diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json
index 6fe7c11d5c..0ab7566e35 100644
--- a/output/openapi/elasticsearch-openapi.json
+++ b/output/openapi/elasticsearch-openapi.json
@@ -41002,6 +41002,18 @@
         "summary": "Grant an API key",
         "description": "Create an API key on behalf of another user.\nThis API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API.\nThe caller must have authentication credentials for the user on whose behalf the API key will be created.\nIt is not possible to use this API to create an API key without that user's credentials.\nThe supported user authentication credential types are:\n\n* username and password\n* Elasticsearch access tokens\n* JWTs\n\nThe user, for whom the authentication credentials is provided, can optionally \"run as\" (impersonate) another user.\nIn this case, the API key will be created on behalf of the impersonated user.\n\nThis API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.\nThe API keys are created by the Elasticsearch API key service, which is automatically enabled.\n\nA successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.\n\n## Required authorization\n\n* Cluster privileges: `grant_api_key`\n",
         "operationId": "security-grant-api-key",
+        "parameters": [
+          {
+            "in": "query",
+            "name": "refresh",
+            "description": "If 'true', Elasticsearch refreshes the affected shards to make this operation\nvisible to search.\nIf 'wait_for', it waits for a refresh to make this operation visible to search.\nIf 'false', nothing is done with refreshes.",
+            "deprecated": false,
+            "schema": {
+              "$ref": "#/components/schemas/_types.Refresh"
+            },
+            "style": "form"
+          }
+        ],
         "requestBody": {
           "content": {
             "application/json": {
diff --git a/output/schema/schema.json b/output/schema/schema.json
index ece07a6e15..061cf78d7b 100644
--- a/output/schema/schema.json
+++ b/output/schema/schema.json
@@ -236791,8 +236791,22 @@
         "namespace": "security.grant_api_key"
       },
       "path": [],
-      "query": [],
-      "specLocation": "security/grant_api_key/SecurityGrantApiKeyRequest.ts#L24-L92"
+      "query": [
+        {
+          "description": "If 'true', Elasticsearch refreshes the affected shards to make this operation\nvisible to search.\nIf 'wait_for', it waits for a refresh to make this operation visible to search.\nIf 'false', nothing is done with refreshes.",
+          "name": "refresh",
+          "required": false,
+          "serverDefault": "false",
+          "type": {
+            "kind": "instance_of",
+            "type": {
+              "name": "Refresh",
+              "namespace": "_types"
+            }
+          }
+        }
+      ],
+      "specLocation": "security/grant_api_key/SecurityGrantApiKeyRequest.ts#L24-L102"
     },
     {
       "kind": "response",
diff --git a/output/schema/validation-errors.json b/output/schema/validation-errors.json
index 505ac26363..facd36ca97 100644
--- a/output/schema/validation-errors.json
+++ b/output/schema/validation-errors.json
@@ -47,12 +47,6 @@
       ],
       "response": []
     },
-    "security.grant_api_key": {
-      "request": [
-        "Request: missing json spec query parameter 'refresh'"
-      ],
-      "response": []
-    },
     "snapshot.repository_analyze": {
       "request": [
         "Request: query parameter 'register_operation_count' does not exist in the json spec"
diff --git a/output/typescript/types.ts b/output/typescript/types.ts
index 724cb185bb..321f9fa0e1 100644
--- a/output/typescript/types.ts
+++ b/output/typescript/types.ts
@@ -20248,6 +20248,7 @@ export interface SecurityGrantApiKeyGrantApiKey {
 }
 
 export interface SecurityGrantApiKeyRequest extends RequestBase {
+  refresh?: Refresh
   body?: {
     api_key: SecurityGrantApiKeyGrantApiKey
     grant_type: SecurityGrantApiKeyApiKeyGrantType
diff --git a/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts b/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts
index 5d1e227e80..259a522781 100644
--- a/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts
+++ b/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts
@@ -18,7 +18,7 @@
  */
 
 import { RequestBase } from '@_types/Base'
-import { Password, Username } from '@_types/common'
+import { Password, Refresh, Username } from '@_types/common'
 import { ApiKeyGrantType, GrantApiKey } from './types'
 
 /**
@@ -57,6 +57,16 @@ export interface Request extends RequestBase {
       methods: ['POST']
     }
   ]
+  query_parameters: {
+    /**
+     * If 'true', Elasticsearch refreshes the affected shards to make this operation
+     * visible to search.
+     * If 'wait_for', it waits for a refresh to make this operation visible to search.
+     * If 'false', nothing is done with refreshes.
+     * @server_default false
+     */
+    refresh?: Refresh
+  }
   body: {
     /**
      * The API key.