diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5ed399fe..d9d08e52 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@ nylas-python Changelog
 v6.0.0b9
 ----------------
 * Add support for sending drafts
+* Changed `client_secret` to optional for token exchange methods; defaults to API Key now
 
 v6.0.0b8
 ----------------
diff --git a/nylas/models/auth.py b/nylas/models/auth.py
index 377a034d..27a0e4f1 100644
--- a/nylas/models/auth.py
+++ b/nylas/models/auth.py
@@ -61,14 +61,14 @@ class CodeExchangeRequest(TypedDict):
         redirect_uri: Should match the same redirect URI that was used for getting the code during the initial authorization request.
         code: OAuth 2.0 code fetched from the previous step.
         client_id: Client ID of the application.
-        client_secret: Client secret of the application.
+        client_secret: Client secret of the application. If not provided, the API Key will be used instead.
         code_verifier: The original plain text code verifier (code_challenge) used in the initial authorization request (PKCE).
     """
 
     redirect_uri: str
     code: str
     client_id: str
-    client_secret: str
+    client_secret: NotRequired[str]
     code_verifier: NotRequired[str]
 
 
@@ -80,13 +80,13 @@ class TokenExchangeRequest(TypedDict):
         redirect_uri: Should match the same redirect URI that was used for getting the code during the initial authorization request.
         refresh_token: Token to refresh/request your short-lived access token
         client_id: Client ID of the application.
-        client_secret: Client secret of the application.
+        client_secret: Client secret of the application. If not provided, the API Key will be used instead.
     """
 
     redirect_uri: str
     refresh_token: str
     client_id: str
-    client_secret: str
+    client_secret: NotRequired[str]
 
 
 @dataclass_json
diff --git a/nylas/resources/auth.py b/nylas/resources/auth.py
index e63b4ddd..b7d1e389 100644
--- a/nylas/resources/auth.py
+++ b/nylas/resources/auth.py
@@ -84,6 +84,8 @@ def exchange_code_for_token(
         Returns:
             Information about the Nylas application
         """
+        if "client_secret" not in request:
+            request["client_secret"] = self._http_client.api_key
 
         request_body = dict(request)
         request_body["grant_type"] = "authorization_code"
@@ -122,6 +124,8 @@ def refresh_access_token(
         Returns:
             The response containing the new access token.
         """
+        if "client_secret" not in request:
+            request["client_secret"] = self._http_client.api_key
 
         request_body = dict(request)
         request_body["grant_type"] = "refresh_token"