Changelog

New updates and improvements at Cloudflare.

Subscribe to RSS View RSS feeds

SDK

Apr 23, 2026

1. Go SDK v6.10.0 Released

   SDK Go SDK

   v6.10.0

   In this release, you'll see a number of breaking changes. This is primarily due to changes in OpenAPI definitions, which our libraries are based off of, and codegen updates that we rely on to read those OpenAPI definitions and produce our SDK libraries.

   Please ensure you read through the list of changes below before moving to this version - this will help you understand any down or upstream issues it may cause to your environments.

   Breaking Changes

   See the v6.10.0 Migration Guide ↗ for before/after code examples and actions needed for each change.

   Abuse Reports - Registrar WHOIS Report Field Removals

   Several fields have been removed from AbuseReportNewParamsBodyAbuseReportsRegistrarWhoisReportRegWhoRequest:

   • RegWhoGoodFaithAffirmation
   • RegWhoLawfulProcessingAgreement
   • RegWhoLegalBasis
   • RegWhoRequestType
   • RegWhoRequestedDataElements

   AI Search - Instance Params Restructured

   The InstanceNewParams and InstanceUpdateParams types have been significantly restructured. Many fields have been moved or removed:

   • InstanceNewParams.TokenID, Type, CreatedFromAISearchWizard, WorkerDomain removed
   • InstanceUpdateParams — most configuration fields removed (including IndexMethod, IndexingOptions, MaxNumResults, Metadata, Paused, PublicEndpointParams, Reranking, RerankingModel, RetrievalOptions, RewriteModel, RewriteQuery, ScoreThreshold, SourceParams, Summarization, SummarizationModel, SystemPromptAISearch, SystemPromptIndexSummarization, SystemPromptRewriteQuery, TokenID, CreatedFromAISearchWizard, WorkerDomain)
   • InstanceSearchParams.Messages field removed along with InstanceSearchParamsMessage and InstanceSearchParamsMessagesRole types

   AI Search - InstanceItem Service Removed

   The InstanceItemService type has been removed. The items sub-resource at client.AISearch.Instances.Items no longer exists in the non-namespace path. Use client.AISearch.Namespaces.Instances.Items instead.

   AI Search - Token Types Removed

   The following types have been removed from the ai_search package:

   • TokenDeleteResponse
   • TokenListParams (and associated TokenListParamsOrderBy, TokenListParamsOrderByDirection)

   Email Security - Investigate Move Return Type Change

   The Investigate.Move.New() method now returns a raw slice instead of a paginated wrapper:

   • New() returns *[]InvestigateMoveNewResponse instead of *pagination.SinglePage[InvestigateMoveNewResponse]
   • NewAutoPaging() method removed

   Hyperdrive - Config Params Restructured

   The ConfigEditParams type lost its MTLS and Name fields. The HyperdriveMTLSParam type lost MTLS and Host fields. The Host field on origin config changed from param.Field[string] to a plain string.

   IAM - UserGroupMember Params and Return Types Changed

   The UserGroupMemberNewParams struct has been restructured and the New() method now returns a paginated response:

   • UserGroupMemberNewParams.Body renamed to UserGroupMemberNewParams.Members
   • UserGroupMemberNewParamsBody renamed to UserGroupMemberNewParamsMember
   • UserGroupMemberUpdateParams.Body renamed to UserGroupMemberUpdateParams.Members
   • UserGroupMemberUpdateParamsBody renamed to UserGroupMemberUpdateParamsMember
   • UserGroups.Members.New() returns *pagination.SinglePage[UserGroupMemberNewResponse] instead of *UserGroupMemberNewResponse

   IAM - UserGroup List Direction Type Changed

   The UserGroupListParams.Direction field changed from param.Field[string] to param.Field[UserGroupListParamsDirection] (typed enum with asc/desc values).

   Pipelines - Delete Methods Now Return Typed Responses

   Several delete methods across Pipelines now return typed responses instead of bare error:

   • Pipelines.DeleteV1() returns (*PipelineDeleteV1Response, error) instead of error
   • Pipelines.Sinks.Delete() returns (*SinkDeleteResponse, error) instead of error
   • Pipelines.Streams.Delete() returns (*StreamDeleteResponse, error) instead of error

   Queues - Message Response Types Removed

   The following response envelope types have been removed:

   • MessageBulkPushResponseSuccess
   • MessagePushResponseSuccess
   • MessageAckResponse fields RetryCount and Warnings removed

   Secrets Store - Pagination Wrapper Removal and Type Changes

   Methods now return direct types instead of SinglePage wrappers, and several internal types have been removed. Associated AutoPaging methods have also been removed:

   • Stores.New() returns *StoreNewResponse instead of *pagination.SinglePage[StoreNewResponse]
   • Stores.NewAutoPaging() method removed
   • Stores.Secrets.BulkDelete() returns *StoreSecretBulkDeleteResponse instead of *pagination.SinglePage[StoreSecretBulkDeleteResponse]
   • Stores.Secrets.BulkDeleteAutoPaging() method removed
   • Removed types: StoreDeleteResponse, StoreDeleteResponseEnvelopeResultInfo, StoreSecretDeleteResponse, StoreSecretDeleteResponseStatus, StoreSecretBulkDeleteResponse (old shape), StoreSecretBulkDeleteResponseStatus, StoreSecretDeleteResponseEnvelopeResultInfo
   • StoreNewParams restructured (old StoreNewParamsBody removed)
   • StoreSecretBulkDeleteParams restructured

   Stream - AudioTracks Return Type Change

   The AudioTracks.Get() method now returns a dedicated response type instead of a paginated list. The GetAutoPaging() method has been removed:

   • Get() returns *AudioTrackGetResponse instead of *pagination.SinglePage[Audio]
   • GetAutoPaging() method removed

   Stream - Clip Type Removal and Return Type Change

   The Clip.New() method now returns the shared Video type. The following types have been entirely removed:

   • Clip, ClipPlayback, ClipStatus, ClipWatermark

   Stream - Copy and Clip Params Field Removals

   • ClipNewParams.MaxDurationSeconds, ThumbnailTimestampPct, Watermark removed
   • CopyNewParams.ThumbnailTimestampPct, Watermark removed

   Stream - Download and Webhook Changes

   • DownloadNewResponseStatus type removed
   • WebhookUpdateResponse and WebhookGetResponse changed from interface{} type aliases to full struct types

   Zero Trust - Access AI Control MCP Portal Union Types Removed

   The following union interface types have been removed:

   • AccessAIControlMcpPortalListResponseServersUpdatedPromptsUnion
   • AccessAIControlMcpPortalListResponseServersUpdatedToolsUnion
   • AccessAIControlMcpPortalReadResponseServersUpdatedPromptsUnion
   • AccessAIControlMcpPortalReadResponseServersUpdatedToolsUnion

   Features

   Vulnerability Scanner (client.VulnerabilityScanner)

   NEW SERVICE: Full vulnerability scanning management

   • CredentialSets - CRUD for credential sets (New, Update, List, Delete, Edit, Get)
   • Credentials - Manage credentials within sets (New, Update, List, Delete, Edit, Get)
   • Scans - Create and manage vulnerability scans (New, List, Get)
   • TargetEnvironments - Manage scan target environments (New, Update, List, Delete, Edit, Get)

   AI Search - Namespaces (client.AISearch.Namespaces)

   NEW SERVICE: Namespace-scoped AI Search management

   • New(), Update(), List(), Delete(), ChatCompletions(), Read(), Search()
   • Instances - Namespace-scoped instances (New, Update, List, Delete, ChatCompletions, Read, Search, Stats)
   • Jobs - Instance job management (New, Update, List, Get, Logs)
   • Items - Instance item management (List, Delete, Chunks, NewOrUpdate, Download, Get, Logs, Sync, Upload)

   Browser Rendering - Devtools (client.BrowserRendering.Devtools)

   NEW SERVICE: DevTools protocol browser control

   • Session - List and get devtools sessions
   • Browser - Browser lifecycle management (New, Delete, Connect, Launch, Protocol, Version)
   • Page - Get page by target ID
   • Targets - Manage browser targets (New, List, Activate, Get)

   Registrar (client.Registrar)

   NEW: Domain check and search endpoints

   • Check() - POST /accounts/{account_id}/registrar/domain-check
   • Search() - GET /accounts/{account_id}/registrar/domain-search

   NEW: Registration management (client.Registrar.Registrations)

   • New(), List(), Edit(), Get()
   • RegistrationStatus.Get() - Get registration workflow status
   • UpdateStatus.Get() - Get update workflow status

   Cache - Origin Cloud Regions (client.Cache.OriginCloudRegions)

   NEW SERVICE: Manage origin cloud region configurations

   • New(), List(), Delete(), BulkDelete(), BulkEdit(), Edit(), Get(), SupportedRegions()

   Zero Trust - DLP Settings (client.ZeroTrust.DLP.Settings)

   NEW SERVICE: DLP settings management

   • Update(), Delete(), Edit(), Get()

   Radar

   • AgentReadiness.Summary() - Agent readiness summary by dimension
   • AI.MarkdownForAgents.Summary() - Markdown-for-agents summary
   • AI.MarkdownForAgents.Timeseries() - Markdown-for-agents timeseries

   IAM (client.IAM)

   • UserGroups.Members.Get() - Get details of a specific member in a user group
   • UserGroups.Members.NewAutoPaging() - Auto-paging variant for adding members
   • UserGroups.NewParams.Policies changed from required to optional

   Bot Management

   • ContentBotsProtection field added to BotFightModeConfiguration and SubscriptionConfiguration (block/disabled)

   Deprecations

   None in this release.

   Get started

   • Download Go SDK v6.10.0 ↗
   • Go SDK documentation ↗
   • Migration Guide ↗

Feb 13, 2026

1. Cloudflare Python SDK v5.0.0-beta.1 now available

   Cloudflare Fundamentals SDK

   Disclaimer: Please note that v5.0.0-beta.1 is in Beta and we are still testing it for stability.

   Full Changelog: v4.3.1...v5.0.0-beta.1 ↗

   In this release, you'll see a large number of breaking changes. This is primarily due to a change in OpenAPI definitions, which our libraries are based off of, and codegen updates that we rely on to read those OpenAPI definitions and produce our SDK libraries. As the codegen is always evolving and improving, so are our code bases.

   There may be changes that are not captured in this changelog. Feel free to open an issue to report any inaccuracies, and we will make sure it gets into the changelog before the v5.0.0 release.

   Most of the breaking changes below are caused by improvements to the accuracy of the base OpenAPI schemas, which sometimes translates to breaking changes in downstream clients that depend on those schemas.

   Please ensure you read through the list of changes below and the migration guide before moving to this version - this will help you understand any down or upstream issues it may cause to your environments.

   Breaking Changes

   The following resources have breaking changes. See the v5 Migration Guide ↗ for detailed migration instructions.

   • abusereports
   • acm.totaltls
   • apigateway.configurations
   • cloudforceone.threatevents
   • d1.database
   • intel.indicatorfeeds
   • logpush.edge
   • origintlsclientauth.hostnames
   • queues.consumers
   • radar.bgp
   • rulesets.rules
   • schemavalidation.schemas
   • snippets
   • zerotrust.dlp
   • zerotrust.networks

   Features

   New API Resources

   • abusereports - Abuse report management
   • abusereports.mitigations - Abuse report mitigation actions
   • ai.tomarkdown - AI-powered markdown conversion
   • aigateway.dynamicrouting - AI Gateway dynamic routing configuration
   • aigateway.providerconfigs - AI Gateway provider configurations
   • aisearch - AI-powered search functionality
   • aisearch.instances - AI Search instance management
   • aisearch.tokens - AI Search authentication tokens
   • alerting.silences - Alert silence management
   • brandprotection.logomatches - Brand protection logo match detection
   • brandprotection.logos - Brand protection logo management
   • brandprotection.matches - Brand protection match results
   • brandprotection.queries - Brand protection query management
   • cloudforceone.binarystorage - CloudForce One binary storage
   • connectivity.directory - Connectivity directory services
   • d1.database - D1 database management
   • diagnostics.endpointhealthchecks - Endpoint health check diagnostics
   • fraud - Fraud detection and prevention
   • iam.sso - IAM Single Sign-On configuration
   • loadbalancers.monitorgroups - Load balancer monitor groups
   • organizations - Organization management
   • organizations.organizationprofile - Organization profile settings
   • origintlsclientauth.hostnamecertificates - Origin TLS client auth hostname certificates
   • origintlsclientauth.hostnames - Origin TLS client auth hostnames
   • origintlsclientauth.zonecertificates - Origin TLS client auth zone certificates
   • pipelines - Data pipeline management
   • pipelines.sinks - Pipeline sink configurations
   • pipelines.streams - Pipeline stream configurations
   • queues.subscriptions - Queue subscription management
   • r2datacatalog - R2 Data Catalog integration
   • r2datacatalog.credentials - R2 Data Catalog credentials
   • r2datacatalog.maintenanceconfigs - R2 Data Catalog maintenance configurations
   • r2datacatalog.namespaces - R2 Data Catalog namespaces
   • radar.bots - Radar bot analytics
   • radar.ct - Radar certificate transparency data
   • radar.geolocations - Radar geolocation data
   • realtimekit.activesession - Real-time Kit active session management
   • realtimekit.analytics - Real-time Kit analytics
   • realtimekit.apps - Real-time Kit application management
   • realtimekit.livestreams - Real-time Kit live streaming
   • realtimekit.meetings - Real-time Kit meeting management
   • realtimekit.presets - Real-time Kit preset configurations
   • realtimekit.recordings - Real-time Kit recording management
   • realtimekit.sessions - Real-time Kit session management
   • realtimekit.webhooks - Real-time Kit webhook configurations
   • tokenvalidation.configuration - Token validation configuration
   • tokenvalidation.rules - Token validation rules
   • workers.beta - Workers beta features

   New Endpoints (Existing Resources)

   acm.totaltls

   • edit()
   • update()

   cloudforceone.threatevents

   • list()

   contentscanning

   • create()
   • get()
   • update()

   dns.records

   • scan_list()
   • scan_review()
   • scan_trigger()

   intel.indicatorfeeds

   • create()
   • delete()
   • list()

   leakedcredentialchecks.detections

   • get()

   queues.consumers

   • list()

   radar.ai

   • summary()
   • timeseries()
   • timeseries_groups()

   radar.bgp

   • changes()
   • snapshot()

   workers.subdomains

   • delete()

   zerotrust.networks

   • create()
   • delete()
   • edit()
   • get()
   • list()

   General Fixes and Improvements

   Type System & Compatibility

   • Type inference improvements: Allow Pyright to properly infer TypedDict types within SequenceNotStr
   • Type completeness: Add missing types to method arguments and response models
   • Pydantic compatibility: Ensure compatibility with Pydantic versions prior to 2.8.0 when using additional fields

   Request/Response Handling

   • Multipart form data: Correctly handle sending multipart/form-data requests with JSON data
   • Header handling: Do not send headers with default values set to omit
   • GET request headers: Don't send Content-Type header on GET requests
   • Response body model accuracy: Broad improvements to the correctness of models

   Parsing & Data Processing

   • Discriminated unions: Correctly handle nested discriminated unions in response parsing
   • Extra field types: Parse extra field types correctly
   • Empty metadata: Ignore empty metadata fields during parsing
   • Singularization rules: Update resource name singularization rules for better consistency

Jan 20, 2026

1. Cloudflare Typescript SDK v6.0.0-beta.1 now available

   Cloudflare Fundamentals SDK

   Disclaimer: Please note that v6.0.0-beta.1 is in Beta and we are still testing it for stability.

   Full Changelog: v5.2.0...v6.0.0-beta.1 ↗

   In this release, you'll see a large number of breaking changes. This is primarily due to a change in OpenAPI definitions, which our libraries are based off of, and codegen updates that we rely on to read those OpenAPI definitions and produce our SDK libraries. As the codegen is always evolving and improving, so are our code bases.

   Some breaking changes were introduced due to bug fixes, also listed below.

   Please ensure you read through the list of changes below before moving to this version - this will help you understand any down or upstream issues it may cause to your environments.

   ---

   Breaking Changes

   Addressing - Parameter Requirements Changed

   • BGPPrefixCreateParams.cidr: optional → required
   • PrefixCreateParams.asn: number | null → number
   • PrefixCreateParams.loa_document_id: required → optional
   • ServiceBindingCreateParams.cidr: optional → required
   • ServiceBindingCreateParams.service_id: optional → required

   API Gateway

   • ConfigurationUpdateResponse removed
   • PublicSchema → OldPublicSchema
   • SchemaUpload → UserSchemaCreateResponse
   • ConfigurationUpdateParams.properties removed; use normalize

   CloudforceOne - Response Type Changes

   • ThreatEventBulkCreateResponse: number → complex object with counts and errors

   D1 Database - Query Parameters

   • DatabaseQueryParams: simple interface → union type (D1SingleQuery | MultipleQueries)
   • DatabaseRawParams: same change
   • Supports batch queries via batch array

   DNS Records - Type Renames (21 types)

   All record type interfaces renamed from *Record to short names:

   • RecordResponse.ARecord → RecordResponse.A
   • RecordResponse.AAAARecord → RecordResponse.AAAA
   • RecordResponse.CNAMERecord → RecordResponse.CNAME
   • RecordResponse.MXRecord → RecordResponse.MX
   • RecordResponse.NSRecord → RecordResponse.NS
   • RecordResponse.PTRRecord → RecordResponse.PTR
   • RecordResponse.TXTRecord → RecordResponse.TXT
   • RecordResponse.CAARecord → RecordResponse.CAA
   • RecordResponse.CERTRecord → RecordResponse.CERT
   • RecordResponse.DNSKEYRecord → RecordResponse.DNSKEY
   • RecordResponse.DSRecord → RecordResponse.DS
   • RecordResponse.HTTPSRecord → RecordResponse.HTTPS
   • RecordResponse.LOCRecord → RecordResponse.LOC
   • RecordResponse.NAPTRRecord → RecordResponse.NAPTR
   • RecordResponse.SMIMEARecord → RecordResponse.SMIMEA
   • RecordResponse.SRVRecord → RecordResponse.SRV
   • RecordResponse.SSHFPRecord → RecordResponse.SSHFP
   • RecordResponse.SVCBRecord → RecordResponse.SVCB
   • RecordResponse.TLSARecord → RecordResponse.TLSA
   • RecordResponse.URIRecord → RecordResponse.URI
   • RecordResponse.OpenpgpkeyRecord → RecordResponse.Openpgpkey

   IAM Resource Groups

   • ResourceGroupCreateResponse.scope: optional single → required array
   • ResourceGroupCreateResponse.id: optional → required

   Origin CA Certificates - Parameter Requirements Changed

   • OriginCACertificateCreateParams.csr: optional → required
   • OriginCACertificateCreateParams.hostnames: optional → required
   • OriginCACertificateCreateParams.request_type: optional → required

   Pages

   • Renamed: DeploymentsSinglePage → DeploymentListResponsesV4PagePaginationArray
   • Domain response fields: many optional → required

   Pipelines - v0 to v1 Migration

   • Entire v0 API deprecated; use v1 methods (createV1, listV1, etc.)
   • New sub-resources: Sinks, Streams

   R2

   • EventNotificationUpdateParams.rules: optional → required
   • Super Slurper: bucket, secret now required in source params

   Radar

   • dataSource: string → typed enum (23 values)
   • eventType: string → typed enum (6 values)
   • V2 methods require dimension parameter (breaking signature change)

   Resource Sharing

   • Removed: status_message field from all recipient response types

   Schema Validation

   • Consolidated SchemaCreateResponse, SchemaListResponse, SchemaEditResponse, SchemaGetResponse → PublicSchema
   • Renamed: SchemaListResponsesV4PagePaginationArray → PublicSchemasV4PagePaginationArray

   Spectrum

   • Renamed union members: AppListResponse.UnionMember0 → SpectrumConfigAppConfig
   • Renamed union members: AppListResponse.UnionMember1 → SpectrumConfigPaygoAppConfig

   Workers

   • Removed: WorkersBindingKindTailConsumer type (all occurrences)
   • Renamed: ScriptsSinglePage → ScriptListResponsesSinglePage
   • Removed: DeploymentsSinglePage

   Zero-Trust DLP

   • datasets.create(), update(), get() return types changed
   • PredefinedGetResponse union members renamed to UnionMember0-5

   Zero-Trust Tunnels

   • Removed: CloudflaredCreateResponse, CloudflaredListResponse, CloudflaredDeleteResponse, CloudflaredEditResponse, CloudflaredGetResponse
   • Removed: CloudflaredListResponsesV4PagePaginationArray

   ---

   Features

   Abuse Reports (client.abuseReports)

   • Reports: create, list, get
   • Mitigations: sub-resource for abuse mitigations

   AI Search (client.aisearch)

   • Instances: create, update, list, delete, read, stats
   • Items: list, get
   • Jobs: create, list, get, logs
   • Tokens: create, update, list, delete, read

   Connectivity (client.connectivity)

   • Directory Services: create, update, list, delete, get
   • Supports IPv4, IPv6, dual-stack, and hostname configurations

   Organizations (client.organizations)

   • Organizations: create, update, list, delete, get
   • OrganizationProfile: update, get
   • Hierarchical organization support with parent/child relationships

   R2 Data Catalog (client.r2DataCatalog)

   • Catalog: list, enable, disable, get
   • Credentials: create
   • MaintenanceConfigs: update, get
   • Namespaces: list
   • Tables: list, maintenance config management
   • Apache Iceberg integration

   Realtime Kit (client.realtimeKit)

   • Apps: get, post
   • Meetings: create, get, participant management
   • Livestreams: 10+ methods for streaming
   • Recordings: start, pause, stop, get
   • Sessions: transcripts, summaries, chat
   • Webhooks: full CRUD
   • ActiveSession: polls, kick participants
   • Analytics: organization analytics

   Token Validation (client.tokenValidation)

   • Configuration: create, list, delete, edit, get
   • Credentials: update
   • Rules: create, list, delete, bulkCreate, bulkEdit, edit, get
   • JWT validation with RS256/384/512, PS256/384/512, ES256, ES384

   Alerting Silences (client.alerting.silences)

   • create, update, list, delete, get

   IAM SSO (client.iam.sso)

   • create, update, list, delete, get, beginVerification

   Pipelines v1 (client.pipelines)

   • Sinks: create, list, delete, get
   • Streams: create, update, list, delete, get

   Zero-Trust AI Controls / MCP (client.zeroTrust.access.aiControls.mcp)

   • Portals: create, update, list, delete, read
   • Servers: create, update, list, delete, read, sync

   Accounts

   • managed_by field with parent_org_id, parent_org_name

   Addressing LOA Documents

   • auto_generated field on LOADocumentCreateResponse

   Addressing Prefixes

   • delegate_loa_creation, irr_validation_state, ownership_validation_state, ownership_validation_token, rpki_validation_state

   AI

   • Added toMarkdown.supported() method to get all supported conversion formats

   AI Gateway

   • zdr field added to all responses and params

   Alerting

   • New alert type: abuse_report_alert
   • type field added to PolicyFilter

   Browser Rendering

   • ContentCreateParams: refined to discriminated union (Variant0 | Variant1)
   • Split into URL-based and HTML-based parameter variants for better type safety

   Client Certificates

   • reactivate parameter in edit

   CloudforceOne

   • ThreatEventCreateParams.indicatorType: required → optional
   • hasChildren field added to all threat event response types
   • datasetIds query parameter on AttackerListParams, CategoryListParams, TargetIndustryListParams
   • categoryUuid field on TagCreateResponse
   • indicators array for multi-indicator support per event
   • uuid and preserveUuid fields for UUID preservation in bulk create
   • format query parameter ('json' | 'stix2') on ThreatEventListParams
   • createdAt, datasetId fields on ThreatEventEditParams

   Content Scanning

   • Added create(), update(), get() methods

   Custom Pages

   • New page types: basic_challenge, under_attack, waf_challenge

   D1

   • served_by_colo - colo that handled query
   • jurisdiction - 'eu' | 'fedramp'
   • Time Travel (client.d1.database.timeTravel): getBookmark(), restore() - point-in-time recovery

   Email Security

   • New fields on InvestigateListResponse/InvestigateGetResponse: envelope_from, envelope_to, postfix_id_outbound, replyto
   • New detection classification: 'outbound_ndr'
   • Enhanced Finding interface with attachment, detection, field, portion, reason, score
   • Added cursor query parameter to InvestigateListParams

   Gateway Lists

   • New list types: CATEGORY, LOCATION, DEVICE

   Intel

   • New issue type: 'configuration_suggestion'
   • payload field: unknown → typed Payload interface with detection_method, zone_tag

   Leaked Credential Checks

   • Added detections.get() method

   Logpush

   • New datasets: dex_application_tests, dex_device_state_events, ipsec_logs, warp_config_changes, warp_toggle_changes

   Load Balancers

   • Monitor.port: number → number | null
   • Pool.load_shedding: LoadShedding → LoadShedding | null
   • Pool.origin_steering: OriginSteering → OriginSteering | null

   Magic Transit

   • license_key field on connectors
   • provision_license parameter for auto-provisioning
   • IPSec: custom_remote_identities with FQDN support
   • Snapshots: Bond interface, probed_mtu field

   Pages

   • New response types: ProjectCreateResponse, ProjectListResponse, ProjectEditResponse, ProjectGetResponse
   • Deployment methods return specific response types instead of generic Deployment

   Queues

   • Added subscriptions.get() method
   • Enhanced SubscriptionGetResponse with typed event source interfaces
   • New event source types: Images, KV, R2, Vectorize, Workers AI, Workers Builds, Workflows

   R2

   • Sippy: new provider s3 (S3-compatible endpoints)
   • Sippy: bucketUrl field for S3-compatible sources
   • Super Slurper: keys field on source response schemas (specify specific keys to migrate)
   • Super Slurper: pathPrefix field on source schemas
   • Super Slurper: region field on S3 source params

   Radar

   • Added geolocations.list(), geolocations.get() methods
   • Added V2 dimension-based methods (summaryV2, timeseriesGroupsV2) to radar sub-resources

   Resource Sharing

   • Added terminal boolean field to Resource Error interfaces

   Rules

   • Added id field to ItemDeleteParams.Item

   Rulesets

   • New buffering fields on SetConfigRule: request_body_buffering, response_body_buffering

   Secrets Store

   • New scopes: 'dex', 'access' (in addition to 'workers', 'ai_gateway')

   SSL Certificate Packs

   • Response types now proper interfaces (was unknown)
   • Fields now required: id, certificates, hosts, status, type

   Security Center

   • payload field: unknown → typed Payload interface with detection_method, zone_tag

   Shared Types

   • Added: CloudflareTunnelsV4PagePaginationArray pagination class

   Workers

   • Added subdomains.delete() method
   • Worker.references - track external dependencies (domains, Durable Objects, queues)
   • Worker.startup_time_ms - startup timing
   • Script.observability - observability settings with logging
   • Script.tag, Script.tags - immutable ID and tags
   • Placement: support for region, hostname, host-based placement
   • tags, tail_consumers now accept | null
   • Telemetry: traces field, $containers event info, durableObjectId, transactionName, abr_level fields

   Workers for Platforms

   • ScriptUpdateResponse: new fields entry_point, observability, tag, tags
   • placement field now union of 4 variants (smart mode, region, hostname, host)
   • tags, tail_consumers now nullable
   • TagUpdateParams.body now accepts null

   Workflows

   • instance_retention: unknown → typed InstanceRetention interface with error_retention, success_retention
   • New status option: 'restart' added to StatusEditParams.status

   Zero-Trust Devices

   • External emergency disconnect settings (4 new fields)
   • antivirus device posture check type
   • os_version_extra documentation improvements

   Zones

   • New response types: SubscriptionCreateResponse, SubscriptionUpdateResponse, SubscriptionGetResponse

   Zero-Trust Access Applications

   • New ApplicationType values: 'mcp', 'mcp_portal', 'proxy_endpoint'
   • New destination type: ViaMcpServerPortalDestination for MCP server access

   Zero-Trust Gateway

   • Added rules.listTenant() method

   Zero-Trust Gateway - Proxy Endpoints

   • ProxyEndpoint: interface → discriminated union (ZeroTrustGatewayProxyEndpointIP | ZeroTrustGatewayProxyEndpointIdentity)
   • ProxyEndpointCreateParams: interface → union type
   • Added kind field: 'ip' | 'identity'

   Zero-Trust Tunnels

   • WARPConnector*Response: union type → interface

   ---

   Deprecations

   • API Gateway: UserSchemas, Settings, SchemaValidation resources
   • Audit Logs: auditLogId.not (use id.not)
   • CloudforceOne: ThreatEvents.get(), IndicatorTypes.list()
   • Devices: public_ip field (use DEX API)
   • Email Security: item_count field in Move responses
   • Pipelines: v0 methods (use v1)
   • Radar: old summary() and timeseriesGroups() methods (use V2)
   • Rulesets: disable_apps, mirage fields
   • WARP Connector: connections field
   • Workers: environment parameter in Domains
   • Zones: ResponseBuffering page rule

   ---

   Bug Fixes

   • mcp: correct code tool API endpoint (599703c ↗)
   • mcp: return correct lines on typescript errors (5d6f999 ↗)
   • organization_profile: fix bad reference (d84ea77 ↗)
   • schema_validation: correctly reflect model to openapi mapping (bb86151 ↗)
   • workers: fix tests (2ee37f7 ↗)

   ---

   Documentation

   • Added deprecation notices with migration paths
   • api_gateway: deprecate API Shield Schema Validation resources (8a4b20f ↗)
   • Improved JSDoc examples across all resources
   • workers: expose subdomain delete documentation (4f7cc1f ↗)

Search all changelog entries