParam
+          );
+
+      request.Headers.TryAddWithoutValidation("Accept", "application/json");
+      request.Headers.TryAddWithoutValidation("User-Agent", "APS SDK/SECURE SERVICE ACCOUNT/C#/2.0.0");
+
+      if (!string.IsNullOrEmpty(accessToken))
+      {
+         request.Headers.TryAddWithoutValidation("Authorization", $"Bearer {accessToken}");
+      }
+
+      request.Method = HttpMethod.Get;
+
+      // Make the HTTP request.
+      var response = await Service.Client.SendAsync(request);
+
+      string json = await response.Content.ReadAsStringAsync();
+
+      if (throwOnError)
+      {
+         try
+         {
+            await response.EnsureSuccessStatusCodeAsync();
+         }
+         catch (HttpRequestException ex)
+         {
+            throw new SecureServiceAccountApiException(ex.Message, response, ex);
+         }
+      }
+      else if (!response.IsSuccessStatusCode)
+      {
+         _logger.LogError($"Response unsuccess with status code: {response.StatusCode}");
+         return new ApiResponse<ServiceAccountsResponse>(response, default(ServiceAccountsResponse));
+      }
+      _logger.LogInformation($"Exited from {nameof(GetServiceAccountsAsync)} with response statusCode: {response.StatusCode}");
+      return new ApiResponse<ServiceAccountsResponse>(response, await LocalMarshalling.DeserializeAsync<ServiceAccountsResponse>(response.Content));
+   }
+
+   /// <summary>
+   /// Enables or disables a service account.
+   /// When a service account is in the disabled state, it loses its capability to manage its service account key.
+   /// Assertions signed by the key will be treated as invalid.
+   /// This operation allows enabling a service account that is in a diabled state.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="serviceAccountUpdatePayload">
+   /// Describes the updates to the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="HttpResponseMessage"/>&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<HttpResponseMessage> UpdateServiceAccountAsync(string serviceAccountId = default(string), ServiceAccountUpdatePayload serviceAccountUpdatePayload = default(ServiceAccountUpdatePayload), string accessToken = default(string), bool throwOnError = true)
+   {
+      _logger.LogInformation($"Entered into {nameof(UpdateServiceAccountAsync)}");
+
+      using var request = new HttpRequestMessage();
+
+      var queryParam = new Dictionary<string, object>();
+      request.RequestUri =
+          Marshalling.BuildRequestUri("/authentication/v2/service-accounts/{serviceAccountId}",
+              routeParameters: new Dictionary<string, object>
+              {
+                  { "serviceAccountId", serviceAccountId},
+              },
+              queryParameters: queryParam
+          );
+
+      request.Headers.TryAddWithoutValidation("Accept", "application/json");
+      request.Headers.TryAddWithoutValidation("User-Agent", "APS SDK/SECURE SERVICE ACCOUNT/C#/2.0.0");
+
+      if (!string.IsNullOrEmpty(accessToken))
+      {
+         request.Headers.TryAddWithoutValidation("Authorization", $"Bearer {accessToken}");
+      }
+
+      request.Content = Marshalling.Serialize(serviceAccountUpdatePayload);
+
+      request.Method = HttpMethod.Patch;
+
+      // Make the HTTP request.
+      var response = await Service.Client.SendAsync(request);
+
+      if (throwOnError)
+      {
+         try
+         {
+            await response.EnsureSuccessStatusCodeAsync();
+         }
+         catch (HttpRequestException ex)
+         {
+            throw new SecureServiceAccountApiException(ex.Message, response, ex);
+         }
+      }
+      else if (!response.IsSuccessStatusCode)
+      {
+         _logger.LogError($"Response unsuccess with status code: {response.StatusCode}");
+         return response;
+      }
+      _logger.LogInformation($"Exited from {nameof(UpdateServiceAccountAsync)} with response statusCode: {response.StatusCode}");
+      return response;
+   }
+}
diff --git a/authentication/secureserviceaccount/source/Http/ExchangeTokenApi.gen.cs b/authentication/secureserviceaccount/source/Http/ExchangeTokenApi.gen.cs
new file mode 100644
index 00000000..4ce9004a
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Http/ExchangeTokenApi.gen.cs
@@ -0,0 +1,290 @@
+/* 
+ * APS SDK
+ *
+ * The APS Platform contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Autodesk.Authentication.SecureServiceAccount.Client;
+using Autodesk.Authentication.SecureServiceAccount.Model;
+using Autodesk.Forge.Core;
+using Autodesk.SDKManager;
+using Microsoft.Extensions.Logging;
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Http;
+
+/// <summary>
+/// Represents a collection of functions to interact with the API endpoints
+/// </summary>
+public interface IExchangeTokenApi
+{
+   /// <summary>
+   /// Returns a three-legged access token for the JWT assertion you provide in the request body.
+   /// See the Developer’s Guide topic JWT Assertions for information on how to generate a JWT assertion for this operation.
+   /// This operation is only for confidential clients.
+   /// It requires Basic Authorization (client_id, client_secret).
+   /// Authentication information (client_id, client_secret) can be included either in the header or the body, but not both simultaneously.
+   /// </summary>
+   /// <param name="authorization">
+   /// Must be `Basic &lt;BASE64_ENCODED_STRING&gt;` where `&lt;BASE64_ENCODED_STRING&gt;` is the Base64 encoding of the concatenated string `&lt;CLIENT_ID&gt;:&lt;CLIENT_SECRET&gt;`.
+   /// This parameter is required only if client_id and client_secret are not provided in the request body.
+	/// (optional)
+   /// </param>
+   /// <param name="grantType">
+   /// Must be `urn:ietf:params:oauth:grant-type:jwt-bearer`.
+   /// </param>
+   /// <param name="assertion">
+   /// The value of the JWT assertion to exchange for a three-legged access-token. See JWT Assertions for instructions on how to generate a JWT assertion.
+   /// </param>
+   /// <param name="clientId">
+   /// An additional option where the client can either use the authorization header or opt to send this information in the body.
+	/// (optional)
+   /// </param>
+   /// <param name="clientSecret">
+   /// An additional option where the client can either use the authorization header or opt to send this information in the body.
+	/// (optional)
+   /// </param>
+   /// <param name="scopes">
+   /// A list of requested scopes.
+   /// See the [Developer's Guide documentation on scopes](/en/docs/oauth/v2/developers_guide/scopes/) for a list of valid values you can provide.
+   /// The scope in the token endpoint request body should be a subset of or the same as the scope specified in the assertion.
+   /// If the scope is not present, then the returned access token will have the same scope as the assertion.
+	/// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+	/// Thrown when fails to make API call.
+	/// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="ThreeLeggedToken"/>&gt;&gt;
+   /// </returns>
+   System.Threading.Tasks.Task<ApiResponse<ThreeLeggedToken>> ExchangeJwtAssertionAsync(string authorization = default(string), GrantType? grantType = null, string assertion = default(string), string clientId = default(string), string clientSecret = default(string), List<Scopes> scopes = null, bool throwOnError = true);
+}
+
+/// <summary>
+/// Represents a collection of functions to interact with the API endpoints.
+/// </summary>
+public partial class ExchangeTokenApi : IExchangeTokenApi
+{
+	private readonly ILogger _logger;
+
+   /// <summary>
+   /// Initializes a new instance of the <see cref="ExchangeTokenApi"/> class using <see cref="SDKManager.SDKManager"/>.
+   /// </summary>
+   /// <param name="sdkManager">
+	/// An instance of <see cref="SDKManager.SDKManager"/>.
+	/// </param>
+   public ExchangeTokenApi(SDKManager.SDKManager sdkManager)
+	{
+		Service = sdkManager.ApsClient.Service;
+		_logger = sdkManager.Logger;
+	}
+
+	private static void SetQueryParameter(string name, object value, Dictionary<string, object> dictionary)
+	{
+		if (value is Enum)
+		{
+			var type = value.GetType();
+			var memberInfos = type.GetMember(value.ToString());
+			var enumValueMemberInfo = memberInfos.FirstOrDefault(m => m.DeclaringType == type);
+			var valueAttributes = enumValueMemberInfo.GetCustomAttributes(typeof(EnumMemberAttribute), false);
+			if (valueAttributes.Length > 0)
+			{
+				dictionary.Add(name, ((EnumMemberAttribute)valueAttributes[0]).Value);
+			}
+		}
+		else if (value is int)
+		{
+			if ((int)value > 0)
+			{
+				dictionary.Add(name, value);
+			}
+		}
+		else if (value is IList)
+		{
+			if (value is List<string>)
+			{
+				dictionary.Add(name, string.Join(" ", (List<string>)value));
+			}
+			else
+			{
+				List<string> concatenatedList = [];
+				foreach (var x in (IList)value)
+				{
+					var type = x.GetType();
+					var memberInfos = type.GetMember(x.ToString());
+					var enumValueMemberInfo = memberInfos.FirstOrDefault(m => m.DeclaringType == type);
+					var valueAttributes = enumValueMemberInfo.GetCustomAttributes(typeof(EnumMemberAttribute), false);
+					concatenatedList.Add(((EnumMemberAttribute)valueAttributes[0]).Value);
+				}
+				dictionary.Add(name, string.Join(" ", concatenatedList));
+			}
+		}
+		else
+		{
+			if (value != null)
+			{
+				dictionary.Add(name, value);
+			}
+		}
+	}
+
+	private static void SetHeader(string baseName, object value, HttpRequestMessage request)
+	{
+		if (value is DateTime)
+		{
+			if ((DateTime)value != DateTime.MinValue)
+			{
+				request.Headers.TryAddWithoutValidation(baseName, LocalMarshalling.ParameterToString(value)); // header parameter
+			}
+		}
+		else
+		{
+			if (value != null)
+			{
+				if (!string.Equals(baseName, "Content-Range"))
+				{
+					request.Headers.TryAddWithoutValidation(baseName, LocalMarshalling.ParameterToString(value)); // header parameter
+				}
+				else
+				{
+					request.Content.Headers.Add(baseName, LocalMarshalling.ParameterToString(value));
+				}
+			}
+		}
+	}
+
+   /// <summary>
+   /// Gets or sets the <see cref="ApsConfiguration"/> object.
+   /// </summary>
+   /// <value>
+   /// An instance of the <see cref="ForgeService"/>.
+   /// </value>
+   public ForgeService Service { get; set; }
+
+   /// <summary>
+   /// Returns a three-legged access token for the JWT assertion you provide in the request body.
+   /// See the Developer’s Guide topic JWT Assertions for information on how to generate a JWT assertion for this operation.
+   /// This operation is only for confidential clients.
+   /// It requires Basic Authorization (client_id, client_secret).
+   /// Authentication information (client_id, client_secret) can be included either in the header or the body, but not both simultaneously.
+   /// </summary>
+   /// <param name="authorization">
+   /// Must be `Basic &lt;BASE64_ENCODED_STRING&gt;` where `&lt;BASE64_ENCODED_STRING&gt;` is the Base64 encoding of the concatenated string `&lt;CLIENT_ID&gt;:&lt;CLIENT_SECRET&gt;`.
+   /// This parameter is required only if client_id and client_secret are not provided in the request body.
+	/// (optional)
+   /// </param>
+   /// <param name="grantType">
+   /// Must be `urn:ietf:params:oauth:grant-type:jwt-bearer`.
+   /// </param>
+   /// <param name="assertion">
+   /// The value of the JWT assertion to exchange for a three-legged access-token. See JWT Assertions for instructions on how to generate a JWT assertion.
+   /// </param>
+   /// <param name="clientId">
+   /// An additional option where the client can either use the authorization header or opt to send this information in the body.
+	/// (optional)
+   /// </param>
+   /// <param name="clientSecret">
+   /// An additional option where the client can either use the authorization header or opt to send this information in the body.
+	/// (optional)
+   /// </param>
+   /// <param name="scopes">
+   /// A list of requested scopes.
+   /// See the [Developer's Guide documentation on scopes](/en/docs/oauth/v2/developers_guide/scopes/) for a list of valid values you can provide.
+   /// The scope in the token endpoint request body should be a subset of or the same as the scope specified in the assertion.
+   /// If the scope is not present, then the returned access token will have the same scope as the assertion.
+	/// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+	/// Thrown when fails to make API call.
+	/// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="ThreeLeggedToken"/>&gt;&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<ApiResponse<ThreeLeggedToken>> ExchangeJwtAssertionAsync(string authorization = default(string), GrantType? grantType = null, string assertion = default(string), string clientId = default(string), string clientSecret = default(string), List<Scopes> scopes = null, bool throwOnError = true)
+	{
+		_logger.LogInformation($"Entered into {nameof(ExchangeJwtAssertionAsync)}");
+
+      using var request = new HttpRequestMessage();
+
+      var queryParam = new Dictionary<string, object>();
+      request.RequestUri =
+         Marshalling.BuildRequestUri("/authentication/v2/token",
+            routeParameters: new Dictionary<string, object>
+            {
+            },
+            queryParameters: queryParam
+         );
+
+      request.Headers.TryAddWithoutValidation("Accept", "application/json");
+      request.Headers.TryAddWithoutValidation("User-Agent", "APS SDK/SECURE SERVICE ACCOUNT/C#/2.0.0");
+
+      if (!string.IsNullOrEmpty(authorization))
+      {
+         request.Headers.TryAddWithoutValidation("Authorization", $"Basic {authorization}");
+      }
+
+      var formParams = new Dictionary<string, object>();
+      // Convert grantType enum to string
+      SetQueryParameter("grant_type", grantType, formParams);
+      if (!string.IsNullOrEmpty(assertion)) { formParams.Add("assertion", assertion); }
+      // Convert scopes enum to string
+      SetQueryParameter("scope", scopes, formParams);
+      if (!string.IsNullOrEmpty(clientId) && string.IsNullOrEmpty(authorization)) { formParams.Add("client_id", clientId); }
+      if (!string.IsNullOrEmpty(clientSecret) && string.IsNullOrEmpty(authorization)) { formParams.Add("client_secret", clientSecret); }
+
+      request.Content = new FormUrlEncodedContent(new Dictionary<string, string>(formParams.ToDictionary(k => k.Key, k => k.Value.ToString())));
+
+      request.Method = HttpMethod.Post;
+
+      // Make the HTTP request.
+      var response = await Service.Client.SendAsync(request);
+
+      if (throwOnError)
+		{
+			try
+			{
+				await response.EnsureSuccessStatusCodeAsync();
+			}
+			catch (HttpRequestException ex)
+			{
+				throw new SecureServiceAccountApiException(ex.Message, response, ex);
+			}
+		}
+		else if (!response.IsSuccessStatusCode)
+		{
+			_logger.LogError($"Response unsuccess with status code: {response.StatusCode}");
+			return new ApiResponse<ThreeLeggedToken>(response, default(ThreeLeggedToken));
+		}
+		_logger.LogInformation($"Exited from {nameof(ExchangeJwtAssertionAsync)} with response statusCode: {response.StatusCode}");
+		return new ApiResponse<ThreeLeggedToken>(response, await LocalMarshalling.DeserializeAsync<ThreeLeggedToken>(response.Content));
+	}
+}
diff --git a/authentication/secureserviceaccount/source/Http/KeyManagementApi.gen.cs b/authentication/secureserviceaccount/source/Http/KeyManagementApi.gen.cs
new file mode 100644
index 00000000..f699288e
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Http/KeyManagementApi.gen.cs
@@ -0,0 +1,535 @@
+/* 
+ * APS SDK
+ *
+ * The APS Platform contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Autodesk.Authentication.SecureServiceAccount.Client;
+using Autodesk.Authentication.SecureServiceAccount.Model;
+using Autodesk.Forge.Core;
+using Microsoft.Extensions.Logging;
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Http;
+
+/// <summary>
+/// Represents a collection of functions to interact with the API endpoints
+/// </summary>
+public interface IKeyManagementApi
+{
+   /// <summary>
+   /// Creates a service account key.
+   /// A service account key is a public-private key pair, generated using RSA with a key length of 2048 bits by the Identity Authorization Service(AuthZ).
+   /// The private key is returned once during its creation.AuthZ only stores the public key.
+   /// A service account can have up to 3 keys at any given time.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="KeyCreated"/>&gt;&gt;
+   /// </returns>
+   System.Threading.Tasks.Task<ApiResponse<KeyCreated>> CreateKeyAsync(string serviceAccountId = default(string), string accessToken = default(string), bool throwOnError = true);
+
+   /// <summary>
+   /// Deletes an existing key.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="keyId">
+   /// The ID of the private key.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="HttpResponseMessage"/>&gt;
+   /// </returns>
+   System.Threading.Tasks.Task<HttpResponseMessage> DeleteKeyAsync(string serviceAccountId = default(string), string keyId = default(string), string accessToken = default(string), bool throwOnError = true);
+
+   /// <summary>
+   /// Lists all keys associated with the service account.
+   /// This operation will only return key metadata, not the private or public key.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="KeysResponse"/>&gt;&gt;
+   /// </returns>
+   System.Threading.Tasks.Task<ApiResponse<KeysResponse>> GetKeysAsync(string serviceAccountId = default(string), string accessToken = default(string), bool throwOnError = true);
+
+   /// <summary>
+   /// Deletes an existing key.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="keyId">
+   /// The ID of the private key.
+   /// </param>
+   /// <param name="keyUpdatePayload">
+   /// Describes the updates to the key associated with the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="HttpResponseMessage"/>&gt;
+   /// </returns>
+   System.Threading.Tasks.Task<HttpResponseMessage> UpdateKeyAsync(string serviceAccountId = default(string), string keyId = default(string), KeyUpdatePayload keyUpdatePayload = default(KeyUpdatePayload), string accessToken = default(string), bool throwOnError = true);
+}
+
+/// <summary>
+/// Represents a collection of functions to interact with the API endpoints
+/// </summary>
+public partial class KeyManagementApi : IKeyManagementApi
+{
+   private ILogger _logger;
+
+   /// <summary>
+   /// Initializes a new instance of the <see cref="KeyManagementApi"/> class
+   /// using SDKManager object
+   /// </summary>
+   /// <param name="sdkManager">
+   /// An instance of SDKManager
+   /// </param>
+   public KeyManagementApi(SDKManager.SDKManager sdkManager)
+   {
+      Service = sdkManager.ApsClient.Service;
+      _logger = sdkManager.Logger;
+   }
+
+   private void SetQueryParameter(string name, object value, Dictionary<string, object> dictionary)
+   {
+      if (value is Enum)
+      {
+         var type = value.GetType();
+         var memberInfos = type.GetMember(value.ToString());
+         var enumValueMemberInfo = memberInfos.FirstOrDefault(m => m.DeclaringType == type);
+         var valueAttributes = enumValueMemberInfo.GetCustomAttributes(typeof(EnumMemberAttribute), false);
+         if (valueAttributes.Length > 0)
+         {
+            dictionary.Add(name, ((EnumMemberAttribute)valueAttributes[0]).Value);
+         }
+      }
+      else if (value is int)
+      {
+         if ((int)value > 0)
+         {
+            dictionary.Add(name, value);
+         }
+      }
+      else if (value is IList)
+      {
+         if (value is List<string>)
+         {
+            dictionary.Add(name, string.Join(" ", (List<string>)value));
+         }
+         else
+         {
+            List<string> concatenatedList = [];
+            foreach (var x in (IList)value)
+            {
+               var type = x.GetType();
+               var memberInfos = type.GetMember(x.ToString());
+               var enumValueMemberInfo = memberInfos.FirstOrDefault(m => m.DeclaringType == type);
+               var valueAttributes = enumValueMemberInfo.GetCustomAttributes(typeof(EnumMemberAttribute), false);
+               concatenatedList.Add(((EnumMemberAttribute)valueAttributes[0]).Value);
+            }
+            dictionary.Add(name, string.Join(" ", concatenatedList));
+         }
+      }
+      else
+      {
+         if (value != null)
+         {
+            dictionary.Add(name, value);
+         }
+      }
+   }
+
+   private void SetHeader(string baseName, object value, HttpRequestMessage req)
+   {
+      if (value is DateTime)
+      {
+         if ((DateTime)value != DateTime.MinValue)
+         {
+            req.Headers.TryAddWithoutValidation(baseName, LocalMarshalling.ParameterToString(value)); // header parameter
+         }
+      }
+      else
+      {
+         if (value != null)
+         {
+            if (!string.Equals(baseName, "Content-Range"))
+            {
+               req.Headers.TryAddWithoutValidation(baseName, LocalMarshalling.ParameterToString(value)); // header parameter
+            }
+            else
+            {
+               req.Content.Headers.Add(baseName, LocalMarshalling.ParameterToString(value));
+            }
+         }
+      }
+   }
+
+   /// <summary>
+   /// Gets or sets the ApsConfiguration object
+   /// </summary>
+   /// <value>An instance of the ForgeService</value>
+   public ForgeService Service { get; set; }
+
+   /// <summary>
+   /// Creates a service account key.
+   /// A service account key is a public-private key pair, generated using RSA with a key length of 2048 bits by the Identity Authorization Service(AuthZ).
+   /// The private key is returned once during its creation.AuthZ only stores the public key.
+   /// A service account can have up to 3 keys at any given time.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="KeyCreated"/>&gt;&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<ApiResponse<KeyCreated>> CreateKeyAsync(string serviceAccountId = default(string), string accessToken = default(string), bool throwOnError = true)
+   {
+      _logger.LogInformation($"Entered into {nameof(CreateKeyAsync)}");
+
+      using var request = new HttpRequestMessage();
+
+      var queryParam = new Dictionary<string, object>();
+      request.RequestUri =
+          Marshalling.BuildRequestUri("/authentication/v2/service-accounts/{serviceAccountId}/keys",
+              routeParameters: new Dictionary<string, object>
+              {
+                  { "serviceAccountId", serviceAccountId},
+              },
+              queryParameters: queryParam
+          );
+
+      request.Headers.TryAddWithoutValidation("Accept", "application/json");
+      request.Headers.TryAddWithoutValidation("User-Agent", "APS SDK/SECURE SERVICE ACCOUNT/C#/2.0.0");
+
+      if (!string.IsNullOrEmpty(accessToken))
+      {
+         request.Headers.TryAddWithoutValidation("Authorization", $"Bearer {accessToken}");
+      }
+
+      request.Method = HttpMethod.Post;
+
+      // Make the HTTP request.
+      var response = await Service.Client.SendAsync(request);
+
+      if (throwOnError)
+      {
+         try
+         {
+            await response.EnsureSuccessStatusCodeAsync();
+         }
+         catch (HttpRequestException ex)
+         {
+            throw new SecureServiceAccountApiException(ex.Message, response, ex);
+         }
+      }
+      else if (!response.IsSuccessStatusCode)
+      {
+         _logger.LogError($"Response unsuccess with status code: {response.StatusCode}");
+         return new ApiResponse<KeyCreated>(response, default(KeyCreated));
+      }
+      _logger.LogInformation($"Exited from {nameof(CreateKeyAsync)} with response statusCode: {response.StatusCode}");
+      return new ApiResponse<KeyCreated>(response, await LocalMarshalling.DeserializeAsync<KeyCreated>(response.Content));
+   }
+
+   /// <summary>
+   /// Deletes an existing key.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="keyId">
+   /// The ID of the private key.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="HttpResponseMessage"/>&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<HttpResponseMessage> DeleteKeyAsync(string serviceAccountId = default(string), string keyId = default(string), string accessToken = default(string), bool throwOnError = true)
+   {
+      _logger.LogInformation($"Entered into {nameof(DeleteKeyAsync)}");
+
+      using var request = new HttpRequestMessage();
+
+      var queryParam = new Dictionary<string, object>();
+      request.RequestUri =
+          Marshalling.BuildRequestUri("/authentication/v2/service-accounts/{serviceAccountId}/keys/{keyId}",
+              routeParameters: new Dictionary<string, object>
+              {
+                  { "serviceAccountId", serviceAccountId},
+                  { "keyId", keyId },
+              },
+              queryParameters: queryParam
+          );
+
+      request.Headers.TryAddWithoutValidation("Accept", "application/json");
+      request.Headers.TryAddWithoutValidation("User-Agent", "APS SDK/SECURE SERVICE ACCOUNT/C#/2.0.0");
+
+      if (!string.IsNullOrEmpty(accessToken))
+      {
+         request.Headers.TryAddWithoutValidation("Authorization", $"Bearer {accessToken}");
+      }
+
+      request.Method = HttpMethod.Delete;
+
+      // Make the HTTP request.
+      var response = await Service.Client.SendAsync(request);
+
+      if (throwOnError)
+      {
+         try
+         {
+            await response.EnsureSuccessStatusCodeAsync();
+         }
+         catch (HttpRequestException ex)
+         {
+            throw new SecureServiceAccountApiException(ex.Message, response, ex);
+         }
+      }
+      else if (!response.IsSuccessStatusCode)
+      {
+         _logger.LogError($"Response unsuccess with status code: {response.StatusCode}");
+         return response;
+      }
+      _logger.LogInformation($"Exited from {nameof(DeleteKeyAsync)} with response statusCode: {response.StatusCode}");
+      return response;
+   }
+
+   /// <summary>
+   /// Lists all keys associated with the service account.
+   /// This operation will only return key metadata, not the private or public key.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="KeysResponse"/>&gt;&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<ApiResponse<KeysResponse>> GetKeysAsync(string serviceAccountId = default(string), string accessToken = default(string), bool throwOnError = true)
+   {
+      _logger.LogInformation($"Entered into {nameof(GetKeysAsync)}");
+
+      using var request = new HttpRequestMessage();
+
+      var queryParam = new Dictionary<string, object>();
+      request.RequestUri =
+          Marshalling.BuildRequestUri("/authentication/v2/service-accounts/{serviceAccountId}/keys",
+              routeParameters: new Dictionary<string, object>
+              {
+                  { "serviceAccountId", serviceAccountId},
+              },
+              queryParameters: queryParam
+          );
+
+      request.Headers.TryAddWithoutValidation("Accept", "application/json");
+      request.Headers.TryAddWithoutValidation("User-Agent", "APS SDK/SECURE SERVICE ACCOUNT/C#/2.0.0");
+
+      if (!string.IsNullOrEmpty(accessToken))
+      {
+         request.Headers.TryAddWithoutValidation("Authorization", $"Bearer {accessToken}");
+      }
+
+      request.Method = HttpMethod.Get;
+
+      // Make the HTTP request.
+      var response = await Service.Client.SendAsync(request);
+
+      if (throwOnError)
+      {
+         try
+         {
+            await response.EnsureSuccessStatusCodeAsync();
+         }
+         catch (HttpRequestException ex)
+         {
+            throw new SecureServiceAccountApiException(ex.Message, response, ex);
+         }
+      }
+      else if (!response.IsSuccessStatusCode)
+      {
+         _logger.LogError($"Response unsuccess with status code: {response.StatusCode}");
+         return new ApiResponse<KeysResponse>(response, default(KeysResponse));
+      }
+      _logger.LogInformation($"Exited from {nameof(GetKeysAsync)} with response statusCode: {response.StatusCode}");
+      return new ApiResponse<KeysResponse>(response, await LocalMarshalling.DeserializeAsync<KeysResponse>(response.Content));
+   }
+
+   /// <summary>
+   /// Deletes an existing key.
+   /// </summary>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="keyId">
+   /// The ID of the private key.
+   /// </param>
+   /// <param name="keyUpdatePayload">
+   /// Describes the updates to the key associated with the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="HttpResponseMessage"/>&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<HttpResponseMessage> UpdateKeyAsync(string serviceAccountId = default(string), string keyId = default(string), KeyUpdatePayload keyUpdatePayload = default(KeyUpdatePayload), string accessToken = default(string), bool throwOnError = true)
+   {
+      _logger.LogInformation($"Entered into {nameof(UpdateKeyAsync)}");
+
+      using var request = new HttpRequestMessage();
+
+      var queryParam = new Dictionary<string, object>();
+      request.RequestUri =
+          Marshalling.BuildRequestUri("/authentication/v2/service-accounts/{serviceAccountId}/keys/{keyId}",
+              routeParameters: new Dictionary<string, object>
+              {
+                  { "serviceAccountId", serviceAccountId},
+                  { "keyId", keyId },
+              },
+              queryParameters: queryParam
+          );
+
+      request.Headers.TryAddWithoutValidation("Accept", "application/json");
+      request.Headers.TryAddWithoutValidation("User-Agent", "APS SDK/SECURE SERVICE ACCOUNT/C#/2.0.0");
+
+      if (!string.IsNullOrEmpty(accessToken))
+      {
+         request.Headers.TryAddWithoutValidation("Authorization", $"Bearer {accessToken}");
+      }
+
+      request.Content = Marshalling.Serialize(keyUpdatePayload);
+
+      request.Method = HttpMethod.Patch;
+
+      // Make the HTTP request.
+      var response = await Service.Client.SendAsync(request);
+
+      if (throwOnError)
+      {
+         try
+         {
+            await response.EnsureSuccessStatusCodeAsync();
+         }
+         catch (HttpRequestException ex)
+         {
+            throw new SecureServiceAccountApiException(ex.Message, response, ex);
+         }
+      }
+      else if (!response.IsSuccessStatusCode)
+      {
+         _logger.LogError($"Response unsuccess with status code: {response.StatusCode}");
+         return response;
+      }
+      _logger.LogInformation($"Exited from {nameof(UpdateKeyAsync)} with response statusCode: {response.StatusCode}");
+      return response;
+   }
+}
diff --git a/authentication/secureserviceaccount/source/LocalMarshalling.cs b/authentication/secureserviceaccount/source/LocalMarshalling.cs
new file mode 100644
index 00000000..c5410e80
--- /dev/null
+++ b/authentication/secureserviceaccount/source/LocalMarshalling.cs
@@ -0,0 +1,109 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using System;
+using Newtonsoft.Json;
+using System.Net.Http;
+using System.Threading.Tasks;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Client;
+
+/// <summary>
+/// Helpers for marshalling parameters
+/// </summary>
+public partial class LocalMarshalling
+{
+	private JsonSerializerSettings _serializerSettings = new()
+	{
+		ConstructorHandling = ConstructorHandling.AllowNonPublicDefaultConstructor
+	};
+
+	/// <summary>
+	/// If parameter is DateTime, output in a formatted string (default ISO 8601)
+	/// Otherwise just return the string.
+	/// </summary>
+	/// <param name="obj">The parameter (header, path, query, form).</param>
+	/// <returns>Formatted string.</returns>
+	public static string ParameterToString(object obj)
+	{
+		if (obj is DateTime)
+		{
+			// https://docs.microsoft.com/en-us/dotnet/standard/base-types/standard-date-and-time-format-strings#Roundtrip
+			return ((DateTime)obj).ToString("o");
+		}
+		else
+		{
+			return Convert.ToString(obj);
+		}
+	}
+
+	public static async Task<T> DeserializeAsync<T>(HttpContent content)
+	{
+		ArgumentNullException.ThrowIfNull(content);
+
+		// Don't deserialize Stream - this is fix for download scenarios.
+		if (typeof(T) == typeof(System.IO.Stream))
+		{
+			return await (dynamic)content.ReadAsStreamAsync();
+		}
+
+		string mediaType = content.Headers.ContentType?.MediaType;
+		if (mediaType != "application/json" && mediaType != "text/plain")
+		{
+			throw new ArgumentException($"Content-Type must be application/json. '{mediaType}' was specified.");
+		}
+
+		var str = await content.ReadAsStringAsync();
+		return JsonConvert.DeserializeObject<T>(str);
+	}
+
+	/// <summary>
+	/// Deserialize the JSON string into a proper object.
+	/// </summary>
+	/// <param name="content">The HTTP response.</param>
+	/// <param name="type">Object type.</param>
+	/// <returns>Object representation of the JSON string.</returns>
+	public static object Deserialize(HttpContent content, Type type)
+	{
+		return JsonConvert.DeserializeObject(content.ReadAsStringAsync().Result, type);
+	}
+
+	/// <summary>
+	/// Serialize an input (model) into JSON string
+	/// </summary>
+	/// <param name="obj">Object.</param>
+	/// <returns>HttpContent</returns>
+	public static HttpContent Serialize(object obj, string contentType)
+	{
+		return new StringContent(JsonConvert.SerializeObject(obj));
+	}
+
+	public static string SetPathVariable(string path, string name, object value)
+	{
+		return path.Replace($"", value.ToString());
+	}
+
+	public static string AddQuery(string localVarPath, string v, string page)
+	{
+		throw new NotImplementedException();
+	}
+}
diff --git a/authentication/secureserviceaccount/source/Model/GrantType.gen.cs b/authentication/secureserviceaccount/source/Model/GrantType.gen.cs
new file mode 100644
index 00000000..339d6844
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/GrantType.gen.cs
@@ -0,0 +1,50 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using System.Runtime.Serialization;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Specifies the grant type you are requesting the code for. Possible values are: 
+///
+/// - `urn:ietf:params:oauth:grant-type:jwt-bearer` -  For a jwt-bearer access token.
+///
+/// </summary>
+/// <value>
+/// Specifies the grant type you are requesting the code for. Possible values are: 
+///
+/// - `urn:ietf:params:oauth:grant-type:jwt-bearer` -  For a jwt-bearer access token.
+///
+/// </value>
+[JsonConverter(typeof(StringEnumConverter))]
+public enum GrantType
+{
+   /// <summary>
+   /// Enum <see cref="JwtBearer"/> for value: urn:ietf:params:oauth:grant-type:jwt-bearer
+   /// </summary>
+   [EnumMember(Value = "urn:ietf:params:oauth:grant-type:jwt-bearer")]
+   JwtBearer,
+}
+
diff --git a/authentication/secureserviceaccount/source/Model/Key.gen.cs b/authentication/secureserviceaccount/source/Model/Key.gen.cs
new file mode 100644
index 00000000..d8cbe9b4
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/Key.gen.cs
@@ -0,0 +1,82 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Represents a key associated with the service account.
+/// </summary>
+[DataContract]
+public partial class Key
+{
+   /// <summary>
+   /// Initializes a new instance of the <see cref="Key" /> class.
+   /// </summary>
+   public Key()
+   { }
+
+   /// <summary>
+   /// The ID of the private key.
+   /// </summary>
+   /// <value>
+   /// The ID of the private key.
+   /// </value>
+   [DataMember(Name = "kid", EmitDefaultValue = false)]
+   public string Kid { get; set; }
+
+   /// <summary>
+   /// The status of the key. Possible values:
+   /// 
+   /// - `ENABLED` -
+   /// - `DISABLED` -
+   /// 
+   /// </summary>
+   /// <value>
+   /// The status of the key. Possible values:
+   /// 
+   /// - `ENABLED` -
+   /// - `DISABLED` -
+   /// 
+   /// </value>
+   [DataMember(Name = "status", EmitDefaultValue = true)]
+   public KeyStatus Status { get; set; }
+
+   /// <summary>
+   /// The creation time of the key, in UTC format.
+   /// </summary>
+   /// <value>
+   /// The creation time of the key, in UTC format.
+   /// </value>
+   [DataMember(Name = "createdAt", EmitDefaultValue = false)]
+   public string CreatedAt { get; set; }
+
+   /// <summary>
+   /// This is the most recent time an access token was generated for this service account key, in UTC format.
+   /// </summary>
+   /// <value>
+   /// This is the most recent time an access token was generated for this service account key, in UTC format.
+   /// </value>
+   [DataMember(Name = "accessedAt", EmitDefaultValue = false)]
+   public string AccessedAt { get; set; }
+}
diff --git a/authentication/secureserviceaccount/source/Model/KeyCreated.gen.cs b/authentication/secureserviceaccount/source/Model/KeyCreated.gen.cs
new file mode 100644
index 00000000..b43e6c00
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/KeyCreated.gen.cs
@@ -0,0 +1,56 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Represents a private key associated with the secure service account.
+/// </summary>
+[DataContract]
+public partial class KeyCreated
+{
+   /// <summary>
+   /// Initializes a new instance of the <see cref="KeyCreated" /> class.
+   /// </summary>
+   public KeyCreated()
+   { }
+
+   /// <summary>
+   /// The ID of the private key.
+   /// </summary>
+   /// <value>
+   /// The ID of the private key.
+   /// </value>
+   [DataMember(Name = "kid", EmitDefaultValue = false)]
+   public string Kid { get; set; }
+
+   /// <summary>
+   /// The private key value, in PEM format.
+   /// </summary>
+   /// <value>
+   /// The private key value, in PEM format.
+   /// </value>
+   [DataMember(Name = "privateKey", EmitDefaultValue = false)]
+   public string PrivateKey { get; set; }
+}
diff --git a/authentication/secureserviceaccount/source/Model/KeyStatus.gen.cs b/authentication/secureserviceaccount/source/Model/KeyStatus.gen.cs
new file mode 100644
index 00000000..86f91336
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/KeyStatus.gen.cs
@@ -0,0 +1,57 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using System.Runtime.Serialization;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Specifies the status of the key associated with the service account. Possible values:
+///
+/// - `ENABLED` -
+/// - `DISABLED` -
+///
+/// </summary>
+/// <value>
+/// Specifies the status of the key associated with the service account. Possible values:
+///
+/// - `ENABLED` -
+/// - `DISABLED` -
+///
+/// </value>
+[JsonConverter(typeof(StringEnumConverter))]
+public enum KeyStatus
+{
+   /// <summary>
+   /// Enum <see cref="Enabled"/> for value: ENABLED.
+   /// </summary>
+   [EnumMember(Value = "ENABLED")]
+   Enabled,
+
+   /// <summary>
+   /// Enum <see cref="Disabled"/> for value: DISABLED.
+   /// </summary>
+   [EnumMember(Value = "DISABLED")]
+   Disabled,
+}
diff --git a/authentication/secureserviceaccount/source/Model/KeyUpdatePayload.gen.cs b/authentication/secureserviceaccount/source/Model/KeyUpdatePayload.gen.cs
new file mode 100644
index 00000000..ea7dcf8c
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/KeyUpdatePayload.gen.cs
@@ -0,0 +1,67 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Newtonsoft.Json;
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Describes the updates to the key associated with the service account.
+/// </summary>
+[DataContract]
+public partial class KeyUpdatePayload
+{
+   /// <summary>
+   /// Initializes a new instance of the <see cref="KeyUpdatePayload" /> class.
+   /// </summary>
+   public KeyUpdatePayload()
+	{ }
+
+   /// <summary>
+   /// Gets or sets the status of the key associated with the service account. Possible values: 
+   ///
+   /// - `ENABLED` -
+   /// - `DISABLED` -
+   ///
+   /// </summary>
+   /// <value>
+   /// Gets or sets the status of the key associated with the service account. Possible values: 
+   ///
+   /// - `ENABLED` -
+   /// - `DISABLED` -
+   ///
+   /// </value>
+   [DataMember(Name = "status", EmitDefaultValue = true)]
+	public KeyStatus Status { get; set; }
+
+	/// <summary>
+	/// Returns the string presentation of the object.
+	/// </summary>
+	/// <returns>
+	/// String presentation of the object.
+	/// </returns>
+	public override string ToString()
+	{
+		return JsonConvert.SerializeObject(this, Formatting.Indented);
+	}
+}
diff --git a/authentication/secureserviceaccount/source/Model/KeysResponse.gen.cs b/authentication/secureserviceaccount/source/Model/KeysResponse.gen.cs
new file mode 100644
index 00000000..958d861c
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/KeysResponse.gen.cs
@@ -0,0 +1,60 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Newtonsoft.Json;
+using System.Collections.Generic;
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Represents the response object for a collection of keys associated with the service account.
+/// </summary>
+[DataContract]
+public partial class KeysResponse
+{
+   /// <summary>
+   /// Initializes a new instance of the <see cref="KeysResponse" /> class.
+   /// </summary>
+   public KeysResponse()
+	{ }
+
+   /// <summary>
+   /// A collection of keys associated with the service account.
+   /// </summary>
+   /// <value>
+   /// A collection of keys associated with the service account.
+   /// </value>
+   [DataMember(Name = "keys", EmitDefaultValue = false)]
+   public List<Key> Keys { get; set; }
+
+	/// <summary>
+	/// Returns the string presentation of the object.
+	/// </summary>
+	/// <returns>
+	/// String presentation of the object.
+	/// </returns>
+	public override string ToString()
+	{
+		return JsonConvert.SerializeObject(this, Formatting.Indented);
+	}
+}
diff --git a/authentication/secureserviceaccount/source/Model/Scopes.gen.cs b/authentication/secureserviceaccount/source/Model/Scopes.gen.cs
new file mode 100644
index 00000000..97551d52
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/Scopes.gen.cs
@@ -0,0 +1,166 @@
+/* 
+ * APS SDK
+ *
+ * The Forge Platform contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using System.Runtime.Serialization;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Specifies the scope for the token you are requesting.
+/// See the [Developer's Guide documentation on scopes](/en/docs/oauth/v2/developers_guide/scopes/) for a complete list of possible values.
+/// </summary>
+///<value>
+/// Specifies the scope for the token you are requesting.
+/// See the [Developer's Guide documentation on scopes](/en/docs/oauth/v2/developers_guide/scopes/) for a complete list of possible values.
+///</value>    
+[JsonConverter(typeof(StringEnumConverter))]
+public enum Scopes
+{
+
+   /// <summary>
+   /// Enum <see cref="UserRead"/> for value: user:read
+   /// </summary>
+   [EnumMember(Value = "user:read")]
+   UserRead,
+
+   /// <summary>
+   /// Enum <see cref="UserWrite"/> for value: user:write
+   /// </summary>
+   [EnumMember(Value = "user:write")]
+   UserWrite,
+
+   /// <summary>
+   /// Enum <see cref="UserProfileRead"/> for value: user-profile:read
+   /// </summary>
+   [EnumMember(Value = "user-profile:read")]
+   UserProfileRead,
+
+   /// <summary>
+   /// Enum <see cref="ViewablesRead"/> for value: viewables:read
+   /// </summary>
+   [EnumMember(Value = "viewables:read")]
+   ViewablesRead,
+
+   /// <summary>
+   /// Enum <see cref="DataRead"/> for value: data:read
+   /// </summary>
+   [EnumMember(Value = "data:read")]
+   DataRead,
+
+   /// <summary>
+   /// Enum <see cref="DataReadURNOFRESOURCE"/> for value: data:read:&lt;URN_OF_RESOURCE&gt;
+   /// </summary>
+   [EnumMember(Value = "data:read:<URN_OF_RESOURCE>")]
+   DataReadURNOFRESOURCE,
+
+   /// <summary>
+   /// Enum <see cref="DataWrite"/> for value: data:write
+   /// </summary>
+   [EnumMember(Value = "data:write")]
+   DataWrite,
+
+   /// <summary>
+   /// Enum <see cref="DataCreate"/> for value: data:create
+   /// </summary>
+   [EnumMember(Value = "data:create")]
+   DataCreate,
+
+   /// <summary>
+   /// Enum <see cref="DataSearch"/> for value: data:search
+   /// </summary>
+   [EnumMember(Value = "data:search")]
+   DataSearch,
+
+   /// <summary>
+   /// Enum <see cref="BucketCreate"/> for value: bucket:create
+   /// </summary>
+   [EnumMember(Value = "bucket:create")]
+   BucketCreate,
+
+   /// <summary>
+   /// Enum <see cref="BucketRead"/> for value: bucket:read
+   /// </summary>
+   [EnumMember(Value = "bucket:read")]
+   BucketRead,
+
+   /// <summary>
+   /// Enum <see cref="BucketUpdate"/> for value: bucket:update
+   /// </summary>
+   [EnumMember(Value = "bucket:update")]
+   BucketUpdate,
+
+   /// <summary>
+   /// Enum <see cref="BucketDelete"/> for value: bucket:delete
+   /// </summary>
+   [EnumMember(Value = "bucket:delete")]
+   BucketDelete,
+
+   /// <summary>
+   /// Enum <see cref="CodeAll"/> for value: code:all
+   /// </summary>
+   [EnumMember(Value = "code:all")]
+   CodeAll,
+
+   /// <summary>
+   /// Enum <see cref="AccountRead"/> for value: account:read
+   /// </summary>
+   [EnumMember(Value = "account:read")]
+   AccountRead,
+
+   /// <summary>
+   /// Enum <see cref="AccountWrite"/> for value: account:write
+   /// </summary>
+   [EnumMember(Value = "account:write")]
+   AccountWrite,
+
+   /// <summary>
+   /// Enum <see cref="OpenId"/> for value: openid
+   /// </summary>
+   [EnumMember(Value = "openid")]
+   OpenId,
+
+   /// <summary>
+   /// Enum <see cref="ApplicationServiceAccountRead"/> for value: application:service_account:read
+   /// </summary>
+   [EnumMember(Value = "application:service_account:read")]
+   ApplicationServiceAccountRead,
+
+   /// <summary>
+   /// Enum <see cref="ApplicationServiceAccountWrite"/> for value: application:service_account:write
+   /// </summary>
+   [EnumMember(Value = "application:service_account:write")]
+   ApplicationServiceAccountWrite,
+
+   /// <summary>
+   /// Enum <see cref="ApplicationServiceAccountKeyRead"/> for value: application:service_account_key:read
+   /// </summary>
+   [EnumMember(Value = "application:service_account_key:read")]
+   ApplicationServiceAccountKeyRead,
+
+   /// <summary>
+   /// Enum <see cref="ApplicationServiceAccountKeyWrite"/> for value: application:service_account_key:write
+   /// </summary>
+   [EnumMember(Value = "application:service_account_key:write")]
+   ApplicationServiceAccountKeyWrite,
+}
diff --git a/authentication/secureserviceaccount/source/Model/ServiceAccount.gen.cs b/authentication/secureserviceaccount/source/Model/ServiceAccount.gen.cs
new file mode 100644
index 00000000..c952e2f4
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/ServiceAccount.gen.cs
@@ -0,0 +1,121 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Newtonsoft.Json;
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Represents a service account.
+/// </summary>
+[DataContract]
+public partial class ServiceAccount
+{
+	/// <summary>
+	/// Initializes a new instance of the <see cref="ServiceAccount" /> class.
+	/// </summary>
+	public ServiceAccount()
+	{ }
+
+	/// <summary>
+	/// The Autodesk ID of the service account.
+	/// </summary>
+	/// <value>
+	/// The Autodesk ID of the service account.
+	/// </value>
+	[DataMember(Name = "serviceAccountId", EmitDefaultValue = false)]
+	public string ServiceAccountId { get; set; }
+
+	/// <summary>
+	/// The email address of the service account.
+	/// </summary>
+	/// <value>
+	/// The email address of the service account.
+	/// </value>
+	[DataMember(Name = "email", EmitDefaultValue = false)]
+	public string Email { get; set; }
+
+	/// <summary>
+	/// The client ID used to create the service account.
+	/// </summary>
+	/// <value>
+	/// The client ID used to create the service account.
+	/// </value>
+	[DataMember(Name = "createdBy", EmitDefaultValue = false)]
+	public string CreatedBy { get; set; }
+
+	/// <summary>
+	/// The status of the service account. Possible values:
+	/// 
+	/// - `ENABLED` -
+	/// - `DISABLED` -
+	/// 
+	/// </summary>
+	/// <value>
+	/// The status of the service account. Possible values:
+	/// 
+	/// - `ENABLED` -
+	/// - `DISABLED` -
+	/// 
+	/// </value>
+	[DataMember(Name = "status", EmitDefaultValue = true)]
+	public ServiceAccountStatus Status { get; set; }
+
+	/// <summary>
+	/// The creation time of the service account, in UTC format.
+	/// </summary>
+	/// <value>
+	/// The creation time of the service account, in UTC format.
+	/// </value>
+	[DataMember(Name = "createdAt", EmitDefaultValue = false)]
+	public string CreatedAt { get; set; }
+
+	/// <summary>
+	/// This is the most recent time an access token was generated for this service account, in UTC format.
+	/// </summary>
+	/// <value>
+	/// This is the most recent time an access token was generated for this service account, in UTC format.
+	/// </value>
+	[DataMember(Name = "accessedAt", EmitDefaultValue = false)]
+	public string AccessedAt { get; set; }
+
+	/// <summary>
+	/// The expiration time of the service account, in UTC format.
+	/// </summary>
+	/// <value>
+	/// The expiration time of the service account, in UTC format.
+	/// </value>
+	[DataMember(Name = "expiresAt", EmitDefaultValue = false)]
+	public string ExpiresAt { get; set; }
+
+	/// <summary>
+	/// Returns the string presentation of the object.
+	/// </summary>
+	/// <returns>
+	/// String presentation of the object.
+	/// </returns>
+	public override string ToString()
+	{
+		return JsonConvert.SerializeObject(this, Formatting.Indented);
+	}
+}
diff --git a/authentication/secureserviceaccount/source/Model/ServiceAccountCreatePayload.gen.cs b/authentication/secureserviceaccount/source/Model/ServiceAccountCreatePayload.gen.cs
new file mode 100644
index 00000000..f1203813
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/ServiceAccountCreatePayload.gen.cs
@@ -0,0 +1,111 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Newtonsoft.Json;
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Describes the creation of the service account.
+/// </summary>
+[DataContract]
+public partial class ServiceAccountCreatePayload
+{
+   /// <summary>
+   /// Initializes a new instance of the <see cref="ServiceAccountCreatePayload" /> class.
+   /// </summary>
+   public ServiceAccountCreatePayload()
+	{ }
+
+   /// <summary>
+   /// The name of the service account.
+   /// Must be 5-100 characters long, contain only alphanumeric characters and dashes, and include at least one alphanumeric character.
+   /// </summary>
+   /// <value>
+   /// The name of the service account.
+   /// Must be 5-100 characters long, contain only alphanumeric characters and dashes, and include at least one alphanumeric character.
+   /// </value>
+   [DataMember(Name = "name", EmitDefaultValue = false)]
+   public string Name { get; set; }
+
+   /// <summary>
+   /// The last name of the service account. For display purposes only.
+   /// Must meet the following conditions:
+   /// Length between 5 and 100 characters
+   /// Contain only alphanumeric characters and dashes
+   /// Include at least one alphanumeric character
+   /// Avoid inappropriate words
+   /// Exclude invalid characters such as the special characters % and /.
+   /// Avoid the character pattern of &amp;# even though the characters are allowed individually.
+   /// For more information, see the [Naming Guidelines](/en/docs/ssa/v1/developers_guide/naming-guidelines/) section in the Developer's Guide.
+   /// </summary>
+   /// <value>
+   /// The last name of the service account. For display purposes only.
+   /// Must meet the following conditions:
+   /// Length between 5 and 100 characters
+   /// Contain only alphanumeric characters and dashes
+   /// Include at least one alphanumeric character
+   /// Avoid inappropriate words
+   /// Exclude invalid characters such as the special characters % and /.
+   /// Avoid the character pattern of &amp;# even though the characters are allowed individually.
+   /// For more information, see the [Naming Guidelines](/en/docs/ssa/v1/developers_guide/naming-guidelines/) section in the Developer's Guide.
+   /// </value>
+   [DataMember(Name = "firstName", EmitDefaultValue = false)]
+   public string FirstName { get; set; }
+
+   /// <summary>
+   /// The last name of the service account. For display purposes only.
+   /// Must meet the following conditions:
+   /// Length between 5 and 100 characters
+   /// Contain only alphanumeric characters and dashes
+   /// Include at least one alphanumeric character
+   /// Avoid inappropriate words
+   /// Exclude invalid characters such as the special characters % and /.
+   /// Avoid the character pattern of &amp;# even though the characters are allowed individually.
+   /// For more information, see the [Naming Guidelines](/en/docs/ssa/v1/developers_guide/naming-guidelines/) section in the Developer's Guide.
+   /// </summary>
+   /// <value>
+   /// The last name of the service account. For display purposes only.
+   /// Must meet the following conditions:
+   /// Length between 5 and 100 characters
+   /// Contain only alphanumeric characters and dashes
+   /// Include at least one alphanumeric character
+   /// Avoid inappropriate words
+   /// Exclude invalid characters such as the special characters % and /.
+   /// Avoid the character pattern of &amp;# even though the characters are allowed individually.
+   /// For more information, see the [Naming Guidelines](/en/docs/ssa/v1/developers_guide/naming-guidelines/) section in the Developer's Guide.
+   /// </value>
+   [DataMember(Name = "lastName", EmitDefaultValue = false)]
+   public string LastName { get; set; }
+
+   /// <summary>
+   /// Returns the string presentation of the object.
+   /// </summary>
+   /// <returns>
+   /// String presentation of the object.
+   /// </returns>
+   public override string ToString()
+	{
+		return JsonConvert.SerializeObject(this, Formatting.Indented);
+	}
+}
diff --git a/authentication/secureserviceaccount/source/Model/ServiceAccountCreated.gen.cs b/authentication/secureserviceaccount/source/Model/ServiceAccountCreated.gen.cs
new file mode 100644
index 00000000..4dc7b0c9
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/ServiceAccountCreated.gen.cs
@@ -0,0 +1,70 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Newtonsoft.Json;
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Represents a Secure Service Account.
+/// </summary>
+[DataContract]
+public partial class ServiceAccountCreated
+{
+   /// <summary>
+   /// Initializes a new instance of the <see cref="ServiceAccountCreated" /> class.
+   /// </summary>
+   public ServiceAccountCreated()
+	{ }
+
+	/// <summary>
+	/// The Autodesk ID of the service account.
+	/// </summary>
+	/// <value>
+	/// The Autodesk ID of the service account.
+	/// </value>
+	[DataMember(Name = "serviceAccountId", EmitDefaultValue = false)]
+	public string ServiceAccountId { get; set; }
+
+   /// <summary>
+   /// The email address of the service account.
+   /// It is of the form {serviceAccountName}@{clientId}.adskserviceaccount.autodesk.com.
+   /// </summary>
+   /// <value>
+   /// The email address of the service account.
+   /// It is of the form {serviceAccountName}@{clientId}.adskserviceaccount.autodesk.com.
+   /// </value>
+   [DataMember(Name = "email", EmitDefaultValue = false)]
+	public string Email { get; set; }
+
+	/// <summary>
+	/// Returns the string presentation of the object.
+	/// </summary>
+	/// <returns>
+	/// String presentation of the object.
+	/// </returns>
+	public override string ToString()
+	{
+		return JsonConvert.SerializeObject(this, Formatting.Indented);
+	}
+}
diff --git a/authentication/secureserviceaccount/source/Model/ServiceAccountStatus.gen.cs b/authentication/secureserviceaccount/source/Model/ServiceAccountStatus.gen.cs
new file mode 100644
index 00000000..00b99140
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/ServiceAccountStatus.gen.cs
@@ -0,0 +1,57 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using System.Runtime.Serialization;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Converters;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Specifies the status of the key associated with the service account. Possible values:
+///
+/// - `ENABLED` -
+/// - `DISABLED` -
+///
+/// </summary>
+/// <value>
+/// Specifies the status of the key associated with the service account. Possible values:
+///
+/// - `ENABLED` -
+/// - `DISABLED` -
+///
+/// </value>
+[JsonConverter(typeof(StringEnumConverter))]
+public enum ServiceAccountStatus
+{
+	/// <summary>
+	/// Enum <see cref="Enabled"/> for value: ENABLED.
+	/// </summary>
+	[EnumMember(Value = "ENABLED")]
+	Enabled,
+
+	/// <summary>
+	/// Enum <see cref="Disabled"/> for value: DISABLED.
+	/// </summary>
+	[EnumMember(Value = "DISABLED")]
+	Disabled,
+}
diff --git a/authentication/secureserviceaccount/source/Model/ServiceAccountUpdatePayload.gen.cs b/authentication/secureserviceaccount/source/Model/ServiceAccountUpdatePayload.gen.cs
new file mode 100644
index 00000000..e7c2aae5
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/ServiceAccountUpdatePayload.gen.cs
@@ -0,0 +1,67 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Newtonsoft.Json;
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Describes the updates to the service account.
+/// </summary>
+[DataContract]
+public partial class ServiceAccountUpdatePayload
+{
+   /// <summary>
+   /// Initializes a new instance of the <see cref="ServiceAccountUpdatePayload" /> class.
+   /// </summary>
+   public ServiceAccountUpdatePayload()
+	{ }
+
+   /// <summary>
+	/// Gets or sets the status of the service account. Possible values:
+	/// 
+	/// - `ENABLED` -
+	/// - `DISABLED` -
+	/// 
+   /// </summary>
+   /// <value>
+	/// Gets or sets the status of the service account. Possible values:
+	/// 
+	/// - `ENABLED` -
+	/// - `DISABLED` -
+	/// 
+   /// </value>
+   [DataMember(Name = "status", EmitDefaultValue = true)]
+	public ServiceAccountStatus Status { get; set; }
+
+	/// <summary>
+	/// Returns the string presentation of the object.
+	/// </summary>
+	/// <returns>
+	/// String presentation of the object.
+	/// </returns>
+	public override string ToString()
+	{
+		return JsonConvert.SerializeObject(this, Formatting.Indented);
+	}
+}
diff --git a/authentication/secureserviceaccount/source/Model/ServiceAccountsResponse.gen.cs b/authentication/secureserviceaccount/source/Model/ServiceAccountsResponse.gen.cs
new file mode 100644
index 00000000..438e04d2
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/ServiceAccountsResponse.gen.cs
@@ -0,0 +1,60 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Newtonsoft.Json;
+using System.Collections.Generic;
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Represents the response object for a collection of service accounts.
+/// </summary>
+[DataContract]
+public partial class ServiceAccountsResponse
+{
+   /// <summary>
+   /// Initializes a new instance of the <see cref="ServiceAccountsResponse" /> class.
+   /// </summary>
+   public ServiceAccountsResponse()
+	{ }
+
+   /// <summary>
+   /// A collection of service accounts.
+   /// </summary>
+   /// <value>
+   /// A collection of service accounts.
+   /// </value>
+   [DataMember(Name = "serviceAccounts", EmitDefaultValue = false)]
+   public List<ServiceAccount> ServiceAccounts { get; set; }
+
+	/// <summary>
+	/// Returns the string presentation of the object.
+	/// </summary>
+	/// <returns>
+	/// String presentation of the object.
+	/// </returns>
+	public override string ToString()
+	{
+		return JsonConvert.SerializeObject(this, Formatting.Indented);
+	}
+}
diff --git a/authentication/secureserviceaccount/source/Model/ThreeLeggedToken.gen.cs b/authentication/secureserviceaccount/source/Model/ThreeLeggedToken.gen.cs
new file mode 100644
index 00000000..f86a39a1
--- /dev/null
+++ b/authentication/secureserviceaccount/source/Model/ThreeLeggedToken.gen.cs
@@ -0,0 +1,82 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using System.Runtime.Serialization;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Model;
+
+/// <summary>
+/// Represents a service account token.
+/// </summary>
+[DataContract]
+public partial class ThreeLeggedToken
+{
+   /// <summary>
+   /// Initializes a new instance of the <see cref="ThreeLeggedToken" /> class.
+   /// </summary>
+   public ThreeLeggedToken()
+   { }
+
+   private int? _expiresIn;
+
+   private long? _expiresAt;
+
+   /// <summary>
+   /// Access token time to expiration (in seconds).
+   /// </summary>
+   /// <value>
+   /// Access token time to expiration (in seconds).
+   /// </value>
+   [DataMember(Name = "expires_in", EmitDefaultValue = false)]
+   public int? ExpiresIn
+   {
+      get { return _expiresIn; }
+      set { _expiresIn = value; }
+   }
+
+   /// <summary>
+   /// Time the access token will expire at, in Unix seconds.
+   /// </summary>
+   /// <value>
+   /// Time the access token will expire at, in Unix seconds.
+   /// </value>
+   [DataMember(Name = "expires_at", EmitDefaultValue = false)]
+   public long? ExpiresAt { get { return _expiresAt; } }
+
+   /// <summary>
+   /// The access token.
+   /// </summary>
+   /// <value>
+   /// The access token.
+   /// </value>
+   [DataMember(Name = "access_token", EmitDefaultValue = false)]
+   public string AccessToken { get; set; }
+
+   /// <summary>
+   /// Will always be Bearer.
+   /// </summary>
+   /// <value>
+   /// Will always be Bearer.
+   /// </value>
+   [DataMember(Name = "token_type", EmitDefaultValue = false)]
+   public string TokenType { get; set; }
+}
diff --git a/authentication/secureserviceaccount/source/ServiceApiException.cs b/authentication/secureserviceaccount/source/ServiceApiException.cs
new file mode 100644
index 00000000..a57bee5a
--- /dev/null
+++ b/authentication/secureserviceaccount/source/ServiceApiException.cs
@@ -0,0 +1,51 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using System;
+using System.Net.Http;
+
+namespace Autodesk.Authentication.SecureServiceAccount;
+
+/// <summary>
+/// An object that is returned when an API call fails.
+/// </summary>
+public abstract class ServiceApiException : HttpRequestException
+{
+	public HttpResponseMessage HttpResponseMessage { get; set; }
+
+	public ServiceApiException(string message) : base(message) { }
+
+	public ServiceApiException(string message, HttpResponseMessage httpResponseMessage, Exception exception) : base(message, exception)
+	{
+		HttpResponseMessage = httpResponseMessage;
+	}
+}
+
+/// <summary>
+/// An object that is returned when an API call to the <see cref="SecureServiceAccount"/> service fails.
+/// </summary>
+public class SecureServiceAccountApiException : ServiceApiException
+{
+	public SecureServiceAccountApiException(string message) : base(message) { }
+
+	public SecureServiceAccountApiException(string message, HttpResponseMessage httpResponseMessage, Exception exception) : base(message, httpResponseMessage, exception) { }
+}
diff --git a/authentication/secureserviceaccount/source/ServiceCollectionExtensions.gen.cs b/authentication/secureserviceaccount/source/ServiceCollectionExtensions.gen.cs
new file mode 100644
index 00000000..c29daf7c
--- /dev/null
+++ b/authentication/secureserviceaccount/source/ServiceCollectionExtensions.gen.cs
@@ -0,0 +1,46 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Autodesk.Authentication.SecureServiceAccount.Http;
+using Autodesk.Forge.Core;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Autodesk.Authentication.SecureServiceAccount;
+
+public static class ServiceCollectionExtensions
+{
+   /// <summary>
+   /// Adds <see cref="SecureServiceAccountClient"/> and configures it with the given configuration.
+   /// </summary>
+   /// <param name="services"></param>
+   /// <param name="configuration"></param>
+   /// <returns></returns>
+   public static IHttpClientBuilder AddAuthentication(this IServiceCollection services, IConfiguration configuration)
+   {
+      services.AddTransient<IAccountManagementApi, AccountManagementApi>();
+      services.AddTransient<IExchangeTokenApi, ExchangeTokenApi>();
+      services.AddTransient<IKeyManagementApi, KeyManagementApi>();
+
+      return services.AddForgeService(configuration);
+   }
+}
diff --git a/authentication/secureserviceaccount/source/custom-code/SecureServiceAccountClient.cs b/authentication/secureserviceaccount/source/custom-code/SecureServiceAccountClient.cs
new file mode 100644
index 00000000..dbe6155f
--- /dev/null
+++ b/authentication/secureserviceaccount/source/custom-code/SecureServiceAccountClient.cs
@@ -0,0 +1,630 @@
+/* 
+ * APS SDK
+ *
+ * Autodesk Platform Services contains an expanding collection of web service components that can be used with Autodesk cloud-based products or your own technologies. Take advantage of Autodesk’s expertise in design and engineering.
+ *
+ * Authentication.SecureServiceAccount
+ *
+ * OAuth2 server-to-server account, key, and token management API.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using Autodesk.Authentication.SecureServiceAccount.Http;
+using Autodesk.Authentication.SecureServiceAccount.Model;
+using Autodesk.Forge.Core;
+using Autodesk.SDKManager;
+using Microsoft.IdentityModel.JsonWebTokens;
+using Microsoft.IdentityModel.Tokens;
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Net.Http;
+using System.Runtime.Serialization;
+using System.Security.Claims;
+using System.Security.Cryptography;
+
+namespace Autodesk.Authentication.SecureServiceAccount;
+
+/// <summary>
+/// Represents a collection of functions to interact with the API endpoints
+/// </summary>
+public class SecureServiceAccountClient : BaseClient
+{
+   /// <summary>
+   /// Gets the service account management API instance.
+   /// </summary>
+   public IAccountManagementApi AccountManagementApi { get; }
+
+   /// <summary>
+   /// Gets the key management API instance.
+   /// </summary>
+   public IKeyManagementApi KeyManagementApi { get; }
+
+   /// <summary>
+   /// Gets the exchange token API instance.
+   /// </summary>
+   public IExchangeTokenApi ExchangeTokenApi { get; }
+
+   /// <summary>
+   /// Initializes a new instance of the <see cref="SecureServiceAccountClient"/> class.
+   /// </summary>
+   /// <param name="sdkManager">
+   /// The SDK manager instance.
+   /// </param>
+   /// <param name="authenticationProvider">
+   /// The authentication provider instance.
+   /// </param>
+   public SecureServiceAccountClient(SDKManager.SDKManager sdkManager = default, IAuthenticationProvider authenticationProvider = default)
+      : base(authenticationProvider)
+   {
+      sdkManager ??= SdkManagerBuilder.Create().Build();
+
+      AccountManagementApi = new AccountManagementApi(sdkManager);
+      KeyManagementApi = new KeyManagementApi(sdkManager);
+      ExchangeTokenApi = new ExchangeTokenApi(sdkManager);
+   }
+
+   #region AccountManagementApi
+
+   /// <summary>
+   /// Creates a service account.
+   /// Only a server-to-server application can own service accounts.
+   /// An application can have up to 10 service accounts at any given time.
+   /// Upon a successful response, the operation returns the service account ID and email address.
+   /// </summary>
+   /// <remarks>
+   /// Required OAuth Scopes: <see cref="Scopes.ApplicationServiceAccountWrite"/>
+   /// </remarks>
+   /// <param name="serviceAccountCreatePayload">
+   /// Describes the creation of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="ServiceAccountCreated"/>&gt;&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<ServiceAccountCreated> CreateServiceAccountAsync(ServiceAccountCreatePayload serviceAccountCreatePayload = default(ServiceAccountCreatePayload), string accessToken = default(string), bool throwOnError = true)
+   {
+      if (string.IsNullOrEmpty(accessToken) && AuthenticationProvider == null)
+      {
+         throw new Exception("Please provide a valid access token or an authentication provider.");
+      }
+      else if (string.IsNullOrEmpty(accessToken))
+      {
+         accessToken = await AuthenticationProvider.GetAccessToken();
+      }
+
+      var response = await AccountManagementApi.CreateServiceAccountAsync(serviceAccountCreatePayload: serviceAccountCreatePayload, accessToken: accessToken, throwOnError: throwOnError);
+      return response.Content;
+   }
+
+   /// <summary>
+   /// Deletes an existing service account.
+   /// When a service account is deleted, all associated keys will also be deleted.
+   /// </summary>
+   /// <remarks>
+   /// Required OAuth Scopes: <see cref="Scopes.ApplicationServiceAccountWrite"/>
+   /// </remarks>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="HttpResponseMessage"/>&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<HttpResponseMessage> DeleteServiceAccountAsync(string serviceAccountId = default(string), string accessToken = default(string), bool throwOnError = true)
+   {
+      if (string.IsNullOrEmpty(accessToken) && AuthenticationProvider == null)
+      {
+         throw new Exception("Please provide a valid access token or an authentication provider.");
+      }
+      else if (string.IsNullOrEmpty(accessToken))
+      {
+         accessToken = await AuthenticationProvider.GetAccessToken();
+      }
+
+      var response = await AccountManagementApi.DeleteServiceAccountAsync(serviceAccountId: serviceAccountId, accessToken: accessToken, throwOnError: throwOnError);
+      return response;
+   }
+
+   /// <summary>
+   /// Retrieves the details for a service account.
+   /// </summary>
+   /// <remarks>
+   /// Required OAuth Scopes: <see cref="Scopes.ApplicationServiceAccountRead"/>
+   /// </remarks>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="ServiceAccount"/>&gt;&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<ServiceAccount> GetServiceAccountAsync(string serviceAccountId = default(string), string accessToken = default(string), bool throwOnError = true)
+   {
+      if (string.IsNullOrEmpty(accessToken) && AuthenticationProvider == null)
+      {
+         throw new Exception("Please provide a valid access token or an authentication provider.");
+      }
+      else if (string.IsNullOrEmpty(accessToken))
+      {
+         accessToken = await AuthenticationProvider.GetAccessToken();
+      }
+
+      var response = await AccountManagementApi.GetServiceAccountAsync(serviceAccountId: serviceAccountId, accessToken: accessToken, throwOnError: throwOnError);
+      return response.Content;
+   }
+
+   /// <summary>
+   /// Retrieves all service accounts associated with an application.
+   /// </summary>
+   /// <remarks>
+   /// Required OAuth Scopes: <see cref="Scopes.ApplicationServiceAccountRead"/>
+   /// </remarks>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ApiResponse"/>&lt;<see cref="ServiceAccountsResponse"/>&gt;&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<ServiceAccountsResponse> GetServiceAccountsAsync(string accessToken = default(string), bool throwOnError = true)
+   {
+      if (string.IsNullOrEmpty(accessToken) && AuthenticationProvider == null)
+      {
+         throw new Exception("Please provide a valid access token or an authentication provider.");
+      }
+      else if (string.IsNullOrEmpty(accessToken))
+      {
+         accessToken = await AuthenticationProvider.GetAccessToken();
+      }
+
+      var response = await AccountManagementApi.GetServiceAccountsAsync(accessToken: accessToken, throwOnError: throwOnError);
+      return response.Content;
+   }
+
+   /// <summary>
+   /// Enables or disables a service account.
+   /// When a service account is in the disabled state, it loses its capability to manage its service account key.
+   /// Assertions signed by the key will be treated as invalid.
+   /// This operation allows enabling a service account that is in a diabled state.
+   /// </summary>
+   /// <remarks>
+   /// Required OAuth Scopes: <see cref="Scopes.ApplicationServiceAccountWrite"/>
+   /// </remarks>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="serviceAccountUpdatePayload">
+   /// Describes the updates to the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <exception cref="HttpRequestException">
+   /// Thrown when fails to make API call.
+   /// </exception>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="HttpResponseMessage"/>&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<HttpResponseMessage> UpdateServiceAccountAsync(string serviceAccountId = default(string), ServiceAccountUpdatePayload serviceAccountUpdatePayload = default(ServiceAccountUpdatePayload), string accessToken = default(string), bool throwOnError = true)
+   {
+      if (string.IsNullOrEmpty(accessToken) && AuthenticationProvider == null)
+      {
+         throw new Exception("Please provide a valid access token or an authentication provider.");
+      }
+      else if (string.IsNullOrEmpty(accessToken))
+      {
+         accessToken = await AuthenticationProvider.GetAccessToken();
+      }
+
+      var response = await AccountManagementApi.UpdateServiceAccountAsync(serviceAccountId: serviceAccountId, serviceAccountUpdatePayload: serviceAccountUpdatePayload, accessToken: accessToken, throwOnError: throwOnError);
+      return response;
+   }
+
+   #endregion AccountManagementApi
+
+   #region KeyManagementApi
+
+   /// <summary>
+   /// Creates a service account key.
+   /// A service account key is a public-private key pair, generated using RSA with a key length of 2048 bits by the Identity Authorization Service(AuthZ).
+   /// The private key is returned once during its creation.AuthZ only stores the public key.
+   /// A service account can have up to 3 keys at any given time.
+   /// </summary>
+   /// <remarks>
+   /// Required OAuth Scopes: <see cref="Scopes.ApplicationServiceAccountKeyWrite"/>
+   /// </remarks>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="KeyCreated"/>&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<KeyCreated> CreateKeyAsync(string serviceAccountId = default(string), string accessToken = default(string), bool throwOnError = true)
+   {
+      if (string.IsNullOrEmpty(accessToken) && AuthenticationProvider == null)
+      {
+         throw new Exception("Please provide a valid access token or an authentication provider.");
+      }
+      else if (string.IsNullOrEmpty(accessToken))
+      {
+         accessToken = await AuthenticationProvider.GetAccessToken();
+      }
+
+      var response = await KeyManagementApi.CreateKeyAsync(serviceAccountId: serviceAccountId, accessToken: accessToken, throwOnError: throwOnError);
+      return response.Content;
+   }
+
+   /// <summary>
+   /// Deletes an existing key.
+   /// </summary>
+   /// <remarks>
+   /// Required OAuth Scopes: <see cref="Scopes.ApplicationServiceAccountKeyWrite"/>
+   /// </remarks>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="keyId">
+   /// The ID of the private key.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="HttpResponseMessage"/>&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<HttpResponseMessage> DeleteKeyAsync(string serviceAccountId = default(string), string keyId = default(string), string accessToken = default(string), bool throwOnError = true)
+   {
+      if (string.IsNullOrEmpty(accessToken) && AuthenticationProvider == null)
+      {
+         throw new Exception("Please provide a valid access token or an authentication provider.");
+      }
+      else if (string.IsNullOrEmpty(accessToken))
+      {
+         accessToken = await AuthenticationProvider.GetAccessToken();
+      }
+
+      var response = await KeyManagementApi.DeleteKeyAsync(serviceAccountId: serviceAccountId, keyId: keyId, accessToken: accessToken, throwOnError: throwOnError);
+      return response;
+   }
+
+   /// <summary>
+   /// Lists all keys associated with the service account.
+   /// This operation will only return key metadata, not the private or public key.
+   /// </summary>
+   /// <remarks>
+   /// Required OAuth Scopes: <see cref="Scopes.ApplicationServiceAccountKeyRead"/>
+   /// </remarks>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="KeysResponse"/>&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<KeysResponse> GetKeysAsync(string serviceAccountId = default(string), string accessToken = default(string), bool throwOnError = true)
+   {
+      if (string.IsNullOrEmpty(accessToken) && AuthenticationProvider == null)
+      {
+         throw new Exception("Please provide a valid access token or an authentication provider.");
+      }
+      else if (string.IsNullOrEmpty(accessToken))
+      {
+         accessToken = await AuthenticationProvider.GetAccessToken();
+      }
+
+      var response = await KeyManagementApi.GetKeysAsync(serviceAccountId: serviceAccountId, accessToken: accessToken, throwOnError: throwOnError);
+      return response.Content;
+   }
+
+   /// <summary>
+   /// Enables or disables a service account key.
+   /// </summary>
+   /// <remarks>
+   /// Required OAuth Scopes: <see cref="Scopes.ApplicationServiceAccountKeyWrite"/>
+   /// </remarks>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="keyId">
+   /// The ID of the private key.
+   /// </param>
+   /// <param name="keyUpdatePayload">
+   /// Describes the updates to the key.
+   /// </param>
+   /// <param name="accessToken">
+   /// An access token obtained by a call to GetTwoLeggedTokenAsync().
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="HttpResponseMessage"/>&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<HttpResponseMessage> UpdateKeyAsync(string serviceAccountId = default(string), string keyId = default(string), KeyUpdatePayload keyUpdatePayload = default(KeyUpdatePayload), string accessToken = default(string), bool throwOnError = true)
+   {
+      if (string.IsNullOrEmpty(accessToken) && AuthenticationProvider == null)
+      {
+         throw new Exception("Please provide a valid access token or an authentication provider.");
+      }
+      else if (string.IsNullOrEmpty(accessToken))
+      {
+         accessToken = await AuthenticationProvider.GetAccessToken();
+      }
+
+      var response = await KeyManagementApi.UpdateKeyAsync(serviceAccountId: serviceAccountId, keyId: keyId, keyUpdatePayload: keyUpdatePayload, accessToken: accessToken, throwOnError: throwOnError);
+      return response;
+   }
+
+   #endregion KeyManagementApi
+
+   #region ExchangeTokenApi
+
+   /// <summary>
+   /// Returns a three-legged access token for the JWT assertion you provide in the request body.
+   /// See the Developer’s Guide topic JWT Assertions for information on how to generate a JWT assertion for this operation.
+   /// This operation is only for confidential clients.
+   /// It requires Basic Authorization (client_id, client_secret).
+   /// Authentication information (client_id, client_secret) can be included either in the header or the body, but not both simultaneously.
+   /// </summary>
+   /// <remarks>
+   /// Required OAuth Scopes: None
+   /// </remarks>
+   /// <param name="authorization">
+   /// Must be `Basic &lt;BASE64_ENCODED_STRING&gt;` where `&lt;BASE64_ENCODED_STRING&gt;` is the Base64 encoding of the concatenated string `&lt;CLIENT_ID&gt;:&lt;CLIENT_SECRET&gt;`.
+   /// This parameter is required only if client_id and client_secret are not provided in the request body.
+   /// (optional)
+   /// </param>
+   /// <param name="grantType">
+   /// Must be `urn:ietf:params:oauth:grant-type:jwt-bearer`.
+   /// </param>
+   /// <param name="assertion">
+   /// The value of the JWT assertion to exchange for a three-legged access-token. See JWT Assertions for instructions on how to generate a JWT assertion.
+   /// </param>
+   /// <param name="clientId">
+   /// An additional option where the client can either use the authorization header or opt to send this information in the body.
+   /// (optional)
+   /// </param>
+   /// <param name="clientSecret">
+   /// An additional option where the client can either use the authorization header or opt to send this information in the body.
+   /// (optional)
+   /// </param>
+   /// <param name="scopes">
+   /// A URL-encoded space-delimited list of scopes.
+   /// The scope in the token endpoint request body should be a subset of or the same as the scope specified in the assertion.
+   /// If the scope is not present, then the returned access token will have the same scope as the assertion.
+   /// (optional)
+   /// </param>
+   /// <param name="throwOnError">
+   /// Indicates whether to throw an exception on error.
+   /// (optional)
+   /// </param>
+   /// <returns>
+   /// <see cref="System.Threading.Tasks.Task"/>&lt;<see cref="ThreeLeggedToken"/>&gt;
+   /// </returns>
+   public async System.Threading.Tasks.Task<ThreeLeggedToken> ExchangeJwtAssertionAsync(string authorization = default(string), GrantType? grantType = null, string assertion = default(string), string clientId = default(string), string clientSecret = default(string), List<Scopes> scopes = null, bool throwOnError = true)
+   {
+      var response = await ExchangeTokenApi.ExchangeJwtAssertionAsync(authorization: authorization, grantType: grantType, assertion: assertion, clientId: clientId, clientSecret: clientSecret, scopes: scopes, throwOnError: throwOnError);
+      return response.Content;
+   }
+
+   /// <summary>
+   /// Generates a JWT assertion which is a security token used to make verifiable claims about a subject.
+   /// It is cryptographically signed to ensure authenticity and integrity.
+   /// </summary>
+   /// <param name="clientId">
+   /// The Client ID of the calling application, as registered with APS.
+   /// </param>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="privateKey">
+   /// The RSA private key in PEM format (unencrypted PKCS#1 or PKCS#8).
+   /// </param>
+   /// <param name="keyId">
+   /// The ID of the private key.
+   /// </param>
+   /// <param name="scopes">
+   /// A list of requested scopes.
+   /// See the [Developer's Guide documentation on scopes](/en/docs/oauth/v2/developers_guide/scopes/) for a list of valid values you can provide.
+   ///</param>
+   /// <param name="lifetimeSeconds">
+   /// The token lifetime in seconds. Must be between 0 and 300 seconds (5 minutes).
+   /// </param>
+   /// <exception cref="ArgumentException">
+   /// Thrown when required parameters are missing or empty.
+   /// </exception>
+   /// <exception cref="ArgumentOutOfRangeException">
+   /// Thrown when <paramref name="lifetimeSeconds"/> is outside the allowed range of 0 to 300 seconds (5 minutes).
+   /// </exception>
+   /// <returns>
+   /// <see cref="string"/>
+   /// </returns>
+   public string GenerateJwtAssertion(
+      string clientId,
+      string serviceAccountId,
+      string privateKey,
+      string keyId,
+      List<Scopes> scopes,
+      long lifetimeSeconds = 300)
+   {
+      if (string.IsNullOrWhiteSpace(clientId))
+         throw new ArgumentException($"{nameof(clientId)} is required.", nameof(clientId));
+      if (string.IsNullOrWhiteSpace(serviceAccountId))
+         throw new ArgumentException($"{nameof(serviceAccountId)} is required.", nameof(serviceAccountId));
+      if (string.IsNullOrWhiteSpace(privateKey))
+         throw new ArgumentException($"{nameof(privateKey)} is required.", nameof(privateKey));
+      if (string.IsNullOrWhiteSpace(keyId))
+         throw new ArgumentException($"{nameof(keyId)} is required.", nameof(keyId));
+      if (lifetimeSeconds < 0 || lifetimeSeconds > 300)
+         throw new ArgumentOutOfRangeException(nameof(lifetimeSeconds), $"{nameof(lifetimeSeconds)} must be 0 to 300 seconds (5 minutes).");
+
+      using var rsa = RSA.Create();
+      rsa.ImportFromPem(privateKey.ToCharArray());
+
+      RsaSecurityKey rsaKey = new(rsa)
+      {
+         KeyId = keyId,
+      };
+
+      List<Claim> claims =
+      [
+         new(JwtRegisteredClaimNames.Sub, serviceAccountId),
+         new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
+      ];
+
+      foreach (var scope in scopes)
+      {
+         var memberInfo = typeof(Scopes).GetMember(scope.ToString()).FirstOrDefault();
+         var attribute = Attribute.GetCustomAttributes(memberInfo, typeof(EnumMemberAttribute)).FirstOrDefault();
+         claims.Add(new("scope", ((EnumMemberAttribute)attribute)?.Value));
+      }
+
+      var currentTime = DateTime.UtcNow;
+      var expirationTime = currentTime.AddSeconds(lifetimeSeconds);
+
+      SecurityTokenDescriptor securityTokenDescriptor = new()
+      {
+         Issuer = clientId,
+         Audience = "https://developer.api.autodesk.com/authentication/v2/token",
+         Subject = new ClaimsIdentity(claims),
+         IssuedAt = currentTime,
+         NotBefore = currentTime,
+         Expires = expirationTime,
+         SigningCredentials = new SigningCredentials(rsaKey, SecurityAlgorithms.RsaSha256)
+      };
+
+      return new JsonWebTokenHandler().CreateToken(securityTokenDescriptor);
+   }
+
+   /// <summary>
+   /// Generates a JWT assertion which is a security token used to make verifiable claims about a subject.
+   /// It is cryptographically signed to ensure authenticity and integrity.
+   /// </summary>
+   /// <param name="clientId">
+   /// The Client ID of the calling application, as registered with APS.
+   /// </param>
+   /// <param name="serviceAccountId">
+   /// The Autodesk ID of the service account.
+   /// </param>
+   /// <param name="privateKey">
+   /// The stream of the RSA private key in PEM format (unencrypted PKCS#1 or PKCS#8).
+   /// </param>
+   /// <param name="keyId">
+   /// The ID of the private key.
+   /// </param>
+   /// <param name="scopes">
+   /// A list of requested scopes.
+   /// See the [Developer's Guide documentation on scopes](/en/docs/oauth/v2/developers_guide/scopes/) for a list of valid values you can provide.
+   ///</param>
+   /// <param name="lifetimeSeconds">
+   /// The token lifetime in seconds. Must be between 0 and 300 seconds (5 minutes).
+   /// </param>
+   /// <exception cref="ArgumentException">
+   /// Thrown when required parameters are missing or empty.
+   /// </exception>
+   /// <exception cref="ArgumentOutOfRangeException">
+   /// Thrown when <paramref name="lifetimeSeconds"/> is outside the allowed range of 0 to 300 seconds (5 minutes).
+   /// </exception>
+   /// <returns>
+   /// <see cref="string"/>
+   /// </returns>
+   public string GenerateJwtAssertion(
+      string clientId,
+      string serviceAccountId,
+      Stream privateKey,
+      string keyId,
+      List<Scopes> scopes,
+      int lifetimeSeconds = 300)
+   {
+      if (privateKey is null || !privateKey.CanRead)
+         throw new ArgumentException($"{nameof(privateKey)} must be a readable stream.", nameof(privateKey));
+
+      if (privateKey.CanSeek && privateKey.Position != 0)
+         privateKey.Seek(0, SeekOrigin.Begin);
+
+      using StreamReader streamReader = new(privateKey, leaveOpen: true);
+      string privateKeyPem = streamReader.ReadToEnd();
+
+      return GenerateJwtAssertion(clientId, serviceAccountId, privateKeyPem, keyId, scopes, lifetimeSeconds);
+   }
+
+   #endregion ExchangeTokenApi
+
+}
\ No newline at end of file
diff --git a/authentication/secureserviceaccount/test/Autodesk.Authentication.SecureServiceAccount.Test.csproj b/authentication/secureserviceaccount/test/Autodesk.Authentication.SecureServiceAccount.Test.csproj
new file mode 100644
index 00000000..dee4972d
--- /dev/null
+++ b/authentication/secureserviceaccount/test/Autodesk.Authentication.SecureServiceAccount.Test.csproj
@@ -0,0 +1,20 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <RootNamespace>Autodesk.Authentication.Test</RootNamespace>
+    <IsPackable>false</IsPackable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" />
+    <PackageReference Include="MSTest.TestAdapter" />
+    <PackageReference Include="MSTest.TestFramework" />
+    <PackageReference Include="coverlet.collector" />
+  </ItemGroup>
+	
+  <ItemGroup>
+    <ProjectReference Include="..\source\Autodesk.Authentication.SecureServiceAccount.csproj" />
+  </ItemGroup>
+
+</Project>
diff --git a/authentication/secureserviceaccount/test/TestSecureServiceAccount.cs b/authentication/secureserviceaccount/test/TestSecureServiceAccount.cs
new file mode 100644
index 00000000..a6c1b359
--- /dev/null
+++ b/authentication/secureserviceaccount/test/TestSecureServiceAccount.cs
@@ -0,0 +1,175 @@
+using Autodesk.Authentication.SecureServiceAccount.Model;
+using Autodesk.SDKManager;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using System.Net;
+using System.Text;
+
+namespace Autodesk.Authentication.SecureServiceAccount.Test;
+
+[TestClass]
+public class TestSecureServiceAccount
+{
+   private static SecureServiceAccountClient _secureServiceAccountClient = null!;
+
+   private readonly string? _clientId = Environment.GetEnvironmentVariable("clientId");
+   private readonly string? _clientSecret = Environment.GetEnvironmentVariable("clientSecret");
+   private readonly string? _twoLeggedToken = Environment.GetEnvironmentVariable("twoLeggedToken");
+
+   private readonly string? _serviceAccountName = Environment.GetEnvironmentVariable("serviceAccountName");
+   private readonly string? _serviceAccountFirstName = Environment.GetEnvironmentVariable("serviceAccountFirstName");
+   private readonly string? _serviceAccountLastName = Environment.GetEnvironmentVariable("serviceAccountLastName");
+   private readonly string? _serviceAccountId = Environment.GetEnvironmentVariable("serviceAccountId");
+
+   private readonly string? _pathToPrivateKeyFile = Environment.GetEnvironmentVariable("pathToPrivateKeyFile");
+   private readonly string? _keyId = Environment.GetEnvironmentVariable("keyId");
+
+   [ClassInitialize]
+   public static void ClassInitialize(TestContext testContext)
+   {
+      SDKManager.SDKManager sdkManager = SdkManagerBuilder
+         .Create()
+         .Add(new ApsConfiguration())
+         .Add(ResiliencyConfiguration.CreateDefault())
+         .Build();
+
+      _secureServiceAccountClient = new SecureServiceAccountClient(sdkManager);
+   }
+
+   #region AccountManagementApi
+
+   [TestMethod]
+   public async Task TestCreateServiceAccountAsync()
+   {
+      ServiceAccountCreatePayload serviceAccountCreatePayload = new()
+      {
+         Name = _serviceAccountName,
+         FirstName = _serviceAccountFirstName,
+         LastName = _serviceAccountLastName,
+      };
+
+      ServiceAccountCreated serviceAccount = await _secureServiceAccountClient.CreateServiceAccountAsync(
+         serviceAccountCreatePayload: serviceAccountCreatePayload,
+         accessToken: _twoLeggedToken);
+      Assert.IsNotNull(serviceAccount);
+   }
+
+   [TestMethod]
+   public async Task TestDeleteServiceAccountAsync()
+   {
+      HttpResponseMessage httpResponseMessage = await _secureServiceAccountClient.DeleteServiceAccountAsync(
+         serviceAccountId: _serviceAccountId,
+         accessToken: _twoLeggedToken);
+      Assert.IsTrue(httpResponseMessage.StatusCode == HttpStatusCode.NoContent);
+   }
+
+   [TestMethod]
+   public async Task TestGetServiceAccountAsync()
+   {
+      ServiceAccount serviceAccount = await _secureServiceAccountClient.GetServiceAccountAsync(
+         serviceAccountId: _serviceAccountId,
+         accessToken: _twoLeggedToken);
+      Assert.IsNotNull(serviceAccount);
+   }
+
+   [TestMethod]
+   public async Task TestGetServiceAccountsAsync()
+   {
+      ServiceAccountsResponse serviceAccounts = await _secureServiceAccountClient.GetServiceAccountsAsync(
+         accessToken: _twoLeggedToken);
+      Assert.IsInstanceOfType<ServiceAccountsResponse>(serviceAccounts);
+   }
+
+   [TestMethod]
+   public async Task TestUpdateServiceAccountAsync()
+   {
+      ServiceAccountUpdatePayload serviceAccountUpdatePayload = new()
+      {
+         Status = ServiceAccountStatus.Enabled,
+      };
+
+      HttpResponseMessage httpResponseMessage = await _secureServiceAccountClient.UpdateServiceAccountAsync(
+          serviceAccountId: _serviceAccountId,
+          serviceAccountUpdatePayload: serviceAccountUpdatePayload,
+          accessToken: _twoLeggedToken);
+      Assert.IsTrue(httpResponseMessage.StatusCode == HttpStatusCode.OK);
+   }
+
+   #endregion AccountManagementApi
+
+   #region KeyManagementApi
+
+   [TestMethod]
+   public async Task TestCreateKeyAsync()
+   {
+      KeyCreated key = await _secureServiceAccountClient.CreateKeyAsync(
+         serviceAccountId: _serviceAccountId,
+         accessToken: _twoLeggedToken);
+      Assert.IsNotNull(key);
+   }
+
+   [TestMethod]
+   public async Task TestDeleteKeyAsync()
+   {
+      HttpResponseMessage httpResponseMessage = await _secureServiceAccountClient.DeleteKeyAsync(
+         serviceAccountId: _serviceAccountId,
+         keyId: _keyId,
+         accessToken: _twoLeggedToken);
+      Assert.IsTrue(httpResponseMessage.StatusCode == HttpStatusCode.NoContent);
+   }
+
+   [TestMethod]
+   public async Task TestGetKeysAsync()
+   {
+      KeysResponse keys = await _secureServiceAccountClient.GetKeysAsync(
+         serviceAccountId: _serviceAccountId,
+         accessToken: _twoLeggedToken);
+      Assert.IsInstanceOfType<KeysResponse>(keys);
+   }
+
+   [TestMethod]
+   public async Task TestUpdateKeyAsync()
+   {
+      KeyUpdatePayload keyUpdatePayload = new()
+      {
+         Status = KeyStatus.Enabled,
+      };
+
+      HttpResponseMessage httpResponseMessage = await _secureServiceAccountClient.UpdateKeyAsync(
+          serviceAccountId: _serviceAccountId,
+          keyId: _keyId,
+          keyUpdatePayload: keyUpdatePayload,
+          accessToken: _twoLeggedToken);
+      Assert.IsTrue(httpResponseMessage.StatusCode == HttpStatusCode.NoContent);
+   }
+
+   #endregion KeyManagementApi
+
+   #region ExchangeTokenApi
+
+   [TestMethod]
+   public async Task TestExchangeJwtAssertion()
+   {
+      string authorization = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{_clientId}:{_clientSecret}"));
+      List<Scopes> scopes = [Scopes.DataCreate, Scopes.DataRead, Scopes.DataWrite];
+
+      using var fileStream = File.OpenRead(_pathToPrivateKeyFile);
+      string assertion = _secureServiceAccountClient.GenerateJwtAssertion(
+         clientId: _clientId,
+         serviceAccountId: _serviceAccountId,
+         privateKey: fileStream,
+         keyId: _keyId,
+         scopes: scopes);
+
+      ThreeLeggedToken threeLeggedToken = await _secureServiceAccountClient.ExchangeJwtAssertionAsync(
+         authorization: authorization,
+         grantType: GrantType.JwtBearer,
+         assertion: assertion,
+         clientId: _clientId,
+         clientSecret: _clientSecret,
+         scopes: scopes);
+      Assert.IsNotNull(threeLeggedToken);
+   }
+
+   #endregion ExchangeTokenApi
+
+}
\ No newline at end of file

From 1b2e2abe6e8a36f1e67999f83804d49837f847c7 Mon Sep 17 00:00:00 2001
From: Tyler Warner <tylerwarner33@gmail.com>
Date: Thu, 30 Oct 2025 05:20:08 -0500
Subject: [PATCH 2/2] Correct 'RootNamespace' in test project file

---
 .../Autodesk.Authentication.SecureServiceAccount.Test.csproj    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authentication/secureserviceaccount/test/Autodesk.Authentication.SecureServiceAccount.Test.csproj b/authentication/secureserviceaccount/test/Autodesk.Authentication.SecureServiceAccount.Test.csproj
index dee4972d..cf0ae003 100644
--- a/authentication/secureserviceaccount/test/Autodesk.Authentication.SecureServiceAccount.Test.csproj
+++ b/authentication/secureserviceaccount/test/Autodesk.Authentication.SecureServiceAccount.Test.csproj
@@ -2,7 +2,7 @@
   <PropertyGroup>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
-    <RootNamespace>Autodesk.Authentication.Test</RootNamespace>
+    <RootNamespace>Autodesk.Authentication.SecureServiceAccount.Test</RootNamespace>
     <IsPackable>false</IsPackable>
   </PropertyGroup>