diff --git a/docs/api/README.md b/docs/api/README.md
index 51a790cdc..2af312ed1 100644
--- a/docs/api/README.md
+++ b/docs/api/README.md
@@ -14,7 +14,7 @@ Base URLs:
 
     - Flow: clientCredentials
 
-    - Token URL = [/api/auth/oauth/token](/api/auth/oauth/token)
+    - Token URL = [/oauth/token](/oauth/token)
 
 |Scope|Scope Description|
 |---|---|
diff --git a/openapi.yaml b/openapi.yaml
index 13c7ef9ea..5661d768a 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -3738,6 +3738,6 @@ components:
       type: oauth2
       flows:
         clientCredentials:
-          tokenUrl: /api/auth/oauth/token
-          refreshUrl: /api/auth/oauth/token
+          tokenUrl: /oauth/token
+          refreshUrl: /oauth/token
           scopes: {}
diff --git a/openapi/v1.yaml b/openapi/v1.yaml
index ab33d5bb9..ea016a195 100644
--- a/openapi/v1.yaml
+++ b/openapi/v1.yaml
@@ -1300,8 +1300,8 @@ components:
       type: oauth2
       flows:
         clientCredentials:
-          tokenUrl: '/api/auth/oauth/token'
-          refreshUrl: '/api/auth/oauth/token'
+          tokenUrl: '/oauth/token'
+          refreshUrl: '/oauth/token'
           scopes: { }
 
   schemas:
diff --git a/openapi/v2.yaml b/openapi/v2.yaml
index 77f31b9d8..2bfa4ec2d 100644
--- a/openapi/v2.yaml
+++ b/openapi/v2.yaml
@@ -1270,8 +1270,8 @@ components:
       type: oauth2
       flows:
         clientCredentials:
-          tokenUrl: "/api/auth/oauth/token"
-          refreshUrl: "/api/auth/oauth/token"
+          tokenUrl: "/oauth/token"
+          refreshUrl: "/oauth/token"
           scopes: {}
 
   schemas:
diff --git a/pkg/client/.speakeasy/gen.lock b/pkg/client/.speakeasy/gen.lock
index 6ee5c6fe8..e108584fd 100644
--- a/pkg/client/.speakeasy/gen.lock
+++ b/pkg/client/.speakeasy/gen.lock
@@ -1,12 +1,12 @@
 lockVersion: 2.0.0
 id: a9ac79e1-e429-4ee3-96c4-ec973f19bec3
 management:
-  docChecksum: 169efa4fe3c5d6561f06920598d20df4
+  docChecksum: 46d538f65c61649e934b6991843b1e67
   docVersion: v1
   speakeasyVersion: 1.351.0
   generationVersion: 2.384.1
-  releaseVersion: 0.4.20
-  configChecksum: e66e70c75590218ba585d230919d03e3
+  releaseVersion: 0.4.21
+  configChecksum: 2dae5ea4cfeda429fc8fea96da1ab7b6
 features:
   go:
     additionalDependencies: 0.1.0
diff --git a/pkg/client/.speakeasy/gen.yaml b/pkg/client/.speakeasy/gen.yaml
index 2718b0b1c..fbf4e6602 100644
--- a/pkg/client/.speakeasy/gen.yaml
+++ b/pkg/client/.speakeasy/gen.yaml
@@ -15,7 +15,7 @@ generation:
   auth:
     oAuth2ClientCredentialsEnabled: true
 go:
-  version: 0.4.20
+  version: 0.4.21
   additionalDependencies: {}
   allowUnknownFieldsInWeakUnions: false
   clientServerStatusCodesAsErrors: true
diff --git a/pkg/client/formance.go b/pkg/client/formance.go
index 2d2842cb3..67588f42a 100644
--- a/pkg/client/formance.go
+++ b/pkg/client/formance.go
@@ -143,9 +143,9 @@ func New(opts ...SDKOption) *Formance {
 		sdkConfiguration: sdkConfiguration{
 			Language:          "go",
 			OpenAPIDocVersion: "v1",
-			SDKVersion:        "0.4.20",
+			SDKVersion:        "0.4.21",
 			GenVersion:        "2.384.1",
-			UserAgent:         "speakeasy-sdk/go 0.4.20 2.384.1 v1 github.com/formancehq/ledger/pkg/client",
+			UserAgent:         "speakeasy-sdk/go 0.4.21 2.384.1 v1 github.com/formancehq/ledger/pkg/client",
 			Hooks:             hooks.New(),
 		},
 	}
diff --git a/pkg/client/models/components/security.go b/pkg/client/models/components/security.go
index 4bc8de7a2..6a81ae879 100644
--- a/pkg/client/models/components/security.go
+++ b/pkg/client/models/components/security.go
@@ -9,7 +9,7 @@ import (
 type Security struct {
 	ClientID     string `security:"scheme,type=oauth2,subtype=client_credentials,name=clientID"`
 	ClientSecret string `security:"scheme,type=oauth2,subtype=client_credentials,name=clientSecret"`
-	tokenURL     string `const:"/api/auth/oauth/token"`
+	tokenURL     string `const:"/oauth/token"`
 }
 
 func (s Security) MarshalJSON() ([]byte, error) {
@@ -38,5 +38,5 @@ func (o *Security) GetClientSecret() string {
 }
 
 func (o *Security) GetTokenURL() string {
-	return "/api/auth/oauth/token"
+	return "/oauth/token"
 }
diff --git a/tools/generator/cmd/root.go b/tools/generator/cmd/root.go
index 832e97a5c..f82a37be0 100644
--- a/tools/generator/cmd/root.go
+++ b/tools/generator/cmd/root.go
@@ -1,6 +1,8 @@
 package cmd
 
 import (
+	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"github.com/formancehq/go-libs/v2/logging"
@@ -9,6 +11,9 @@ import (
 	"github.com/formancehq/ledger/pkg/client/models/operations"
 	"github.com/formancehq/ledger/pkg/client/models/sdkerrors"
 	"github.com/formancehq/ledger/pkg/generate"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/clientcredentials"
+	"net/http"
 	"os"
 	"sync"
 
@@ -25,6 +30,10 @@ var (
 	parallelFlag           = "parallel"
 	ledgerFlag             = "ledger"
 	untilTransactionIDFlag = "until-transaction-id"
+	clientIDFlag           = "client-id"
+	clientSecretFlag       = "client-secret"
+	authUrlFlag            = "auth-url"
+	insecureSkipVerifyFlag = "insecure-skip-verify"
 )
 
 func run(cmd *cobra.Command, args []string) error {
@@ -51,14 +60,58 @@ func run(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("failed to get untilTransactionID: %w", err)
 	}
 
-	client := ledgerclient.New(ledgerclient.WithServerURL(ledgerUrl))
+	insecureSkipVerify, err := cmd.Flags().GetBool(insecureSkipVerifyFlag)
+	if err != nil {
+		return fmt.Errorf("failed to get insecureSkipVerify: %w", err)
+	}
+
+	httpClient := &http.Client{
+		Transport: &http.Transport{
+			MaxIdleConns:        vus,
+			MaxConnsPerHost:     vus,
+			MaxIdleConnsPerHost: vus,
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: insecureSkipVerify,
+			},
+		},
+	}
+
+	clientID, err := cmd.Flags().GetString(clientIDFlag)
+	if err != nil {
+		return fmt.Errorf("failed to get client id: %w", err)
+	}
+	if clientID != "" {
+		clientSecret, err := cmd.Flags().GetString(clientSecretFlag)
+		if err != nil {
+			return fmt.Errorf("failed to get client secret: %w", err)
+		}
+
+		authUrl, err := cmd.Flags().GetString(authUrlFlag)
+		if err != nil {
+			return fmt.Errorf("failed to get auth url: %w", err)
+		}
+
+		httpClient = (&clientcredentials.Config{
+			ClientID:     clientID,
+			ClientSecret: clientSecret,
+			TokenURL:     authUrl + "/oauth/token",
+			Scopes:       []string{"ledger:read", "ledger:write"},
+		}).
+			Client(context.WithValue(cmd.Context(), oauth2.HTTPClient, httpClient))
+	}
+
+	client := ledgerclient.New(
+		ledgerclient.WithServerURL(ledgerUrl),
+		ledgerclient.WithClient(httpClient),
+	)
 
 	_, err = client.Ledger.V2.CreateLedger(cmd.Context(), operations.V2CreateLedgerRequest{
 		Ledger: ledger,
 	})
 	if err != nil {
 		sdkError := &sdkerrors.V2ErrorResponse{}
-		if !errors.As(err, &sdkError) || sdkError.ErrorCode != components.V2ErrorsEnumLedgerAlreadyExists {
+		if !errors.As(err, &sdkError) || (sdkError.ErrorCode != components.V2ErrorsEnumLedgerAlreadyExists &&
+			sdkError.ErrorCode != components.V2ErrorsEnumValidation) {
 			return fmt.Errorf("failed to create ledger: %w", err)
 		}
 	}
@@ -112,6 +165,10 @@ func Execute() {
 }
 
 func init() {
+	rootCmd.Flags().String(clientIDFlag, "", "Client ID")
+	rootCmd.Flags().String(clientSecretFlag, "", "Client Secret")
+	rootCmd.Flags().String(authUrlFlag, "", "Auth URL")
+	rootCmd.Flags().Bool(insecureSkipVerifyFlag, false, "Skip TLS verification")
 	rootCmd.Flags().IntP(parallelFlag, "p", 1, "Number of parallel users")
 	rootCmd.Flags().StringP(ledgerFlag, "l", "default", "Ledger to feed")
 	rootCmd.Flags().Int64P(untilTransactionIDFlag, "u", 0, "Stop after this transaction ID")