Yes - your application key and secret may remain the same, but all existing tokens will be authenticated with the existing privileges, so in order to “upgrade” them to +email, you’ll need to invalidate current tokens and get new ones with the higher privileges.
