Update wording of reuse detection

4a9b4de7 · Isaac Durham · GitLab · fa05d64e · 4a9b4de7 · 4a9b4de7
--- a/doc/api/group_access_tokens.md
+++ b/doc/api/group_access_tokens.md
@@ -182,7 +182,8 @@ curl --request POST \

 Rotates a group access token. This immediately revokes the previous token and creates a new token. Generally, this endpoint rotates a specific group access token by authenticating with a personal access token. You can also use a group access token to rotate itself. For more information, see [Self-rotate](#self-rotate).

-If you attempt to use the revoked token later, GitLab immediately revokes the new token. For more information, see [Automatic reuse detection](personal_access_tokens.md#automatic-reuse-detection).
+If you attempt to use this endpoint to rotate a token that was previously revoked, any active tokens from the same
+token family are revoked. For more information, see [Automatic reuse detection](personal_access_tokens.md#automatic-reuse-detection).

 Prerequisites:


--- a/doc/api/personal_access_tokens.md
+++ b/doc/api/personal_access_tokens.md
@@ -242,10 +242,10 @@ curl --request POST \

 When you rotate or revoke a token, GitLab automatically tracks the relationship between the old and
 new tokens. Each time a new token is generated, a connection is made to the previous token. These
-connected tokens form a token family. Only the newest token can authenticate requests.
+connected tokens form a token family.

-If an old token is ever used to authenticate a request, the request fails and GitLab immediately
-revokes the newest token in the family.
+If you attempt to use the API to rotate an access token that was already revoked, any active tokens from the same
+token family are revoked.

 This feature helps secure GitLab if an old token is ever leaked or stolen. By tracking token
 relationships and automatically revoking access when old tokens are used, attackers cannot exploit

--- a/doc/api/project_access_tokens.md
+++ b/doc/api/project_access_tokens.md
@@ -179,7 +179,8 @@ curl --request POST \

 Rotates a project access token. This immediately revokes the previous token and creates a new token. Generally, this endpoint rotates a specific project access token by authenticating with a personal access token. You can also use a project access token to rotate itself. For more information, see [Self-rotate](#self-rotate).

-If you attempt to use the revoked token later, GitLab immediately revokes the new token. For more information, see [Automatic reuse detection](personal_access_tokens.md#automatic-reuse-detection).
+If you attempt to use this endpoint to rotate a token that was previously revoked, any active tokens from the same
+token family are revoked. For more information, see [Automatic reuse detection](personal_access_tokens.md#automatic-reuse-detection).

 Prerequisites: