Changelog

New updates and improvements at Cloudflare.

Subscribe to RSS
View all RSS feeds

← Back to all posts

Cloudflare Typescript SDK v6.0.0-beta.1 now available

Jan 20, 2026

Cloudflare Fundamentals SDK

Disclaimer: Please note that v6.0.0-beta.1 is in Beta and we are still testing it for stability.

Full Changelog: v5.2.0...v6.0.0-beta.1 ↗

In this release, you'll see a large number of breaking changes. This is primarily due to a change in OpenAPI definitions, which our libraries are based off of, and codegen updates that we rely on to read those OpenAPI definitions and produce our SDK libraries. As the codegen is always evolving and improving, so are our code bases.

Some breaking changes were introduced due to bug fixes, also listed below.

Please ensure you read through the list of changes below before moving to this version - this will help you understand any down or upstream issues it may cause to your environments.

---

Breaking Changes

Addressing - Parameter Requirements Changed

• BGPPrefixCreateParams.cidr: optional → required
• PrefixCreateParams.asn: number | null → number
• PrefixCreateParams.loa_document_id: required → optional
• ServiceBindingCreateParams.cidr: optional → required
• ServiceBindingCreateParams.service_id: optional → required

API Gateway

• ConfigurationUpdateResponse removed
• PublicSchema → OldPublicSchema
• SchemaUpload → UserSchemaCreateResponse
• ConfigurationUpdateParams.properties removed; use normalize

CloudforceOne - Response Type Changes

• ThreatEventBulkCreateResponse: number → complex object with counts and errors

D1 Database - Query Parameters

• DatabaseQueryParams: simple interface → union type (D1SingleQuery | MultipleQueries)
• DatabaseRawParams: same change
• Supports batch queries via batch array

DNS Records - Type Renames (21 types)

All record type interfaces renamed from *Record to short names:

• RecordResponse.ARecord → RecordResponse.A
• RecordResponse.AAAARecord → RecordResponse.AAAA
• RecordResponse.CNAMERecord → RecordResponse.CNAME
• RecordResponse.MXRecord → RecordResponse.MX
• RecordResponse.NSRecord → RecordResponse.NS
• RecordResponse.PTRRecord → RecordResponse.PTR
• RecordResponse.TXTRecord → RecordResponse.TXT
• RecordResponse.CAARecord → RecordResponse.CAA
• RecordResponse.CERTRecord → RecordResponse.CERT
• RecordResponse.DNSKEYRecord → RecordResponse.DNSKEY
• RecordResponse.DSRecord → RecordResponse.DS
• RecordResponse.HTTPSRecord → RecordResponse.HTTPS
• RecordResponse.LOCRecord → RecordResponse.LOC
• RecordResponse.NAPTRRecord → RecordResponse.NAPTR
• RecordResponse.SMIMEARecord → RecordResponse.SMIMEA
• RecordResponse.SRVRecord → RecordResponse.SRV
• RecordResponse.SSHFPRecord → RecordResponse.SSHFP
• RecordResponse.SVCBRecord → RecordResponse.SVCB
• RecordResponse.TLSARecord → RecordResponse.TLSA
• RecordResponse.URIRecord → RecordResponse.URI
• RecordResponse.OpenpgpkeyRecord → RecordResponse.Openpgpkey

IAM Resource Groups

• ResourceGroupCreateResponse.scope: optional single → required array
• ResourceGroupCreateResponse.id: optional → required

Origin CA Certificates - Parameter Requirements Changed

• OriginCACertificateCreateParams.csr: optional → required
• OriginCACertificateCreateParams.hostnames: optional → required
• OriginCACertificateCreateParams.request_type: optional → required

Pages

• Renamed: DeploymentsSinglePage → DeploymentListResponsesV4PagePaginationArray
• Domain response fields: many optional → required

Pipelines - v0 to v1 Migration

• Entire v0 API deprecated; use v1 methods (createV1, listV1, etc.)
• New sub-resources: Sinks, Streams

R2

• EventNotificationUpdateParams.rules: optional → required
• Super Slurper: bucket, secret now required in source params

Radar

• dataSource: string → typed enum (23 values)
• eventType: string → typed enum (6 values)
• V2 methods require dimension parameter (breaking signature change)

Resource Sharing

• Removed: status_message field from all recipient response types

Schema Validation

• Consolidated SchemaCreateResponse, SchemaListResponse, SchemaEditResponse, SchemaGetResponse → PublicSchema
• Renamed: SchemaListResponsesV4PagePaginationArray → PublicSchemasV4PagePaginationArray

Spectrum

• Renamed union members: AppListResponse.UnionMember0 → SpectrumConfigAppConfig
• Renamed union members: AppListResponse.UnionMember1 → SpectrumConfigPaygoAppConfig

Workers

• Removed: WorkersBindingKindTailConsumer type (all occurrences)
• Renamed: ScriptsSinglePage → ScriptListResponsesSinglePage
• Removed: DeploymentsSinglePage

Zero-Trust DLP

• datasets.create(), update(), get() return types changed
• PredefinedGetResponse union members renamed to UnionMember0-5

Zero-Trust Tunnels

• Removed: CloudflaredCreateResponse, CloudflaredListResponse, CloudflaredDeleteResponse, CloudflaredEditResponse, CloudflaredGetResponse
• Removed: CloudflaredListResponsesV4PagePaginationArray

---

Features

Abuse Reports (client.abuseReports)

• Reports: create, list, get
• Mitigations: sub-resource for abuse mitigations

AI Search (client.aisearch)

• Instances: create, update, list, delete, read, stats
• Items: list, get
• Jobs: create, list, get, logs
• Tokens: create, update, list, delete, read

Connectivity (client.connectivity)

• Directory Services: create, update, list, delete, get
• Supports IPv4, IPv6, dual-stack, and hostname configurations

Organizations (client.organizations)

• Organizations: create, update, list, delete, get
• OrganizationProfile: update, get
• Hierarchical organization support with parent/child relationships

R2 Data Catalog (client.r2DataCatalog)

• Catalog: list, enable, disable, get
• Credentials: create
• MaintenanceConfigs: update, get
• Namespaces: list
• Tables: list, maintenance config management
• Apache Iceberg integration

Realtime Kit (client.realtimeKit)

• Apps: get, post
• Meetings: create, get, participant management
• Livestreams: 10+ methods for streaming
• Recordings: start, pause, stop, get
• Sessions: transcripts, summaries, chat
• Webhooks: full CRUD
• ActiveSession: polls, kick participants
• Analytics: organization analytics

Token Validation (client.tokenValidation)

• Configuration: create, list, delete, edit, get
• Credentials: update
• Rules: create, list, delete, bulkCreate, bulkEdit, edit, get
• JWT validation with RS256/384/512, PS256/384/512, ES256, ES384

Alerting Silences (client.alerting.silences)

• create, update, list, delete, get

IAM SSO (client.iam.sso)

• create, update, list, delete, get, beginVerification

Pipelines v1 (client.pipelines)

• Sinks: create, list, delete, get
• Streams: create, update, list, delete, get

Zero-Trust AI Controls / MCP (client.zeroTrust.access.aiControls.mcp)

• Portals: create, update, list, delete, read
• Servers: create, update, list, delete, read, sync

Accounts

• managed_by field with parent_org_id, parent_org_name

Addressing LOA Documents

• auto_generated field on LOADocumentCreateResponse

Addressing Prefixes

• delegate_loa_creation, irr_validation_state, ownership_validation_state, ownership_validation_token, rpki_validation_state

AI

• Added toMarkdown.supported() method to get all supported conversion formats

AI Gateway

• zdr field added to all responses and params

Alerting

• New alert type: abuse_report_alert
• type field added to PolicyFilter

Browser Rendering

• ContentCreateParams: refined to discriminated union (Variant0 | Variant1)
• Split into URL-based and HTML-based parameter variants for better type safety

Client Certificates

• reactivate parameter in edit

CloudforceOne

• ThreatEventCreateParams.indicatorType: required → optional
• hasChildren field added to all threat event response types
• datasetIds query parameter on AttackerListParams, CategoryListParams, TargetIndustryListParams
• categoryUuid field on TagCreateResponse
• indicators array for multi-indicator support per event
• uuid and preserveUuid fields for UUID preservation in bulk create
• format query parameter ('json' | 'stix2') on ThreatEventListParams
• createdAt, datasetId fields on ThreatEventEditParams

Content Scanning

• Added create(), update(), get() methods

Custom Pages

• New page types: basic_challenge, under_attack, waf_challenge

D1

• served_by_colo - colo that handled query
• jurisdiction - 'eu' | 'fedramp'
• Time Travel (client.d1.database.timeTravel): getBookmark(), restore() - point-in-time recovery

Email Security

• New fields on InvestigateListResponse/InvestigateGetResponse: envelope_from, envelope_to, postfix_id_outbound, replyto
• New detection classification: 'outbound_ndr'
• Enhanced Finding interface with attachment, detection, field, portion, reason, score
• Added cursor query parameter to InvestigateListParams

Gateway Lists

• New list types: CATEGORY, LOCATION, DEVICE

Intel

• New issue type: 'configuration_suggestion'
• payload field: unknown → typed Payload interface with detection_method, zone_tag

Leaked Credential Checks

• Added detections.get() method

Logpush

• New datasets: dex_application_tests, dex_device_state_events, ipsec_logs, warp_config_changes, warp_toggle_changes

Load Balancers

• Monitor.port: number → number | null
• Pool.load_shedding: LoadShedding → LoadShedding | null
• Pool.origin_steering: OriginSteering → OriginSteering | null

Magic Transit

• license_key field on connectors
• provision_license parameter for auto-provisioning
• IPSec: custom_remote_identities with FQDN support
• Snapshots: Bond interface, probed_mtu field

Pages

• New response types: ProjectCreateResponse, ProjectListResponse, ProjectEditResponse, ProjectGetResponse
• Deployment methods return specific response types instead of generic Deployment

Queues

• Added subscriptions.get() method
• Enhanced SubscriptionGetResponse with typed event source interfaces
• New event source types: Images, KV, R2, Vectorize, Workers AI, Workers Builds, Workflows

R2

• Sippy: new provider s3 (S3-compatible endpoints)
• Sippy: bucketUrl field for S3-compatible sources
• Super Slurper: keys field on source response schemas (specify specific keys to migrate)
• Super Slurper: pathPrefix field on source schemas
• Super Slurper: region field on S3 source params

Radar

• Added geolocations.list(), geolocations.get() methods
• Added V2 dimension-based methods (summaryV2, timeseriesGroupsV2) to radar sub-resources

Resource Sharing

• Added terminal boolean field to Resource Error interfaces

Rules

• Added id field to ItemDeleteParams.Item

Rulesets

• New buffering fields on SetConfigRule: request_body_buffering, response_body_buffering

Secrets Store

• New scopes: 'dex', 'access' (in addition to 'workers', 'ai_gateway')

SSL Certificate Packs

• Response types now proper interfaces (was unknown)
• Fields now required: id, certificates, hosts, status, type

Security Center

• payload field: unknown → typed Payload interface with detection_method, zone_tag

Shared Types

• Added: CloudflareTunnelsV4PagePaginationArray pagination class

Workers

• Added subdomains.delete() method
• Worker.references - track external dependencies (domains, Durable Objects, queues)
• Worker.startup_time_ms - startup timing
• Script.observability - observability settings with logging
• Script.tag, Script.tags - immutable ID and tags
• Placement: support for region, hostname, host-based placement
• tags, tail_consumers now accept | null
• Telemetry: traces field, $containers event info, durableObjectId, transactionName, abr_level fields

Workers for Platforms

• ScriptUpdateResponse: new fields entry_point, observability, tag, tags
• placement field now union of 4 variants (smart mode, region, hostname, host)
• tags, tail_consumers now nullable
• TagUpdateParams.body now accepts null

Workflows

• instance_retention: unknown → typed InstanceRetention interface with error_retention, success_retention
• New status option: 'restart' added to StatusEditParams.status

Zero-Trust Devices

• External emergency disconnect settings (4 new fields)
• antivirus device posture check type
• os_version_extra documentation improvements

Zones

• New response types: SubscriptionCreateResponse, SubscriptionUpdateResponse, SubscriptionGetResponse

Zero-Trust Access Applications

• New ApplicationType values: 'mcp', 'mcp_portal', 'proxy_endpoint'
• New destination type: ViaMcpServerPortalDestination for MCP server access

Zero-Trust Gateway

• Added rules.listTenant() method

Zero-Trust Gateway - Proxy Endpoints

• ProxyEndpoint: interface → discriminated union (ZeroTrustGatewayProxyEndpointIP | ZeroTrustGatewayProxyEndpointIdentity)
• ProxyEndpointCreateParams: interface → union type
• Added kind field: 'ip' | 'identity'

Zero-Trust Tunnels

• WARPConnector*Response: union type → interface

---

Deprecations

• API Gateway: UserSchemas, Settings, SchemaValidation resources
• Audit Logs: auditLogId.not (use id.not)
• CloudforceOne: ThreatEvents.get(), IndicatorTypes.list()
• Devices: public_ip field (use DEX API)
• Email Security: item_count field in Move responses
• Pipelines: v0 methods (use v1)
• Radar: old summary() and timeseriesGroups() methods (use V2)
• Rulesets: disable_apps, mirage fields
• WARP Connector: connections field
• Workers: environment parameter in Domains
• Zones: ResponseBuffering page rule

---

Bug Fixes

• mcp: correct code tool API endpoint (599703c ↗)
• mcp: return correct lines on typescript errors (5d6f999 ↗)
• organization_profile: fix bad reference (d84ea77 ↗)
• schema_validation: correctly reflect model to openapi mapping (bb86151 ↗)
• workers: fix tests (2ee37f7 ↗)

---

Documentation

• Added deprecation notices with migration paths
• api_gateway: deprecate API Shield Schema Validation resources (8a4b20f ↗)
• Improved JSDoc examples across all resources
• workers: expose subdomain delete documentation (4f7cc1f ↗)