diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,28 @@
+0.5.4.0
+=======
+
+* Bump versions for `servant-0.16` and `swagger-2.4`.
+
+0.5.3.0
+=======
+
+* Bump versions to `lts-12.9`.
+
+0.5.2.0
+=======
+
+* Push version bounds.
+
+0.5.1.0
+=======
+
+* Push version bounds.
+
+0.5.0.0
+=======
+
+* Add `AuthSigninPostMethod` to substitute security weak `AuthSigninMethod`.
+
 0.4.2.1
 =======
 
diff --git a/servant-auth-token-api.cabal b/servant-auth-token-api.cabal
--- a/servant-auth-token-api.cabal
+++ b/servant-auth-token-api.cabal
@@ -1,7 +1,8 @@
 name:                servant-auth-token-api
-version:             0.4.2.2
+version:             0.5.4.0
 synopsis:            Servant based API for token based authorisation
-description:         Please see README.md
+description:         The package provides cross compiler API (for GHC and GHCJS) for
+                     <http://hackage.haskell.org/package/servant-auth-token servant-auth-token>. Please see README.md
 homepage:            https://github.com/ncrashed/servant-auth-token-api#readme
 license:             BSD3
 license-file:        LICENSE
@@ -14,6 +15,7 @@
   README.md
   CHANGELOG.md
 cabal-version:       >=1.10
+tested-with:         GHC ==8.6.5, GHC ==8.4.4
 
 Flag flat-perm-symbols
   Description: Use flat Symbols for token tags, improve compilation time.
@@ -28,14 +30,14 @@
     Servant.API.Auth.Token.Internal.Schema
   build-depends:
       base            >= 4.7    && < 5
-    , aeson           >= 0.11   && < 1.3
-    , aeson-injector  >= 1.0.4  && < 1.1
+    , aeson           >= 0.11   && < 1.5
+    , aeson-injector  >= 1.0.4  && < 1.2
     , lens            >= 4.13   && < 5
     , raw-strings-qq  >= 1.1    && < 1.2
-    , servant         >= 0.9    && < 0.13
-    , servant-docs    >= 0.9    && < 0.13
+    , servant         >= 0.9    && < 0.17
+    , servant-docs    >= 0.9    && < 0.15
     , servant-swagger >= 1.1    && < 1.2
-    , swagger2        >= 2.1    && < 2.2
+    , swagger2        >= 2.4    && < 2.5
     , text            >= 1.2    && < 2
 
   default-language:    Haskell2010
diff --git a/src/Servant/API/Auth/Token.hs b/src/Servant/API/Auth/Token.hs
--- a/src/Servant/API/Auth/Token.hs
+++ b/src/Servant/API/Auth/Token.hs
@@ -22,6 +22,7 @@
   -- * API specs
     AuthAPI
   , AuthSigninMethod
+  , AuthSigninPostMethod
   , AuthSigninGetCodeMethod
   , AuthSigninPostCodeMethod
   , AuthTouchMethod
@@ -77,6 +78,7 @@
   , RespUserInfo(..)
   , PatchUser(..)
   , RespUsersInfo(..)
+  , AuthSigninPostBody(..)
   -- ** User groups
   , UserGroupId
   , UserGroup(..)
@@ -173,7 +175,7 @@
 type Token' (perms :: [Symbol]) = Token (PlainPerms perms)
 
 instance ToParamSchema (Token perms) where
-  toParamSchema _ = mempty { _paramSchemaType = SwaggerString }
+  toParamSchema _ = mempty { _paramSchemaType = Just SwaggerString }
 
 instance FromHttpApiData (Token perms) where
   parseUrlPiece = fmap Token . parseUrlPiece
@@ -406,6 +408,37 @@
       , patchUserGroupNoParent = Just True
       }
 
+-- | Body for 'AuthSigninPostMethod'
+data AuthSigninPostBody = AuthSigninPostBody {
+  authSigninBodyLogin    :: !Login
+, authSigninBodyPassword :: !Password
+, authSigninBodySeconds  :: !(Maybe Seconds) -- ^ Nothing is default server value
+} deriving (Generic, Show)
+$(deriveJSON (derivePrefix "authSigninBody") ''AuthSigninPostBody)
+
+instance ToSchema AuthSigninPostBody where
+  declareNamedSchema = genericDeclareNamedSchema $
+    schemaOptionsDropPrefix "authSigninBody"
+
+instance ToSample AuthSigninPostBody where
+  toSamples _ = samples [s1, s2, s3]
+    where
+    s1 = AuthSigninPostBody {
+        authSigninBodyLogin = "admin"
+      , authSigninBodyPassword = "123456"
+      , authSigninBodySeconds = Nothing
+      }
+    s2 = AuthSigninPostBody {
+        authSigninBodyLogin = "sviborg"
+      , authSigninBodyPassword = "qwerty"
+      , authSigninBodySeconds = Just 360
+      }
+    s3 = AuthSigninPostBody {
+        authSigninBodyLogin = "schoolgirl"
+      , authSigninBodyPassword = "ilovepony"
+      , authSigninBodySeconds = Just 42
+      }
+
 instance ToParam (QueryParam "login" Login) where
   toParam _ = DocQueryParam "login" ["ncrashed", "buddy"] "Any valid login for user" Normal
 instance ToParam (QueryParam "password" Password) where
@@ -425,6 +458,7 @@
 -- | Generic authorization API
 type AuthAPI =
        AuthSigninMethod
+  :<|> AuthSigninPostMethod
   :<|> AuthSigninGetCodeMethod
   :<|> AuthSigninPostCodeMethod
   :<|> AuthTouchMethod
@@ -472,6 +506,30 @@
   :> QueryParam "password" Password
   :> QueryParam "expire" Seconds
   :> Get '[JSON] (OnlyField "token" SimpleToken)
+{-# DEPRECATED AuthSigninMethod "AuthSigninPostMethod is more secure" #-}
+
+-- | How to get a token, expire of 'Nothing' means
+-- some default value (server config).
+--
+-- Logic of authorisation via this method is:
+--
+-- * Client sends POST request to the endpoint with
+-- user specified login and password and optional expire
+--
+-- * Server responds with token or error
+--
+-- * Client uses the token with other requests as authorisation
+-- header
+--
+-- * Client can extend lifetime of token by periodically pinging
+-- of 'AuthTouchMethod' endpoint
+--
+-- * Client can invalidate token instantly by 'AuthSignoutMethod'
+--
+-- * Client can get info about user with 'AuthTokenInfoMethod' endpoint.
+type AuthSigninPostMethod = "auth" :> "signin"
+  :> ReqBody '[JSON] AuthSigninPostBody
+  :> Post '[JSON] (OnlyField "token" SimpleToken)
 
 -- | Authorisation via code of single usage.
 --
