diff --git a/packages/core/src/resources/GroupAccessTokens.ts b/packages/core/src/resources/GroupAccessTokens.ts
index 27c4575c5..e617c10ae 100644
--- a/packages/core/src/resources/GroupAccessTokens.ts
+++ b/packages/core/src/resources/GroupAccessTokens.ts
@@ -1,6 +1,10 @@
 import type { BaseResourceOptions } from '@gitbeaker/requester-utils';
 import { ResourceAccessTokens } from '../templates';
-import type { AccessTokenSchema, AccessTokenScopes } from '../templates/ResourceAccessTokens';
+import type {
+  AccessTokenExposedSchema,
+  AccessTokenSchema,
+  AccessTokenScopes,
+} from '../templates/ResourceAccessTokens';
 import type {
   GitlabAPIResponse,
   PaginationRequestOptions,
@@ -20,15 +24,15 @@ export interface GroupAccessTokens<C extends boolean = false> extends ResourceAc
     groupId: string | number,
     name: string,
     scopes: AccessTokenScopes[],
+    expiresAt: string,
     options?: {
       accessLevel?: Exclude<
         AccessLevel,
         AccessLevel.MINIMAL_ACCESS | AccessLevel.NO_ACCESS | AccessLevel.ADMIN
       >;
-      expiresAt?: string;
     } & Sudo &
       ShowExpanded<E>,
-  ): Promise<GitlabAPIResponse<AccessTokenSchema, C, E, void>>;
+  ): Promise<GitlabAPIResponse<AccessTokenExposedSchema, C, E, void>>;
 
   revoke<E extends boolean = false>(
     groupId: string | number,
@@ -36,6 +40,12 @@ export interface GroupAccessTokens<C extends boolean = false> extends ResourceAc
     options?: Sudo & ShowExpanded<E>,
   ): Promise<GitlabAPIResponse<void, C, E, void>>;
 
+  rotate<E extends boolean = false>(
+    groupId: string | number,
+    tokenId: string | number,
+    options?: Sudo & ShowExpanded<E>,
+  ): Promise<GitlabAPIResponse<AccessTokenExposedSchema, C, E, void>>;
+
   show<E extends boolean = false>(
     groupId: string | number,
     tokenId: string | number,
diff --git a/packages/core/src/resources/ProjectAccessTokens.ts b/packages/core/src/resources/ProjectAccessTokens.ts
index db43a1bed..0ef390fbc 100644
--- a/packages/core/src/resources/ProjectAccessTokens.ts
+++ b/packages/core/src/resources/ProjectAccessTokens.ts
@@ -1,6 +1,10 @@
 import type { BaseResourceOptions } from '@gitbeaker/requester-utils';
 import { ResourceAccessTokens } from '../templates';
-import type { AccessTokenSchema, AccessTokenScopes } from '../templates/ResourceAccessTokens';
+import type {
+  AccessTokenExposedSchema,
+  AccessTokenSchema,
+  AccessTokenScopes,
+} from '../templates/ResourceAccessTokens';
 import type {
   GitlabAPIResponse,
   PaginationRequestOptions,
@@ -20,15 +24,15 @@ export interface ProjectAccessTokens<C extends boolean = false> extends Resource
     projectId: string | number,
     name: string,
     scopes: AccessTokenScopes[],
+    expiresAt: string,
     options?: {
       accessLevel?: Exclude<
         AccessLevel,
         AccessLevel.MINIMAL_ACCESS | AccessLevel.NO_ACCESS | AccessLevel.ADMIN
       >;
-      expiresAt?: string;
     } & Sudo &
       ShowExpanded<E>,
-  ): Promise<GitlabAPIResponse<AccessTokenSchema, C, E, void>>;
+  ): Promise<GitlabAPIResponse<AccessTokenExposedSchema, C, E, void>>;
 
   revoke<E extends boolean = false>(
     projectId: string | number,
@@ -36,6 +40,12 @@ export interface ProjectAccessTokens<C extends boolean = false> extends Resource
     options?: Sudo & ShowExpanded<E>,
   ): Promise<GitlabAPIResponse<void, C, E, void>>;
 
+  rotate<E extends boolean = false>(
+    projectId: string | number,
+    tokenId: string | number,
+    options?: Sudo & ShowExpanded<E>,
+  ): Promise<GitlabAPIResponse<AccessTokenExposedSchema, C, E, void>>;
+
   show<E extends boolean = false>(
     projectId: string | number,
     tokenId: string | number,
diff --git a/packages/core/src/templates/ResourceAccessTokens.ts b/packages/core/src/templates/ResourceAccessTokens.ts
index 9448e7e9a..6ea59782d 100644
--- a/packages/core/src/templates/ResourceAccessTokens.ts
+++ b/packages/core/src/templates/ResourceAccessTokens.ts
@@ -32,7 +32,10 @@ export interface AccessTokenSchema extends Record<string, unknown> {
     AccessLevel,
     AccessLevel.NO_ACCESS | AccessLevel.MINIMAL_ACCESS | AccessLevel.ADMIN
   >;
-  token?: string;
+}
+
+export interface AccessTokenExposedSchema extends AccessTokenSchema {
+  token: string;
 }
 
 export class ResourceAccessTokens<C extends boolean = false> extends BaseResource<C> {
@@ -55,20 +58,25 @@ export class ResourceAccessTokens<C extends boolean = false> extends BaseResourc
     resourceId: string | number,
     name: string,
     scopes: AccessTokenScopes[],
+    expiresAt: string,
     options?: {
       accessLevel?: Exclude<
         AccessLevel,
         AccessLevel.NO_ACCESS | AccessLevel.MINIMAL_ACCESS | AccessLevel.ADMIN
       >;
-      expiresAt?: string;
     } & Sudo &
       ShowExpanded<E>,
-  ): Promise<GitlabAPIResponse<AccessTokenSchema, C, E, void>> {
-    return RequestHelper.post<AccessTokenSchema>()(this, endpoint`${resourceId}/access_tokens`, {
-      name,
-      scopes,
-      ...options,
-    });
+  ): Promise<GitlabAPIResponse<AccessTokenExposedSchema, C, E, void>> {
+    return RequestHelper.post<AccessTokenExposedSchema>()(
+      this,
+      endpoint`${resourceId}/access_tokens`,
+      {
+        name,
+        scopes,
+        expiresAt,
+        ...options,
+      },
+    );
   }
 
   revoke<E extends boolean = false>(
@@ -79,6 +87,18 @@ export class ResourceAccessTokens<C extends boolean = false> extends BaseResourc
     return RequestHelper.del()(this, endpoint`${resourceId}/access_tokens/${tokenId}`, options);
   }
 
+  rotate<E extends boolean = false>(
+    resourceId: string | number,
+    tokenId: string | number,
+    options?: { expiresAt?: string } & Sudo & ShowExpanded<E>,
+  ): Promise<GitlabAPIResponse<AccessTokenExposedSchema, C, E, void>> {
+    return RequestHelper.post<AccessTokenExposedSchema>()(
+      this,
+      endpoint`${resourceId}/access_tokens/${tokenId}/rotate`,
+      options,
+    );
+  }
+
   show<E extends boolean = false>(
     resourceId: string | number,
     tokenId: string | number,
diff --git a/packages/core/test/unit/templates/ResourceAccessTokens.ts b/packages/core/test/unit/templates/ResourceAccessTokens.ts
index c1d6e14f0..b1353c9d1 100644
--- a/packages/core/test/unit/templates/ResourceAccessTokens.ts
+++ b/packages/core/test/unit/templates/ResourceAccessTokens.ts
@@ -43,18 +43,22 @@ describe('ResourceAccessTokens.all', () => {
 
 describe('ResourceAccessTokens.create', () => {
   it('should call the correct url for creating access token with a string identifer', async () => {
-    await service.create('5', 'test', ['api']);
+    await service.create('5', 'test', ['api'], '2021-01-31');
+
     expect(RequestHelper.post()).toHaveBeenCalledWith(service, '5/access_tokens', {
       name: 'test',
       scopes: ['api'],
+      expiresAt: '2021-01-31',
     });
   });
 
   it('should call the correct url for creating access token with a number identifer', async () => {
-    await service.create(5, 'test', ['api']);
+    await service.create(5, 'test', ['api'], '2021-01-31');
+
     expect(RequestHelper.post()).toHaveBeenCalledWith(service, '5/access_tokens', {
       name: 'test',
       scopes: ['api'],
+      expiresAt: '2021-01-31',
     });
   });
 });
@@ -62,23 +66,57 @@ describe('ResourceAccessTokens.create', () => {
 describe('ResourceAccessTokens.show', () => {
   it('should call the correct url with a string identifer', async () => {
     await service.show('5', '6');
+
     expect(RequestHelper.get()).toHaveBeenCalledWith(service, '5/access_tokens/6', undefined);
   });
 
   it('should call the correct url for creating access token with a number identifer', async () => {
     await service.show(5, 6);
+
     expect(RequestHelper.get()).toHaveBeenCalledWith(service, '5/access_tokens/6', undefined);
   });
 });
 
+describe('ResourceAccessTokens.rotate', () => {
+  it('should call the correct url with a string identifer', async () => {
+    await service.rotate('5', '6');
+
+    expect(RequestHelper.post()).toHaveBeenCalledWith(
+      service,
+      '5/access_tokens/6/rotate',
+      undefined,
+    );
+  });
+
+  it('should call the correct url for creating access token with a number identifer', async () => {
+    await service.rotate(5, 6);
+
+    expect(RequestHelper.post()).toHaveBeenCalledWith(
+      service,
+      '5/access_tokens/6/rotate',
+      undefined,
+    );
+  });
+
+  it('should take options', async () => {
+    const options = { expiresAt: '2021-01-31' };
+
+    await service.rotate('5', '6', options);
+
+    expect(RequestHelper.post()).toHaveBeenCalledWith(service, '5/access_tokens/6/rotate', options);
+  });
+});
+
 describe('ResourceAccessTokens.revoke', () => {
   it('should call the correct url with a string identifer', async () => {
     await service.revoke('5', '6');
+
     expect(RequestHelper.del()).toHaveBeenCalledWith(service, '5/access_tokens/6', undefined);
   });
 
   it('should call the correct url for creating access token with a number identifer', async () => {
     await service.revoke(5, 6);
+
     expect(RequestHelper.del()).toHaveBeenCalledWith(service, '5/access_tokens/6', undefined);
   });
 });