Cloudflare changelogs | SDK

SDK, Go SDK - Go SDK v7.0.0 Released

Thu, 30 Apr 2026 00:00:00 GMT

This is a major version release that includes breaking changes to three packages: ai_search, email_security, and workers. These changes reflect upstream API specification updates that improve type correctness and consistency.

Please ensure you read through the list of changes below before moving to this version - this will help you understand any down or upstream issues it may cause to your environments.

Breaking Changes

See the v7.0.0 Migration Guide for before/after code examples and actions needed for each change.

AI Search - SearchForAgents Metadata Removed

The SearchForAgents nested type has been removed from all instance metadata structs. This field is no longer part of the API specification.

Removed Types:

InstanceNewResponseMetadataSearchForAgents
InstanceUpdateResponseMetadataSearchForAgents
InstanceListResponseMetadataSearchForAgents
InstanceDeleteResponseMetadataSearchForAgents
InstanceReadResponseMetadataSearchForAgents
InstanceNewParamsMetadataSearchForAgents
InstanceUpdateParamsMetadataSearchForAgents
NamespaceInstanceNewResponseMetadataSearchForAgents
NamespaceInstanceUpdateResponseMetadataSearchForAgents
NamespaceInstanceListResponseMetadataSearchForAgents
NamespaceInstanceDeleteResponseMetadataSearchForAgents
NamespaceInstanceReadResponseMetadataSearchForAgents
NamespaceInstanceNewParamsMetadataSearchForAgents
NamespaceInstanceUpdateParamsMetadataSearchForAgents

Email Security - Path Parameter Type Changes

Multiple Email Security settings sub-resources have changed their path parameter types from int64 to string:

AllowPolicies (policyID int64 -> policyID string)
BlockSenders (patternID int64 -> patternID string)
Domains (domainID int64 -> domainID string)
ImpersonationRegistry (displayNameID int64 -> impersonationRegistryID string)
TrustedDomains (trustedDomainID int64 -> trustedDomainID string)

Email Security - Investigate Parameter Rename

The Investigate.Get, Investigate.Move.New, and Investigate.Reclassify.New methods now use investigateID instead of postfixID as the path parameter name.

Email Security - Domains BulkDelete Method Removed

The SettingDomainService.BulkDelete method and its associated types have been removed:

SettingDomainBulkDeleteResponse
SettingDomainBulkDeleteParams

Email Security - TrustedDomains Return Type Change

SettingTrustedDomainService.New now returns *SettingTrustedDomainNewResponse instead of *SettingTrustedDomainNewResponseUnion.

Email Security - Investigate.Move Return Type Change

InvestigateMoveService.New now returns *pagination.SinglePage[InvestigateMoveNewResponse] instead of *[]InvestigateMoveNewResponse.

Workers - Observability Telemetry Filter Restructuring

The observability telemetry filter parameter types have been restructured to support nested filter groups. New discriminated union types replace the previous flat filter arrays:

ObservabilityTelemetryKeysParams.Filters now accepts FiltersObjectFilterUnion (was []interface\{\})
ObservabilityTelemetryQueryParams.Parameters.Filters now accepts FiltersObjectFilterUnion
ObservabilityTelemetryValuesParams.Filters now accepts FiltersObjectFilterUnion

New types include FiltersObjectFiltersObject (for group filters with FilterCombination) and FiltersWorkersObservabilityFilterLeaf (for leaf filters with typed Operation, Type, and Value fields).

Features

Organizations - Audit Logs (`client.Organizations.Logs.Audit`)

NEW SERVICE: Query organization audit logs with cursor-based pagination.

List() - Retrieve audit logs

Browser Rendering (`client.BrowserRendering`)

client.BrowserRendering.Devtools.Browser.Targets.Close() - Close a specific browser target (tab, page) by ID

Queues (`client.Queues`)

client.Queues.GetMetrics() - Retrieve queue metrics for a specific queue

AI Search (`client.AISearch`)

Added WaitForCompletion parameter to NamespaceInstanceItemNewOrUpdateParams and NamespaceInstanceItemSyncParams for synchronous indexing confirmation

Bug Fixes

Magic Transit: ConnectorService.List parameter name corrected from query to params (non-functional, affects generated documentation only)

Deprecations

None in this release.

Get started

SDK - Cloudflare Python SDK v5.0.0 Released

Thu, 30 Apr 2026 00:00:00 GMT

Full Changelog: v4.3.1...v5.0.0

This is a major release of the Cloudflare Python SDK. It drops support for Python 3.8, adds 11 new API services, introduces optional aiohttp backend support for improved async concurrency, and includes hundreds of type and method updates across the entire API surface.

Please review the breaking changes below before upgrading. A migration guide is available at v5.0.0 Migration Guide.

Breaking Changes

Python 3.8 is no longer supported. The minimum required version is now Python 3.9.
typing-extensions minimum version bumped from >=4.10 to >=4.14.

The following resources have breaking changes. See the v5.0.0 Migration Guide for detailed migration instructions.

abusereports
acm.totaltls
apigateway.configurations
cloudforceone.threatevents
d1.database
intel.indicatorfeeds
logpush.edge
origintlsclientauth.hostnames
queues.consumers
radar.bgp
rulesets.rules
schemavalidation.schemas
snippets
zerotrust.dlp
zerotrust.networks

Features

aiohttp Backend Support

The async client now supports an optional aiohttp HTTP backend for improved concurrency performance. Install with pip install cloudflare[aiohttp] and use DefaultAioHttpClient() as the http_client parameter.

Python 3.13 and 3.14 Support

Python 3.13 and 3.14 are now tested and supported.

New Services

The following top-level resources are new in this release:

Resource	Client Path	Description
AI Search	`aisearch`	AI-powered search capabilities
Connectivity	`connectivity`	Connectivity testing and diagnostics
Email Sending	`email_sending`	Email send and send_raw endpoints
Fraud	`fraud`	Fraud detection and prevention
Google Tag Gateway	`google_tag_gateway`	Google Tag Gateway management
Organizations	`organizations`	Organization audit logs and management
R2 Data Catalog	`r2_data_catalog`	R2 Data Catalog operations
Realtime Kit	`realtime_kit`	Realtime communication (Calls/TURN)
Resource Tagging	`resource_tagging`	Resource tagging and labeling
Token Validation	`token_validation`	Token validation configuration and rules
Vulnerability Scanner	`vulnerability_scanner`	Vulnerability scanning, credential sets, and target environments

New Endpoints on Existing Services

api_gateway: Labels endpoints
billing: Billable usage PayGo endpoint
brand_protection: v2 endpoints
browser_rendering: DevTools methods
cache: Origin cloud regions resource
custom_origin_trust_store: Custom origin trust store
dns: dns_records/usage endpoints
email_security: Phishguard reports endpoint
iam: User groups and user group members resources
radar: Botnet Threat Feed and Post-Quantum endpoints
workers: Observability Destinations resources
zero_trust: Access Users, DEX rules, Device IP Profile, Device Subnet, WARP Connector connections and failover, WARP Subnet, Gateway PAC files
zones: Zone environments endpoints

Bug Fixes

Fixed polymorphic_serialization parameter in model_dump overrides
Added BaseModel base to response SchemaFieldStruct/SchemaFieldList stubs in Pipelines
Added missing model_rebuild/update_forward_refs for SharedEntryCustomEntry classes in DLP
Made RunQueryParametersNeedleValue a BaseModel with arbitrary_types_allowed in Workers
Removed duplicate notification_url field in webhook response types for Stream
Resolved pre-existing codegen type errors
Fixed type: ignore[call-arg] placement for mypy compatibility in Radar

Deprecations

Resources with @deprecated annotations on some methods include: accounts, addressing, ai-gateway, aisearch, api-gateway, billing, cloudforce-one, dns, email-routing, email-security, filters, firewall, images, intel, kv, logpush, origin-tls-client-auth, pages, pipelines, radar, rate-limits, registrar, rulesets, ssl, user, workers, workers-for-platforms, zero-trust, zones

Get started

SDK - Cloudflare TypeScript SDK v6.0.0 Released

Thu, 30 Apr 2026 00:00:00 GMT

Full Changelog: v6.0.0-beta.2...v6.0.0

This is a major version release of the Cloudflare TypeScript SDK. It includes 11 entirely new top-level API resources, new sub-resources and methods across 50+ existing resources, SDK infrastructure improvements, and breaking changes to the generated API surface from the v5.x line.

Please ensure you read through the list of changes below before moving to this version - this will help you understand any down or upstream issues it may cause to your environments.

Breaking Changes

SDK Infrastructure

Retry-After handling changed: The SDK now respects any server-specified Retry-After value for rate-limited requests. Previously, values over 60 seconds were ignored and a default backoff was used instead.
Empty response handling: Responses with content-length: 0 now return undefined instead of attempting to parse the body.
Environment variable reading: Empty string env vars (for example, CLOUDFLARE_API_TOKEN="") are now treated as unset.
Path query parameter merging: URL search params embedded in endpoint paths are now extracted and merged into the query object.

Removed Endpoints (17)

17 HTTP endpoints were removed from the SDK, affecting abuse-reports, cloudforce-one, dlp/profiles/predefined, email-security/investigate, email-security/settings, and intel/ip-list.

Method Signature Changes

client.ai.toMarkdown.transform(file, \{ ...params \}) -> client.ai.toMarkdown.transform(\{ ...params \}) -- file moved from positional arg into params body
client.radar.ai.toMarkdown.create(body, \{ ...params \}) -> client.radar.ai.toMarkdown.create(\{ ...params \}) -- body moved from positional arg into params
client.abuseReports.create(reportType, \{ ...params \}) -> client.abuseReports.create(reportParam, \{ ...params \}) -- positional arg renamed
client.iam.userGroups.members.create(userGroupId, [ ...body ]) -> client.iam.userGroups.members.create(userGroupId, [ ...members ]) -- body array param renamed

Renamed Client Paths

client.originTLSClientAuth.hostnames.certificates -> client.originTLSClientAuth.zoneCertificates
client.radar.netflows -> client.radar.netFlows (casing change)

Return Type Changes (179)

133 methods now return null instead of a typed response object. This primarily affects delete operations across accounts, cache, d1, filters, firewall, hyperdrive, iam, kv, logpush, logs, r2, stream, workers, zero-trust, zones, and others.
17 methods changed pagination type (for example, KeysCursorPaginationAfter -> KeysCursorLimitPagination).
29 methods changed to a different named type (for example, CloudflaredCreateResponse -> CloudflareTunnel).

Removed Types (43)

24 shared types removed from root namespace (ASN, AuditLog, Member, Permission, Role, Subscription, Token, etc.). 19 response types consolidated or renamed.

Resource Restructuring

19 resources were restructured from single files to directories. Public API client paths are unchanged, but deep imports may break.

New Top-Level Resources

11 entirely new resources added to the client:

Resource	Client Path	Methods	Description
AI Search	`client.aiSearch`	46	Instances, namespaces, tokens, and items
Connectivity	`client.connectivity`	5	Directory service APIs
Email Sending	`client.emailSending`	7	Send and send_raw endpoints
Fraud	`client.fraud`	2	Fraud detection API
Google Tag Gateway	`client.googleTagGateway`	2	Google Tag Gateway management
Organizations	`client.organizations`	8	Organization profiles and audit logs
R2 Data Catalog	`client.r2DataCatalog`	11	R2 Data Catalog routes
Realtime Kit	`client.realtimeKit`	54	Realtime Kit APIs
Resource Tagging	`client.resourceTagging`	9	Resource tagging routes
Token Validation	`client.tokenValidation`	13	Token validation rules
Vulnerability Scanner	`client.vulnerabilityScanner`	21	Vulnerability scanning

New Sub-Resources on Existing Resources

browser-rendering: crawl, devtools - Crawl endpoints and DevTools methods
cache: origin-cloud-regions - Origin cloud regions resource
dns: usage - DNS records usage endpoints
d1: time-travel - Time travel get_bookmark and restore
email-security: phishguard - Phishguard reports endpoint
pipelines: sinks, streams - Pipelines restructure
radar: agent-readiness, geolocations, post-quantum - New analytics endpoints
workers: observability - Observability destinations
zones: environments - Zone environments endpoints
api-gateway: labels - Labels endpoints
brand-protection: v2 - V2 endpoints
alerting: silences - Alert silencing API
billing: usage - Billable usage PayGo endpoint
iam: sso - SSO Connectors resource
queues: getMetrics method - Queues metrics endpoint
registrar: registration-status, update-status - Registrar API convergence
zero-trust: DLP settings, DEX rules, Access Users, WARP Connector, WARP Subnets, Gateway PAC files, Gateway tenants

Bug Fixes

Resolved type errors from codegen overwriting manual fixes
Fixed post() usage for to-markdown endpoints to resolve async type error
Added least-privilege permissions to all workflow jobs
Reverted erroneous removal of rulesets resource methods and types
Resolved prettier formatting errors in codegen output

Deprecations

The following resources now include @deprecated annotations on some methods:

accounts, addressing, ai-gateway, aisearch, api-gateway, billing, cloudforce-one, custom-nameservers, dns, email-routing, email-security, filters, firewall, images, intel, keyless-certificates, kv, logpush, origin-tls-client-auth, page-shield, pages, pipelines, radar, rate-limits, registrar, rulesets, ssl, user, workers, workers-for-platforms, zero-trust, zones

Get started

SDK, Go SDK - Go SDK v6.10.0 Released

Thu, 23 Apr 2026 00:00:00 GMT

v6.10.0

In this release, you'll see a number of breaking changes. This is primarily due to changes in OpenAPI definitions, which our libraries are based off of, and codegen updates that we rely on to read those OpenAPI definitions and produce our SDK libraries.

Please ensure you read through the list of changes below before moving to this version - this will help you understand any down or upstream issues it may cause to your environments.

Breaking Changes

See the v6.10.0 Migration Guide for before/after code examples and actions needed for each change.

Abuse Reports - Registrar WHOIS Report Field Removals

Several fields have been removed from AbuseReportNewParamsBodyAbuseReportsRegistrarWhoisReportRegWhoRequest:

RegWhoGoodFaithAffirmation
RegWhoLawfulProcessingAgreement
RegWhoLegalBasis
RegWhoRequestType
RegWhoRequestedDataElements

AI Search - Instance Params Restructured

The InstanceNewParams and InstanceUpdateParams types have been significantly restructured. Many fields have been moved or removed:

InstanceNewParams.TokenID, Type, CreatedFromAISearchWizard, WorkerDomain removed
InstanceUpdateParams — most configuration fields removed (including IndexMethod, IndexingOptions, MaxNumResults, Metadata, Paused, PublicEndpointParams, Reranking, RerankingModel, RetrievalOptions, RewriteModel, RewriteQuery, ScoreThreshold, SourceParams, Summarization, SummarizationModel, SystemPromptAISearch, SystemPromptIndexSummarization, SystemPromptRewriteQuery, TokenID, CreatedFromAISearchWizard, WorkerDomain)
InstanceSearchParams.Messages field removed along with InstanceSearchParamsMessage and InstanceSearchParamsMessagesRole types

AI Search - InstanceItem Service Removed

The InstanceItemService type has been removed. The items sub-resource at client.AISearch.Instances.Items no longer exists in the non-namespace path. Use client.AISearch.Namespaces.Instances.Items instead.

AI Search - Token Types Removed

The following types have been removed from the ai_search package:

TokenDeleteResponse
TokenListParams (and associated TokenListParamsOrderBy, TokenListParamsOrderByDirection)

Email Security - Investigate Move Return Type Change

The Investigate.Move.New() method now returns a raw slice instead of a paginated wrapper:

New() returns *[]InvestigateMoveNewResponse instead of *pagination.SinglePage[InvestigateMoveNewResponse]
NewAutoPaging() method removed

Hyperdrive - Config Params Restructured

The ConfigEditParams type lost its MTLS and Name fields. The HyperdriveMTLSParam type lost MTLS and Host fields. The Host field on origin config changed from param.Field[string] to a plain string.

IAM - UserGroupMember Params and Return Types Changed

The UserGroupMemberNewParams struct has been restructured and the New() method now returns a paginated response:

UserGroupMemberNewParams.Body renamed to UserGroupMemberNewParams.Members
UserGroupMemberNewParamsBody renamed to UserGroupMemberNewParamsMember
UserGroupMemberUpdateParams.Body renamed to UserGroupMemberUpdateParams.Members
UserGroupMemberUpdateParamsBody renamed to UserGroupMemberUpdateParamsMember
UserGroups.Members.New() returns *pagination.SinglePage[UserGroupMemberNewResponse] instead of *UserGroupMemberNewResponse

IAM - UserGroup List Direction Type Changed

The UserGroupListParams.Direction field changed from param.Field[string] to param.Field[UserGroupListParamsDirection] (typed enum with asc/desc values).

Pipelines - Delete Methods Now Return Typed Responses

Several delete methods across Pipelines now return typed responses instead of bare error:

Pipelines.DeleteV1() returns (*PipelineDeleteV1Response, error) instead of error
Pipelines.Sinks.Delete() returns (*SinkDeleteResponse, error) instead of error
Pipelines.Streams.Delete() returns (*StreamDeleteResponse, error) instead of error

Queues - Message Response Types Removed

The following response envelope types have been removed:

MessageBulkPushResponseSuccess
MessagePushResponseSuccess
MessageAckResponse fields RetryCount and Warnings removed

Secrets Store - Pagination Wrapper Removal and Type Changes

Methods now return direct types instead of SinglePage wrappers, and several internal types have been removed. Associated AutoPaging methods have also been removed:

Stores.New() returns *StoreNewResponse instead of *pagination.SinglePage[StoreNewResponse]
Stores.NewAutoPaging() method removed
Stores.Secrets.BulkDelete() returns *StoreSecretBulkDeleteResponse instead of *pagination.SinglePage[StoreSecretBulkDeleteResponse]
Stores.Secrets.BulkDeleteAutoPaging() method removed
Removed types: StoreDeleteResponse, StoreDeleteResponseEnvelopeResultInfo, StoreSecretDeleteResponse, StoreSecretDeleteResponseStatus, StoreSecretBulkDeleteResponse (old shape), StoreSecretBulkDeleteResponseStatus, StoreSecretDeleteResponseEnvelopeResultInfo
StoreNewParams restructured (old StoreNewParamsBody removed)
StoreSecretBulkDeleteParams restructured

Stream - AudioTracks Return Type Change

The AudioTracks.Get() method now returns a dedicated response type instead of a paginated list. The GetAutoPaging() method has been removed:

Get() returns *AudioTrackGetResponse instead of *pagination.SinglePage[Audio]
GetAutoPaging() method removed

Stream - Clip Type Removal and Return Type Change

The Clip.New() method now returns the shared Video type. The following types have been entirely removed:

Clip, ClipPlayback, ClipStatus, ClipWatermark

Stream - Copy and Clip Params Field Removals

ClipNewParams.MaxDurationSeconds, ThumbnailTimestampPct, Watermark removed
CopyNewParams.ThumbnailTimestampPct, Watermark removed

Stream - Download and Webhook Changes

DownloadNewResponseStatus type removed
WebhookUpdateResponse and WebhookGetResponse changed from interface{} type aliases to full struct types

Zero Trust - Access AI Control MCP Portal Union Types Removed

The following union interface types have been removed:

AccessAIControlMcpPortalListResponseServersUpdatedPromptsUnion
AccessAIControlMcpPortalListResponseServersUpdatedToolsUnion
AccessAIControlMcpPortalReadResponseServersUpdatedPromptsUnion
AccessAIControlMcpPortalReadResponseServersUpdatedToolsUnion

Features

Vulnerability Scanner (`client.VulnerabilityScanner`)

NEW SERVICE: Full vulnerability scanning management

CredentialSets - CRUD for credential sets (New, Update, List, Delete, Edit, Get)
Credentials - Manage credentials within sets (New, Update, List, Delete, Edit, Get)
Scans - Create and manage vulnerability scans (New, List, Get)
TargetEnvironments - Manage scan target environments (New, Update, List, Delete, Edit, Get)

AI Search - Namespaces (`client.AISearch.Namespaces`)

NEW SERVICE: Namespace-scoped AI Search management

New(), Update(), List(), Delete(), ChatCompletions(), Read(), Search()
Instances - Namespace-scoped instances (New, Update, List, Delete, ChatCompletions, Read, Search, Stats)
Jobs - Instance job management (New, Update, List, Get, Logs)
Items - Instance item management (List, Delete, Chunks, NewOrUpdate, Download, Get, Logs, Sync, Upload)

Browser Rendering - Devtools (`client.BrowserRendering.Devtools`)

NEW SERVICE: DevTools protocol browser control

Session - List and get devtools sessions
Browser - Browser lifecycle management (New, Delete, Connect, Launch, Protocol, Version)
Page - Get page by target ID
Targets - Manage browser targets (New, List, Activate, Get)

Registrar (`client.Registrar`)

NEW: Domain check and search endpoints

Check() - POST /accounts/{account_id}/registrar/domain-check
Search() - GET /accounts/{account_id}/registrar/domain-search

NEW: Registration management (client.Registrar.Registrations)

New(), List(), Edit(), Get()
RegistrationStatus.Get() - Get registration workflow status
UpdateStatus.Get() - Get update workflow status

Cache - Origin Cloud Regions (`client.Cache.OriginCloudRegions`)

NEW SERVICE: Manage origin cloud region configurations

New(), List(), Delete(), BulkDelete(), BulkEdit(), Edit(), Get(), SupportedRegions()

Zero Trust - DLP Settings (`client.ZeroTrust.DLP.Settings`)

NEW SERVICE: DLP settings management

Update(), Delete(), Edit(), Get()

Radar

AgentReadiness.Summary() - Agent readiness summary by dimension
AI.MarkdownForAgents.Summary() - Markdown-for-agents summary
AI.MarkdownForAgents.Timeseries() - Markdown-for-agents timeseries

IAM (`client.IAM`)

UserGroups.Members.Get() - Get details of a specific member in a user group
UserGroups.Members.NewAutoPaging() - Auto-paging variant for adding members
UserGroups.NewParams.Policies changed from required to optional

Bot Management

ContentBotsProtection field added to BotFightModeConfiguration and SubscriptionConfiguration (block/disabled)

Deprecations

None in this release.

Get started

Cloudflare Fundamentals, SDK - Cloudflare Python SDK v5.0.0-beta.1 now available

Fri, 13 Feb 2026 00:00:00 GMT

Disclaimer: Please note that v5.0.0-beta.1 is in Beta and we are still testing it for stability.

Full Changelog: v4.3.1...v5.0.0-beta.1

In this release, you'll see a large number of breaking changes. This is primarily due to a change in OpenAPI definitions, which our libraries are based off of, and codegen updates that we rely on to read those OpenAPI definitions and produce our SDK libraries. As the codegen is always evolving and improving, so are our code bases.

There may be changes that are not captured in this changelog. Feel free to open an issue to report any inaccuracies, and we will make sure it gets into the changelog before the v5.0.0 release.

Most of the breaking changes below are caused by improvements to the accuracy of the base OpenAPI schemas, which sometimes translates to breaking changes in downstream clients that depend on those schemas.

Please ensure you read through the list of changes below and the migration guide before moving to this version - this will help you understand any down or upstream issues it may cause to your environments.

Breaking Changes

The following resources have breaking changes. See the v5 Migration Guide for detailed migration instructions.

abusereports
acm.totaltls
apigateway.configurations
cloudforceone.threatevents
d1.database
intel.indicatorfeeds
logpush.edge
origintlsclientauth.hostnames
queues.consumers
radar.bgp
rulesets.rules
schemavalidation.schemas
snippets
zerotrust.dlp
zerotrust.networks

Features

New API Resources

abusereports - Abuse report management
abusereports.mitigations - Abuse report mitigation actions
ai.tomarkdown - AI-powered markdown conversion
aigateway.dynamicrouting - AI Gateway dynamic routing configuration
aigateway.providerconfigs - AI Gateway provider configurations
aisearch - AI-powered search functionality
aisearch.instances - AI Search instance management
aisearch.tokens - AI Search authentication tokens
alerting.silences - Alert silence management
brandprotection.logomatches - Brand protection logo match detection
brandprotection.logos - Brand protection logo management
brandprotection.matches - Brand protection match results
brandprotection.queries - Brand protection query management
cloudforceone.binarystorage - CloudForce One binary storage
connectivity.directory - Connectivity directory services
d1.database - D1 database management
diagnostics.endpointhealthchecks - Endpoint health check diagnostics
fraud - Fraud detection and prevention
iam.sso - IAM Single Sign-On configuration
loadbalancers.monitorgroups - Load balancer monitor groups
organizations - Organization management
organizations.organizationprofile - Organization profile settings
origintlsclientauth.hostnamecertificates - Origin TLS client auth hostname certificates
origintlsclientauth.hostnames - Origin TLS client auth hostnames
origintlsclientauth.zonecertificates - Origin TLS client auth zone certificates
pipelines - Data pipeline management
pipelines.sinks - Pipeline sink configurations
pipelines.streams - Pipeline stream configurations
queues.subscriptions - Queue subscription management
r2datacatalog - R2 Data Catalog integration
r2datacatalog.credentials - R2 Data Catalog credentials
r2datacatalog.maintenanceconfigs - R2 Data Catalog maintenance configurations
r2datacatalog.namespaces - R2 Data Catalog namespaces
radar.bots - Radar bot analytics
radar.ct - Radar certificate transparency data
radar.geolocations - Radar geolocation data
realtimekit.activesession - Real-time Kit active session management
realtimekit.analytics - Real-time Kit analytics
realtimekit.apps - Real-time Kit application management
realtimekit.livestreams - Real-time Kit live streaming
realtimekit.meetings - Real-time Kit meeting management
realtimekit.presets - Real-time Kit preset configurations
realtimekit.recordings - Real-time Kit recording management
realtimekit.sessions - Real-time Kit session management
realtimekit.webhooks - Real-time Kit webhook configurations
tokenvalidation.configuration - Token validation configuration
tokenvalidation.rules - Token validation rules
workers.beta - Workers beta features

New Endpoints (Existing Resources)

`acm.totaltls`

edit()
update()

`cloudforceone.threatevents`

list()

`contentscanning`

create()
get()
update()

`dns.records`

scan_list()
scan_review()
scan_trigger()

`intel.indicatorfeeds`

create()
delete()
list()

`leakedcredentialchecks.detections`

get()

`queues.consumers`

list()

`radar.ai`

summary()
timeseries()
timeseries_groups()

`radar.bgp`

changes()
snapshot()

`workers.subdomains`

delete()

`zerotrust.networks`

create()
delete()
edit()
get()
list()

General Fixes and Improvements

Type System & Compatibility

Type inference improvements: Allow Pyright to properly infer TypedDict types within SequenceNotStr
Type completeness: Add missing types to method arguments and response models
Pydantic compatibility: Ensure compatibility with Pydantic versions prior to 2.8.0 when using additional fields

Request/Response Handling

Multipart form data: Correctly handle sending multipart/form-data requests with JSON data
Header handling: Do not send headers with default values set to omit
GET request headers: Don't send Content-Type header on GET requests
Response body model accuracy: Broad improvements to the correctness of models

Parsing & Data Processing

Discriminated unions: Correctly handle nested discriminated unions in response parsing
Extra field types: Parse extra field types correctly
Empty metadata: Ignore empty metadata fields during parsing
Singularization rules: Update resource name singularization rules for better consistency

Cloudflare Fundamentals, SDK - Cloudflare Typescript SDK v6.0.0-beta.1 now available

Tue, 20 Jan 2026 00:00:00 GMT

Disclaimer: Please note that v6.0.0-beta.1 is in Beta and we are still testing it for stability.

Full Changelog: v5.2.0...v6.0.0-beta.1

Some breaking changes were introduced due to bug fixes, also listed below.

Please ensure you read through the list of changes below before moving to this version - this will help you understand any down or upstream issues it may cause to your environments.

Breaking Changes

Addressing - Parameter Requirements Changed

BGPPrefixCreateParams.cidr: optional → required
PrefixCreateParams.asn: number | null → number
PrefixCreateParams.loa_document_id: required → optional
ServiceBindingCreateParams.cidr: optional → required
ServiceBindingCreateParams.service_id: optional → required

API Gateway

ConfigurationUpdateResponse removed
PublicSchema → OldPublicSchema
SchemaUpload → UserSchemaCreateResponse
ConfigurationUpdateParams.properties removed; use normalize

CloudforceOne - Response Type Changes

ThreatEventBulkCreateResponse: number → complex object with counts and errors

D1 Database - Query Parameters

DatabaseQueryParams: simple interface → union type (D1SingleQuery | MultipleQueries)
DatabaseRawParams: same change
Supports batch queries via batch array

DNS Records - Type Renames (21 types)

All record type interfaces renamed from *Record to short names:

RecordResponse.ARecord → RecordResponse.A
RecordResponse.AAAARecord → RecordResponse.AAAA
RecordResponse.CNAMERecord → RecordResponse.CNAME
RecordResponse.MXRecord → RecordResponse.MX
RecordResponse.NSRecord → RecordResponse.NS
RecordResponse.PTRRecord → RecordResponse.PTR
RecordResponse.TXTRecord → RecordResponse.TXT
RecordResponse.CAARecord → RecordResponse.CAA
RecordResponse.CERTRecord → RecordResponse.CERT
RecordResponse.DNSKEYRecord → RecordResponse.DNSKEY
RecordResponse.DSRecord → RecordResponse.DS
RecordResponse.HTTPSRecord → RecordResponse.HTTPS
RecordResponse.LOCRecord → RecordResponse.LOC
RecordResponse.NAPTRRecord → RecordResponse.NAPTR
RecordResponse.SMIMEARecord → RecordResponse.SMIMEA
RecordResponse.SRVRecord → RecordResponse.SRV
RecordResponse.SSHFPRecord → RecordResponse.SSHFP
RecordResponse.SVCBRecord → RecordResponse.SVCB
RecordResponse.TLSARecord → RecordResponse.TLSA
RecordResponse.URIRecord → RecordResponse.URI
RecordResponse.OpenpgpkeyRecord → RecordResponse.Openpgpkey

IAM Resource Groups

ResourceGroupCreateResponse.scope: optional single → required array
ResourceGroupCreateResponse.id: optional → required

Origin CA Certificates - Parameter Requirements Changed

OriginCACertificateCreateParams.csr: optional → required
OriginCACertificateCreateParams.hostnames: optional → required
OriginCACertificateCreateParams.request_type: optional → required

Pipelines - v0 to v1 Migration

Entire v0 API deprecated; use v1 methods (createV1, listV1, etc.)
New sub-resources: Sinks, Streams

R2

EventNotificationUpdateParams.rules: optional → required
Super Slurper: bucket, secret now required in source params

Radar

dataSource: string → typed enum (23 values)
eventType: string → typed enum (6 values)
V2 methods require dimension parameter (breaking signature change)

Resource Sharing

Removed: status_message field from all recipient response types

Schema Validation

Consolidated SchemaCreateResponse, SchemaListResponse, SchemaEditResponse, SchemaGetResponse → PublicSchema
Renamed: SchemaListResponsesV4PagePaginationArray → PublicSchemasV4PagePaginationArray

Spectrum

Renamed union members: AppListResponse.UnionMember0 → SpectrumConfigAppConfig
Renamed union members: AppListResponse.UnionMember1 → SpectrumConfigPaygoAppConfig

Workers

Removed: WorkersBindingKindTailConsumer type (all occurrences)
Renamed: ScriptsSinglePage → ScriptListResponsesSinglePage
Removed: DeploymentsSinglePage

Zero-Trust DLP

datasets.create(), update(), get() return types changed
PredefinedGetResponse union members renamed to UnionMember0-5

Zero-Trust Tunnels

Removed: CloudflaredCreateResponse, CloudflaredListResponse, CloudflaredDeleteResponse, CloudflaredEditResponse, CloudflaredGetResponse
Removed: CloudflaredListResponsesV4PagePaginationArray

Features

Abuse Reports (`client.abuseReports`)

Reports: create, list, get
Mitigations: sub-resource for abuse mitigations

AI Search (`client.aisearch`)

Instances: create, update, list, delete, read, stats
Items: list, get
Jobs: create, list, get, logs
Tokens: create, update, list, delete, read

Connectivity (`client.connectivity`)

Directory Services: create, update, list, delete, get
Supports IPv4, IPv6, dual-stack, and hostname configurations

Organizations (`client.organizations`)

Organizations: create, update, list, delete, get
OrganizationProfile: update, get
Hierarchical organization support with parent/child relationships

R2 Data Catalog (`client.r2DataCatalog`)

Catalog: list, enable, disable, get
Credentials: create
MaintenanceConfigs: update, get
Namespaces: list
Tables: list, maintenance config management
Apache Iceberg integration

Realtime Kit (`client.realtimeKit`)

Apps: get, post
Meetings: create, get, participant management
Livestreams: 10+ methods for streaming
Recordings: start, pause, stop, get
Sessions: transcripts, summaries, chat
Webhooks: full CRUD
ActiveSession: polls, kick participants
Analytics: organization analytics

Token Validation (`client.tokenValidation`)

Configuration: create, list, delete, edit, get
Credentials: update
Rules: create, list, delete, bulkCreate, bulkEdit, edit, get
JWT validation with RS256/384/512, PS256/384/512, ES256, ES384

Alerting Silences (`client.alerting.silences`)

create, update, list, delete, get

IAM SSO (`client.iam.sso`)

create, update, list, delete, get, beginVerification

Pipelines v1 (`client.pipelines`)

Sinks: create, list, delete, get
Streams: create, update, list, delete, get

Zero-Trust AI Controls / MCP (`client.zeroTrust.access.aiControls.mcp`)

Portals: create, update, list, delete, read
Servers: create, update, list, delete, read, sync

Accounts

managed_by field with parent_org_id, parent_org_name

Addressing LOA Documents

auto_generated field on LOADocumentCreateResponse

Addressing Prefixes

delegate_loa_creation, irr_validation_state, ownership_validation_state, ownership_validation_token, rpki_validation_state

AI

Added toMarkdown.supported() method to get all supported conversion formats

AI Gateway

zdr field added to all responses and params

Alerting

New alert type: abuse_report_alert
type field added to PolicyFilter

Browser Rendering

ContentCreateParams: refined to discriminated union (Variant0 | Variant1)
Split into URL-based and HTML-based parameter variants for better type safety

Client Certificates

reactivate parameter in edit

CloudforceOne

ThreatEventCreateParams.indicatorType: required → optional
hasChildren field added to all threat event response types
datasetIds query parameter on AttackerListParams, CategoryListParams, TargetIndustryListParams
categoryUuid field on TagCreateResponse
indicators array for multi-indicator support per event
uuid and preserveUuid fields for UUID preservation in bulk create
format query parameter ('json' | 'stix2') on ThreatEventListParams
createdAt, datasetId fields on ThreatEventEditParams

Content Scanning

Added create(), update(), get() methods

Custom Pages

New page types: basic_challenge, under_attack, waf_challenge

D1

served_by_colo - colo that handled query
jurisdiction - 'eu' | 'fedramp'
Time Travel (client.d1.database.timeTravel): getBookmark(), restore() - point-in-time recovery

Email Security

New fields on InvestigateListResponse/InvestigateGetResponse: envelope_from, envelope_to, postfix_id_outbound, replyto
New detection classification: 'outbound_ndr'
Enhanced Finding interface with attachment, detection, field, portion, reason, score
Added cursor query parameter to InvestigateListParams

Gateway Lists

New list types: CATEGORY, LOCATION, DEVICE

Intel

New issue type: 'configuration_suggestion'
payload field: unknown → typed Payload interface with detection_method, zone_tag

Leaked Credential Checks

Added detections.get() method

Logpush

New datasets: dex_application_tests, dex_device_state_events, ipsec_logs, warp_config_changes, warp_toggle_changes

Load Balancers

Monitor.port: number → number | null
Pool.load_shedding: LoadShedding → LoadShedding | null
Pool.origin_steering: OriginSteering → OriginSteering | null

Magic Transit

license_key field on connectors
provision_license parameter for auto-provisioning
IPSec: custom_remote_identities with FQDN support
Snapshots: Bond interface, probed_mtu field

Queues

Added subscriptions.get() method
Enhanced SubscriptionGetResponse with typed event source interfaces
New event source types: Images, KV, R2, Vectorize, Workers AI, Workers Builds, Workflows

R2

Sippy: new provider s3 (S3-compatible endpoints)
Sippy: bucketUrl field for S3-compatible sources
Super Slurper: keys field on source response schemas (specify specific keys to migrate)
Super Slurper: pathPrefix field on source schemas
Super Slurper: region field on S3 source params

Radar

Added geolocations.list(), geolocations.get() methods
Added V2 dimension-based methods (summaryV2, timeseriesGroupsV2) to radar sub-resources

Resource Sharing

Added terminal boolean field to Resource Error interfaces

Rules

Added id field to ItemDeleteParams.Item

Rulesets

New buffering fields on SetConfigRule: request_body_buffering, response_body_buffering

Secrets Store

New scopes: 'dex', 'access' (in addition to 'workers', 'ai_gateway')

SSL Certificate Packs

Response types now proper interfaces (was unknown)
Fields now required: id, certificates, hosts, status, type

Security Center

payload field: unknown → typed Payload interface with detection_method, zone_tag

Shared Types

Added: CloudflareTunnelsV4PagePaginationArray pagination class

Workers

Added subdomains.delete() method
Worker.references - track external dependencies (domains, Durable Objects, queues)
Worker.startup_time_ms - startup timing
Script.observability - observability settings with logging
Script.tag, Script.tags - immutable ID and tags
Placement: support for region, hostname, host-based placement
tags, tail_consumers now accept | null
Telemetry: traces field, $containers event info, durableObjectId, transactionName, abr_level fields

Workers for Platforms

ScriptUpdateResponse: new fields entry_point, observability, tag, tags
placement field now union of 4 variants (smart mode, region, hostname, host)
tags, tail_consumers now nullable
TagUpdateParams.body now accepts null

Workflows

instance_retention: unknown → typed InstanceRetention interface with error_retention, success_retention
New status option: 'restart' added to StatusEditParams.status

Zero-Trust Devices

External emergency disconnect settings (4 new fields)
antivirus device posture check type
os_version_extra documentation improvements

Zones

New response types: SubscriptionCreateResponse, SubscriptionUpdateResponse, SubscriptionGetResponse

Zero-Trust Access Applications

New ApplicationType values: 'mcp', 'mcp_portal', 'proxy_endpoint'
New destination type: ViaMcpServerPortalDestination for MCP server access

Zero-Trust Gateway

Added rules.listTenant() method

Zero-Trust Gateway - Proxy Endpoints

ProxyEndpoint: interface → discriminated union (ZeroTrustGatewayProxyEndpointIP | ZeroTrustGatewayProxyEndpointIdentity)
ProxyEndpointCreateParams: interface → union type
Added kind field: 'ip' | 'identity'

Zero-Trust Tunnels

WARPConnector*Response: union type → interface

Deprecations

API Gateway: UserSchemas, Settings, SchemaValidation resources
Audit Logs: auditLogId.not (use id.not)
CloudforceOne: ThreatEvents.get(), IndicatorTypes.list()
Devices: public_ip field (use DEX API)
Email Security: item_count field in Move responses
Pipelines: v0 methods (use v1)
Radar: old summary() and timeseriesGroups() methods (use V2)
Rulesets: disable_apps, mirage fields
WARP Connector: connections field
Workers: environment parameter in Domains
Zones: ResponseBuffering page rule

Bug Fixes

mcp: correct code tool API endpoint (599703c)
mcp: return correct lines on typescript errors (5d6f999)
organization_profile: fix bad reference (d84ea77)
schema_validation: correctly reflect model to openapi mapping (bb86151)
workers: fix tests (2ee37f7)

Documentation

Added deprecation notices with migration paths
api_gateway: deprecate API Shield Schema Validation resources (8a4b20f)
Improved JSDoc examples across all resources
workers: expose subdomain delete documentation (4f7cc1f)

Cloudflare changelogs | SDK

SDK, Go SDK - Go SDK v7.0.0 Released

Breaking Changes

AI Search - SearchForAgents Metadata Removed

Email Security - Path Parameter Type Changes

Email Security - Investigate Parameter Rename

Email Security - Domains BulkDelete Method Removed

Email Security - TrustedDomains Return Type Change

Email Security - Investigate.Move Return Type Change

Workers - Observability Telemetry Filter Restructuring

Features

Organizations - Audit Logs (client.Organizations.Logs.Audit)

Browser Rendering (client.BrowserRendering)

Queues (client.Queues)

AI Search (client.AISearch)

Bug Fixes

Deprecations

Get started

SDK - Cloudflare Python SDK v5.0.0 Released

Breaking Changes

Features

aiohttp Backend Support

Python 3.13 and 3.14 Support

New Services

New Endpoints on Existing Services

Bug Fixes

Deprecations

Get started

SDK - Cloudflare TypeScript SDK v6.0.0 Released

Breaking Changes

SDK Infrastructure

Removed Endpoints (17)

Method Signature Changes

Renamed Client Paths

Return Type Changes (179)

Removed Types (43)

Resource Restructuring

New Top-Level Resources

New Sub-Resources on Existing Resources

Bug Fixes

Deprecations

Get started

SDK, Go SDK - Go SDK v6.10.0 Released

v6.10.0

Breaking Changes

Abuse Reports - Registrar WHOIS Report Field Removals

AI Search - Instance Params Restructured

AI Search - InstanceItem Service Removed

AI Search - Token Types Removed

Email Security - Investigate Move Return Type Change

Hyperdrive - Config Params Restructured

IAM - UserGroupMember Params and Return Types Changed

IAM - UserGroup List Direction Type Changed

Pipelines - Delete Methods Now Return Typed Responses

Queues - Message Response Types Removed

Secrets Store - Pagination Wrapper Removal and Type Changes

Stream - AudioTracks Return Type Change

Stream - Clip Type Removal and Return Type Change

Stream - Copy and Clip Params Field Removals

Stream - Download and Webhook Changes

Zero Trust - Access AI Control MCP Portal Union Types Removed

Features

Vulnerability Scanner (client.VulnerabilityScanner)

AI Search - Namespaces (client.AISearch.Namespaces)

Browser Rendering - Devtools (client.BrowserRendering.Devtools)

Registrar (client.Registrar)

Cache - Origin Cloud Regions (client.Cache.OriginCloudRegions)

Zero Trust - DLP Settings (client.ZeroTrust.DLP.Settings)

Radar

IAM (client.IAM)

Bot Management

Deprecations

Get started

Cloudflare Fundamentals, SDK - Cloudflare Python SDK v5.0.0-beta.1 now available

Breaking Changes

Features

New API Resources

New Endpoints (Existing Resources)

acm.totaltls

cloudforceone.threatevents

Organizations - Audit Logs (`client.Organizations.Logs.Audit`)

Browser Rendering (`client.BrowserRendering`)

Queues (`client.Queues`)

AI Search (`client.AISearch`)

Vulnerability Scanner (`client.VulnerabilityScanner`)

AI Search - Namespaces (`client.AISearch.Namespaces`)

Browser Rendering - Devtools (`client.BrowserRendering.Devtools`)

Registrar (`client.Registrar`)

Cache - Origin Cloud Regions (`client.Cache.OriginCloudRegions`)

Zero Trust - DLP Settings (`client.ZeroTrust.DLP.Settings`)

IAM (`client.IAM`)

`acm.totaltls`

`cloudforceone.threatevents`

`contentscanning`

`dns.records`

`intel.indicatorfeeds`

`leakedcredentialchecks.detections`

`queues.consumers`

`radar.ai`

`radar.bgp`

`workers.subdomains`

`zerotrust.networks`

Abuse Reports (`client.abuseReports`)

AI Search (`client.aisearch`)

Connectivity (`client.connectivity`)

Organizations (`client.organizations`)

R2 Data Catalog (`client.r2DataCatalog`)

Realtime Kit (`client.realtimeKit`)

Token Validation (`client.tokenValidation`)

Alerting Silences (`client.alerting.silences`)

IAM SSO (`client.iam.sso`)

Pipelines v1 (`client.pipelines`)

Zero-Trust AI Controls / MCP (`client.zeroTrust.access.aiControls.mcp`)