diff --git a/src/adobe_api.py b/src/adobe_api.py
index e649af5..6f1d230 100644
--- a/src/adobe_api.py
+++ b/src/adobe_api.py
@@ -5,8 +5,8 @@ from dotenv import load_dotenv, set_key
 load_dotenv()
 
 SHARD = "eu2"
-TOKEN_URL = f"https://api.{SHARD}.adobesign.com/oauth/v2/token"
-REDIRECT_URI = "https://localhost:8080/callback"
+TOKEN_URL = f"https://api.{SHARD}.adobesign.com/oauth/v2/token"    # initial auth code exchange
+REFRESH_URL = f"https://api.{SHARD}.adobesign.com/oauth/v2/refresh"  # token refresh (non-standard separate endpoint)
 ENV_FILE = os.path.join(os.path.dirname(__file__), "..", ".env")
 
 
@@ -16,21 +16,22 @@ def _refresh_access_token():
     refresh_token = os.getenv("ADOBE_REFRESH_TOKEN")
 
     if not all([client_id, client_secret, refresh_token]):
-        raise RuntimeError("Missing credentials for token refresh. Run src/auth_adobe.py first.")
+        raise RuntimeError("Missing credentials for token refresh. Run src/adobe_auth.py first.")
 
     data = {
         "grant_type": "refresh_token",
         "refresh_token": refresh_token,
         "client_id": client_id,
         "client_secret": client_secret,
-        "redirect_uri": REDIRECT_URI,
     }
-    resp = requests.post(TOKEN_URL, data=data)
-    resp.raise_for_status()
+    resp = requests.post(REFRESH_URL, data=data)
+    if not resp.ok:
+        raise RuntimeError(
+            f"Adobe Sign refresh token is invalid or expired ({resp.status_code}: {resp.text}). "
+            "Run `python3 src/adobe_auth.py` to re-authenticate."
+        )
     new_token = resp.json()["access_token"]
-
-    abs_env = os.path.abspath(ENV_FILE)
-    set_key(abs_env, "ADOBE_ACCESS_TOKEN", new_token)
+    set_key(os.path.abspath(ENV_FILE), "ADOBE_ACCESS_TOKEN", new_token)
     os.environ["ADOBE_ACCESS_TOKEN"] = new_token
     return new_token