zernio-dev
diff --git a/‎.openapi-generator/FILES‎
Lines changed: 0 additions & 2 deletions b/‎.openapi-generator/FILES‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 2 deletions b/‎README.md‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎api/openapi.yaml‎
Lines changed: 25 additions & 38 deletions b/‎api/openapi.yaml‎
Lines changed: 25 additions & 38 deletions
diff --git a/‎docs/ConnectApi.md‎
Lines changed: 20 additions & 16 deletions b/‎docs/ConnectApi.md‎
Lines changed: 20 additions & 16 deletions
diff --git a/‎docs/SelectGoogleBusinessLocationRequest.md‎
Lines changed: 1 addition & 2 deletions b/‎docs/SelectGoogleBusinessLocationRequest.md‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎openapi.yaml‎
Lines changed: 27 additions & 28 deletions b/‎openapi.yaml‎
Lines changed: 27 additions & 28 deletions
diff --git a/‎pom.xml‎
Lines changed: 1 addition & 1 deletion b/‎pom.xml‎
Lines changed: 1 addition & 1 deletion
@@ -576,7 +576,6 @@ docs/SelectFacebookPageRequestUserProfile.md
 docs/SelectGoogleBusinessLocation200Response.md
 docs/SelectGoogleBusinessLocation200ResponseAccount.md
 docs/SelectGoogleBusinessLocationRequest.md
-docs/SelectGoogleBusinessLocationRequestUserProfile.md
 docs/SelectLinkedInOrganization200Response.md
 docs/SelectLinkedInOrganization200ResponseAccount.md
 docs/SelectLinkedInOrganization200ResponseBulkRefresh.md
@@ -1400,7 +1399,6 @@ src/main/java/dev/zernio/model/SelectFacebookPageRequestUserProfile.java
 src/main/java/dev/zernio/model/SelectGoogleBusinessLocation200Response.java
 src/main/java/dev/zernio/model/SelectGoogleBusinessLocation200ResponseAccount.java
 src/main/java/dev/zernio/model/SelectGoogleBusinessLocationRequest.java
-src/main/java/dev/zernio/model/SelectGoogleBusinessLocationRequestUserProfile.java
 src/main/java/dev/zernio/model/SelectLinkedInOrganization200Response.java
 src/main/java/dev/zernio/model/SelectLinkedInOrganization200ResponseAccount.java
 src/main/java/dev/zernio/model/SelectLinkedInOrganization200ResponseBulkRefresh.java
 
@@ -4,7 +4,7 @@ Zernio API
 
 - API version: 1.0.1
 
-- Build date: 2026-04-07T11:02:59.333343802Z[Etc/UTC]
+- Build date: 2026-04-08T08:46:29.621751381Z[Etc/UTC]
 
 - Generator version: 7.19.0
 
@@ -1195,7 +1195,6 @@ Class | Method | HTTP request | Description
  - [SelectGoogleBusinessLocation200Response](docs/SelectGoogleBusinessLocation200Response.md)
  - [SelectGoogleBusinessLocation200ResponseAccount](docs/SelectGoogleBusinessLocation200ResponseAccount.md)
  - [SelectGoogleBusinessLocationRequest](docs/SelectGoogleBusinessLocationRequest.md)
- - [SelectGoogleBusinessLocationRequestUserProfile](docs/SelectGoogleBusinessLocationRequestUserProfile.md)
  - [SelectLinkedInOrganization200Response](docs/SelectLinkedInOrganization200Response.md)
  - [SelectLinkedInOrganization200ResponseAccount](docs/SelectLinkedInOrganization200ResponseAccount.md)
  - [SelectLinkedInOrganization200ResponseBulkRefresh](docs/SelectLinkedInOrganization200ResponseBulkRefresh.md)
 
@@ -4390,23 +4390,35 @@ paths:
       - application/json
   /v1/connect/googlebusiness/locations:
     get:
-      description: For headless flows. Returns the list of GBP locations the user
-        can manage. Use X-Connect-Token if connecting via API key.
+      description: |
+        For headless flows. Returns the list of GBP locations the user can manage. Use pendingDataToken (from the OAuth callback redirect) to list locations without consuming the token, so it remains available for select-location. Use X-Connect-Token header if connecting via API key.
       operationId: listGoogleBusinessLocations
       parameters:
-      - description: Profile ID from your connection flow
+      - description: Profile ID from your connection flow. Required for auth validation
+          when provided.
         explode: true
         in: query
         name: profileId
-        required: true
+        required: false
         schema:
           type: string
         style: form
-      - description: Temporary Google access token from the OAuth callback redirect
+      - description: Token from the OAuth callback redirect. Preferred over tempToken
+          because it preserves server-side token storage. One of pendingDataToken
+          or tempToken is required.
+        explode: true
+        in: query
+        name: pendingDataToken
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: Legacy. Direct Google access token. Use pendingDataToken instead
+          when available.
         explode: true
         in: query
         name: tempToken
-        required: true
+        required: false
         schema:
           type: string
         style: form
@@ -4446,23 +4458,16 @@ paths:
       - application/json
   /v1/connect/googlebusiness/select-location:
     post:
-      description: Complete the headless flow by saving the user's selected GBP location.
-        Include userProfile from the OAuth redirect (contains refresh token). Use
-        X-Connect-Token if connecting via API key.
+      description: |
+        Complete the headless GBP flow by saving the user's selected location. The pendingDataToken is returned in your redirect URL after OAuth completes (step=select_location). Tokens and profile data are stored server-side, so only the pendingDataToken is needed here. Use X-Connect-Token header if connecting via API key.
       operationId: selectGoogleBusinessLocation
       requestBody:
         content:
           application/json:
             example:
               profileId: 507f1f77bcf86cd799439011
               locationId: "9281089117903930794"
-              tempToken: ya29.xxxxx...
-              userProfile:
-                id: "113303573364907650416"
-                name: John Doe
-                refreshToken: 1//0gxxxxx...
-                tokenExpiresIn: 3599
-                scope: https://www.googleapis.com/auth/business.manage
+              pendingDataToken: a1b2c3d4e5f6...
               redirect_url: https://yourdomain.com/integrations/callback
             schema:
               $ref: "#/components/schemas/selectGoogleBusinessLocation_request"
@@ -23591,23 +23596,6 @@ components:
           items:
             $ref: "#/components/schemas/listGoogleBusinessLocations_200_response_locations_inner"
           type: array
-    selectGoogleBusinessLocation_request_userProfile:
-      description: Decoded user profile from the OAuth callback. Contains the refresh
-        token. Always include this field.
-      properties:
-        id:
-          type: string
-        name:
-          type: string
-        refreshToken:
-          description: Google refresh token for long-lived access
-          type: string
-        tokenExpiresIn:
-          description: Token expiration time in seconds
-          type: integer
-        scope:
-          description: Granted OAuth scopes
-          type: string
     selectGoogleBusinessLocation_request:
       properties:
         profileId:
@@ -23616,19 +23604,18 @@ components:
         locationId:
           description: The Google Business location ID selected by the user
           type: string
-        tempToken:
-          description: Temporary Google access token from OAuth
+        pendingDataToken:
+          description: Token from the OAuth callback redirect (pendingDataToken query
+            param). Tokens and profile data are retrieved server-side from this token.
           type: string
-        userProfile:
-          $ref: "#/components/schemas/selectGoogleBusinessLocation_request_userProfile"
         redirect_url:
           description: Optional custom redirect URL to return to after selection
           format: uri
           type: string
       required:
       - locationId
+      - pendingDataToken
       - profileId
-      - tempToken
     selectGoogleBusinessLocation_200_response_account:
       example:
         accountId: accountId
 
@@ -2509,11 +2509,11 @@ ApiResponse<[**ListFacebookPages200Response**](ListFacebookPages200Response.md)>
 
 ## listGoogleBusinessLocations
 
-> ListGoogleBusinessLocations200Response listGoogleBusinessLocations(profileId, tempToken)
+> ListGoogleBusinessLocations200Response listGoogleBusinessLocations(profileId, pendingDataToken, tempToken)
 
 List GBP locations
 
-For headless flows. Returns the list of GBP locations the user can manage. Use X-Connect-Token if connecting via API key.
+For headless flows. Returns the list of GBP locations the user can manage. Use pendingDataToken (from the OAuth callback redirect) to list locations without consuming the token, so it remains available for select-location. Use X-Connect-Token header if connecting via API key. 
 
 ### Example
 
@@ -2542,10 +2542,11 @@ public class Example {
         bearerAuth.setBearerToken("BEARER TOKEN");
 
         ConnectApi apiInstance = new ConnectApi(defaultClient);
-        String profileId = "profileId_example"; // String | Profile ID from your connection flow
-        String tempToken = "tempToken_example"; // String | Temporary Google access token from the OAuth callback redirect
+        String profileId = "profileId_example"; // String | Profile ID from your connection flow. Required for auth validation when provided.
+        String pendingDataToken = "pendingDataToken_example"; // String | Token from the OAuth callback redirect. Preferred over tempToken because it preserves server-side token storage. One of pendingDataToken or tempToken is required.
+        String tempToken = "tempToken_example"; // String | Legacy. Direct Google access token. Use pendingDataToken instead when available.
         try {
-            ListGoogleBusinessLocations200Response result = apiInstance.listGoogleBusinessLocations(profileId, tempToken);
+            ListGoogleBusinessLocations200Response result = apiInstance.listGoogleBusinessLocations(profileId, pendingDataToken, tempToken);
             System.out.println(result);
         } catch (ApiException e) {
             System.err.println("Exception when calling ConnectApi#listGoogleBusinessLocations");
@@ -2563,8 +2564,9 @@ public class Example {
 
 | Name | Type | Description  | Notes |
 |------------- | ------------- | ------------- | -------------|
-| **profileId** | **String**| Profile ID from your connection flow | |
-| **tempToken** | **String**| Temporary Google access token from the OAuth callback redirect | |
+| **profileId** | **String**| Profile ID from your connection flow. Required for auth validation when provided. | [optional] |
+| **pendingDataToken** | **String**| Token from the OAuth callback redirect. Preferred over tempToken because it preserves server-side token storage. One of pendingDataToken or tempToken is required. | [optional] |
+| **tempToken** | **String**| Legacy. Direct Google access token. Use pendingDataToken instead when available. | [optional] |
 
 ### Return type
 
@@ -2590,11 +2592,11 @@ public class Example {
 
 ## listGoogleBusinessLocationsWithHttpInfo
 
-> ApiResponse<ListGoogleBusinessLocations200Response> listGoogleBusinessLocations listGoogleBusinessLocationsWithHttpInfo(profileId, tempToken)
+> ApiResponse<ListGoogleBusinessLocations200Response> listGoogleBusinessLocations listGoogleBusinessLocationsWithHttpInfo(profileId, pendingDataToken, tempToken)
 
 List GBP locations
 
-For headless flows. Returns the list of GBP locations the user can manage. Use X-Connect-Token if connecting via API key.
+For headless flows. Returns the list of GBP locations the user can manage. Use pendingDataToken (from the OAuth callback redirect) to list locations without consuming the token, so it remains available for select-location. Use X-Connect-Token header if connecting via API key. 
 
 ### Example
 
@@ -2624,10 +2626,11 @@ public class Example {
         bearerAuth.setBearerToken("BEARER TOKEN");
 
         ConnectApi apiInstance = new ConnectApi(defaultClient);
-        String profileId = "profileId_example"; // String | Profile ID from your connection flow
-        String tempToken = "tempToken_example"; // String | Temporary Google access token from the OAuth callback redirect
+        String profileId = "profileId_example"; // String | Profile ID from your connection flow. Required for auth validation when provided.
+        String pendingDataToken = "pendingDataToken_example"; // String | Token from the OAuth callback redirect. Preferred over tempToken because it preserves server-side token storage. One of pendingDataToken or tempToken is required.
+        String tempToken = "tempToken_example"; // String | Legacy. Direct Google access token. Use pendingDataToken instead when available.
         try {
-            ApiResponse<ListGoogleBusinessLocations200Response> response = apiInstance.listGoogleBusinessLocationsWithHttpInfo(profileId, tempToken);
+            ApiResponse<ListGoogleBusinessLocations200Response> response = apiInstance.listGoogleBusinessLocationsWithHttpInfo(profileId, pendingDataToken, tempToken);
             System.out.println("Status code: " + response.getStatusCode());
             System.out.println("Response headers: " + response.getHeaders());
             System.out.println("Response body: " + response.getData());
@@ -2647,8 +2650,9 @@ public class Example {
 
 | Name | Type | Description  | Notes |
 |------------- | ------------- | ------------- | -------------|
-| **profileId** | **String**| Profile ID from your connection flow | |
-| **tempToken** | **String**| Temporary Google access token from the OAuth callback redirect | |
+| **profileId** | **String**| Profile ID from your connection flow. Required for auth validation when provided. | [optional] |
+| **pendingDataToken** | **String**| Token from the OAuth callback redirect. Preferred over tempToken because it preserves server-side token storage. One of pendingDataToken or tempToken is required. | [optional] |
+| **tempToken** | **String**| Legacy. Direct Google access token. Use pendingDataToken instead when available. | [optional] |
 
 ### Return type
 
@@ -3317,7 +3321,7 @@ ApiResponse<[**SelectFacebookPage200Response**](SelectFacebookPage200Response.md
 
 Select GBP location
 
-Complete the headless flow by saving the user&#39;s selected GBP location. Include userProfile from the OAuth redirect (contains refresh token). Use X-Connect-Token if connecting via API key.
+Complete the headless GBP flow by saving the user&#39;s selected location. The pendingDataToken is returned in your redirect URL after OAuth completes (step&#x3D;select_location). Tokens and profile data are stored server-side, so only the pendingDataToken is needed here. Use X-Connect-Token header if connecting via API key. 
 
 ### Example
 
@@ -3398,7 +3402,7 @@ public class Example {
 
 Select GBP location
 
-Complete the headless flow by saving the user&#39;s selected GBP location. Include userProfile from the OAuth redirect (contains refresh token). Use X-Connect-Token if connecting via API key.
+Complete the headless GBP flow by saving the user&#39;s selected location. The pendingDataToken is returned in your redirect URL after OAuth completes (step&#x3D;select_location). Tokens and profile data are stored server-side, so only the pendingDataToken is needed here. Use X-Connect-Token header if connecting via API key. 
 
 ### Example
 
 
@@ -9,8 +9,7 @@
 |------------ | ------------- | ------------- | -------------|
 |**profileId** | **String** | Profile ID from your connection flow |  |
 |**locationId** | **String** | The Google Business location ID selected by the user |  |
-|**tempToken** | **String** | Temporary Google access token from OAuth |  |
-|**userProfile** | [**SelectGoogleBusinessLocationRequestUserProfile**](SelectGoogleBusinessLocationRequestUserProfile.md) |  |  [optional] |
+|**pendingDataToken** | **String** | Token from the OAuth callback redirect (pendingDataToken query param). Tokens and profile data are retrieved server-side from this token. |  |
 |**redirectUrl** | **URI** | Optional custom redirect URL to return to after selection |  [optional] |
 
 
 
@@ -7209,18 +7209,27 @@ paths:
       operationId: listGoogleBusinessLocations
       tags: [Connect]
       summary: List GBP locations
-      description: For headless flows. Returns the list of GBP locations the user can manage. Use X-Connect-Token if connecting via API key.
+      description: >
+        For headless flows. Returns the list of GBP locations the user can manage.
+        Use pendingDataToken (from the OAuth callback redirect) to list locations
+        without consuming the token, so it remains available for select-location.
+        Use X-Connect-Token header if connecting via API key.
       parameters:
         - name: profileId
           in: query
-          required: true
+          required: false
           schema: { type: string }
-          description: Profile ID from your connection flow
+          description: Profile ID from your connection flow. Required for auth validation when provided.
+        - name: pendingDataToken
+          in: query
+          required: false
+          schema: { type: string }
+          description: Token from the OAuth callback redirect. Preferred over tempToken because it preserves server-side token storage. One of pendingDataToken or tempToken is required.
         - name: tempToken
           in: query
-          required: true
+          required: false
           schema: { type: string }
-          description: Temporary Google access token from the OAuth callback redirect
+          description: Legacy. Direct Google access token. Use pendingDataToken instead when available.
       security:
         - bearerAuth: []
         - connectToken: []
@@ -7267,47 +7276,37 @@ paths:
       operationId: selectGoogleBusinessLocation
       tags: [Connect]
       summary: Select GBP location
-      description: Complete the headless flow by saving the user's selected GBP location. Include userProfile from the OAuth redirect (contains refresh token). Use X-Connect-Token if connecting via API key.
+      description: >
+        Complete the headless GBP flow by saving the user's selected location.
+        The pendingDataToken is returned in your redirect URL after OAuth completes
+        (step=select_location). Tokens and profile data are stored server-side,
+        so only the pendingDataToken is needed here. Use X-Connect-Token header
+        if connecting via API key.
       requestBody:
         required: true
         content:
           application/json:
             schema:
               type: object
-              required: [profileId, locationId, tempToken]
+              required: [profileId, locationId, pendingDataToken]
               properties:
-                profileId: 
+                profileId:
                   type: string
                   description: Profile ID from your connection flow
-                locationId: 
+                locationId:
                   type: string
                   description: The Google Business location ID selected by the user
-                tempToken: 
+                pendingDataToken:
                   type: string
-                  description: Temporary Google access token from OAuth
-                userProfile: 
-                  type: object
-                  description: Decoded user profile from the OAuth callback. Contains the refresh token. Always include this field.
-                  properties:
-                    id: { type: string }
-                    name: { type: string }
-                    refreshToken: { type: string, description: Google refresh token for long-lived access }
-                    tokenExpiresIn: { type: integer, description: Token expiration time in seconds }
-                    scope: { type: string, description: Granted OAuth scopes }
-                redirect_url: 
+                  description: Token from the OAuth callback redirect (pendingDataToken query param). Tokens and profile data are retrieved server-side from this token.
+                redirect_url:
                   type: string
                   format: uri
                   description: Optional custom redirect URL to return to after selection
             example:
               profileId: "507f1f77bcf86cd799439011"
               locationId: "9281089117903930794"
-              tempToken: "ya29.xxxxx..."
-              userProfile:
-                id: "113303573364907650416"
-                name: "John Doe"
-                refreshToken: "1//0gxxxxx..."
-                tokenExpiresIn: 3599
-                scope: "https://www.googleapis.com/auth/business.manage"
+              pendingDataToken: "a1b2c3d4e5f6..."
               redirect_url: "https://yourdomain.com/integrations/callback"
       security:
         - bearerAuth: []
 
@@ -5,7 +5,7 @@
     <artifactId>zernio-sdk</artifactId>
     <packaging>jar</packaging>
     <name>zernio-sdk</name>
-    <version>0.0.122</version>
+    <version>0.0.123</version>
     <url>https://github.com/openapitools/openapi-generator</url>
     <description>OpenAPI Java</description>
     <scm>