Cloudflare changelogs | SDK

Cloudflare Fundamentals, SDK - Cloudflare Python SDK v5.0.0-beta.1 now available

Fri, 13 Feb 2026 00:00:00 GMT

Disclaimer: Please note that v5.0.0-beta.1 is in Beta and we are still testing it for stability.

In this release, you'll see a large number of breaking changes. This is primarily due to a change in OpenAPI definitions, which our libraries are based off of, and codegen updates that we rely on to read those OpenAPI definitions and produce our SDK libraries. As the codegen is always evolving and improving, so are our code bases.

There may be changes that are not captured in this changelog. Feel free to open an issue to report any inaccuracies, and we will make sure it gets into the changelog before the v5.0.0 release.

Most of the breaking changes below are caused by improvements to the accuracy of the base OpenAPI schemas, which sometimes translates to breaking changes in downstream clients that depend on those schemas.

Please ensure you read through the list of changes below and the migration guide before moving to this version - this will help you understand any down or upstream issues it may cause to your environments.

Breaking Changes

The following resources have breaking changes. See the v5 Migration Guide for detailed migration instructions.

abusereports
acm.totaltls
apigateway.configurations
cloudforceone.threatevents
d1.database
intel.indicatorfeeds
logpush.edge
origintlsclientauth.hostnames
queues.consumers
radar.bgp
rulesets.rules
schemavalidation.schemas
snippets
zerotrust.dlp
zerotrust.networks

Features

New API Resources

abusereports - Abuse report management
abusereports.mitigations - Abuse report mitigation actions
ai.tomarkdown - AI-powered markdown conversion
aigateway.dynamicrouting - AI Gateway dynamic routing configuration
aigateway.providerconfigs - AI Gateway provider configurations
aisearch - AI-powered search functionality
aisearch.instances - AI Search instance management
aisearch.tokens - AI Search authentication tokens
alerting.silences - Alert silence management
brandprotection.logomatches - Brand protection logo match detection
brandprotection.logos - Brand protection logo management
brandprotection.matches - Brand protection match results
brandprotection.queries - Brand protection query management
cloudforceone.binarystorage - CloudForce One binary storage
connectivity.directory - Connectivity directory services
d1.database - D1 database management
diagnostics.endpointhealthchecks - Endpoint health check diagnostics
fraud - Fraud detection and prevention
iam.sso - IAM Single Sign-On configuration
loadbalancers.monitorgroups - Load balancer monitor groups
organizations - Organization management
organizations.organizationprofile - Organization profile settings
origintlsclientauth.hostnamecertificates - Origin TLS client auth hostname certificates
origintlsclientauth.hostnames - Origin TLS client auth hostnames
origintlsclientauth.zonecertificates - Origin TLS client auth zone certificates
pipelines - Data pipeline management
pipelines.sinks - Pipeline sink configurations
pipelines.streams - Pipeline stream configurations
queues.subscriptions - Queue subscription management
r2datacatalog - R2 Data Catalog integration
r2datacatalog.credentials - R2 Data Catalog credentials
r2datacatalog.maintenanceconfigs - R2 Data Catalog maintenance configurations
r2datacatalog.namespaces - R2 Data Catalog namespaces
radar.bots - Radar bot analytics
radar.ct - Radar certificate transparency data
radar.geolocations - Radar geolocation data
realtimekit.activesession - Real-time Kit active session management
realtimekit.analytics - Real-time Kit analytics
realtimekit.apps - Real-time Kit application management
realtimekit.livestreams - Real-time Kit live streaming
realtimekit.meetings - Real-time Kit meeting management
realtimekit.presets - Real-time Kit preset configurations
realtimekit.recordings - Real-time Kit recording management
realtimekit.sessions - Real-time Kit session management
realtimekit.webhooks - Real-time Kit webhook configurations
tokenvalidation.configuration - Token validation configuration
tokenvalidation.rules - Token validation rules
workers.beta - Workers beta features

New Endpoints (Existing Resources)

`acm.totaltls`

edit()
update()

`cloudforceone.threatevents`

list()

`contentscanning`

create()
get()
update()

`dns.records`

scan_list()
scan_review()
scan_trigger()

`intel.indicatorfeeds`

create()
delete()
list()

`leakedcredentialchecks.detections`

get()

`queues.consumers`

list()

`radar.ai`

summary()
timeseries()
timeseries_groups()

`radar.bgp`

changes()
snapshot()

`workers.subdomains`

delete()

`zerotrust.networks`

create()
delete()
edit()
get()
list()

General Fixes and Improvements

Type System & Compatibility

Type inference improvements: Allow Pyright to properly infer TypedDict types within SequenceNotStr
Type completeness: Add missing types to method arguments and response models
Pydantic compatibility: Ensure compatibility with Pydantic versions prior to 2.8.0 when using additional fields

Request/Response Handling

Multipart form data: Correctly handle sending multipart/form-data requests with JSON data
Header handling: Do not send headers with default values set to omit
GET request headers: Don't send Content-Type header on GET requests
Response body model accuracy: Broad improvements to the correctness of models

Parsing & Data Processing

Discriminated unions: Correctly handle nested discriminated unions in response parsing
Extra field types: Parse extra field types correctly
Empty metadata: Ignore empty metadata fields during parsing
Singularization rules: Update resource name singularization rules for better consistency

Cloudflare Fundamentals, SDK - Cloudflare Typescript SDK v6.0.0-beta.1 now available

Tue, 20 Jan 2026 00:00:00 GMT

Disclaimer: Please note that v6.0.0-beta.1 is in Beta and we are still testing it for stability.

Full Changelog: v5.2.0...v6.0.0-beta.1

Some breaking changes were introduced due to bug fixes, also listed below.

Please ensure you read through the list of changes below before moving to this version - this will help you understand any down or upstream issues it may cause to your environments.

Breaking Changes

Addressing - Parameter Requirements Changed

BGPPrefixCreateParams.cidr: optional → required
PrefixCreateParams.asn: number | null → number
PrefixCreateParams.loa_document_id: required → optional
ServiceBindingCreateParams.cidr: optional → required
ServiceBindingCreateParams.service_id: optional → required

API Gateway

ConfigurationUpdateResponse removed
PublicSchema → OldPublicSchema
SchemaUpload → UserSchemaCreateResponse
ConfigurationUpdateParams.properties removed; use normalize

CloudforceOne - Response Type Changes

ThreatEventBulkCreateResponse: number → complex object with counts and errors

D1 Database - Query Parameters

DatabaseQueryParams: simple interface → union type (D1SingleQuery | MultipleQueries)
DatabaseRawParams: same change
Supports batch queries via batch array

DNS Records - Type Renames (21 types)

All record type interfaces renamed from *Record to short names:

RecordResponse.ARecord → RecordResponse.A
RecordResponse.AAAARecord → RecordResponse.AAAA
RecordResponse.CNAMERecord → RecordResponse.CNAME
RecordResponse.MXRecord → RecordResponse.MX
RecordResponse.NSRecord → RecordResponse.NS
RecordResponse.PTRRecord → RecordResponse.PTR
RecordResponse.TXTRecord → RecordResponse.TXT
RecordResponse.CAARecord → RecordResponse.CAA
RecordResponse.CERTRecord → RecordResponse.CERT
RecordResponse.DNSKEYRecord → RecordResponse.DNSKEY
RecordResponse.DSRecord → RecordResponse.DS
RecordResponse.HTTPSRecord → RecordResponse.HTTPS
RecordResponse.LOCRecord → RecordResponse.LOC
RecordResponse.NAPTRRecord → RecordResponse.NAPTR
RecordResponse.SMIMEARecord → RecordResponse.SMIMEA
RecordResponse.SRVRecord → RecordResponse.SRV
RecordResponse.SSHFPRecord → RecordResponse.SSHFP
RecordResponse.SVCBRecord → RecordResponse.SVCB
RecordResponse.TLSARecord → RecordResponse.TLSA
RecordResponse.URIRecord → RecordResponse.URI
RecordResponse.OpenpgpkeyRecord → RecordResponse.Openpgpkey

IAM Resource Groups

ResourceGroupCreateResponse.scope: optional single → required array
ResourceGroupCreateResponse.id: optional → required

Origin CA Certificates - Parameter Requirements Changed

OriginCACertificateCreateParams.csr: optional → required
OriginCACertificateCreateParams.hostnames: optional → required
OriginCACertificateCreateParams.request_type: optional → required

Pipelines - v0 to v1 Migration

Entire v0 API deprecated; use v1 methods (createV1, listV1, etc.)
New sub-resources: Sinks, Streams

R2

EventNotificationUpdateParams.rules: optional → required
Super Slurper: bucket, secret now required in source params

Radar

dataSource: string → typed enum (23 values)
eventType: string → typed enum (6 values)
V2 methods require dimension parameter (breaking signature change)

Resource Sharing

Removed: status_message field from all recipient response types

Schema Validation

Consolidated SchemaCreateResponse, SchemaListResponse, SchemaEditResponse, SchemaGetResponse → PublicSchema
Renamed: SchemaListResponsesV4PagePaginationArray → PublicSchemasV4PagePaginationArray

Spectrum

Renamed union members: AppListResponse.UnionMember0 → SpectrumConfigAppConfig
Renamed union members: AppListResponse.UnionMember1 → SpectrumConfigPaygoAppConfig

Workers

Removed: WorkersBindingKindTailConsumer type (all occurrences)
Renamed: ScriptsSinglePage → ScriptListResponsesSinglePage
Removed: DeploymentsSinglePage

Zero-Trust DLP

datasets.create(), update(), get() return types changed
PredefinedGetResponse union members renamed to UnionMember0-5

Zero-Trust Tunnels

Removed: CloudflaredCreateResponse, CloudflaredListResponse, CloudflaredDeleteResponse, CloudflaredEditResponse, CloudflaredGetResponse
Removed: CloudflaredListResponsesV4PagePaginationArray

Features

Abuse Reports (`client.abuseReports`)

Reports: create, list, get
Mitigations: sub-resource for abuse mitigations

AI Search (`client.aisearch`)

Instances: create, update, list, delete, read, stats
Items: list, get
Jobs: create, list, get, logs
Tokens: create, update, list, delete, read

Connectivity (`client.connectivity`)

Directory Services: create, update, list, delete, get
Supports IPv4, IPv6, dual-stack, and hostname configurations

Organizations (`client.organizations`)

Organizations: create, update, list, delete, get
OrganizationProfile: update, get
Hierarchical organization support with parent/child relationships

R2 Data Catalog (`client.r2DataCatalog`)

Catalog: list, enable, disable, get
Credentials: create
MaintenanceConfigs: update, get
Namespaces: list
Tables: list, maintenance config management
Apache Iceberg integration

Realtime Kit (`client.realtimeKit`)

Apps: get, post
Meetings: create, get, participant management
Livestreams: 10+ methods for streaming
Recordings: start, pause, stop, get
Sessions: transcripts, summaries, chat
Webhooks: full CRUD
ActiveSession: polls, kick participants
Analytics: organization analytics

Token Validation (`client.tokenValidation`)

Configuration: create, list, delete, edit, get
Credentials: update
Rules: create, list, delete, bulkCreate, bulkEdit, edit, get
JWT validation with RS256/384/512, PS256/384/512, ES256, ES384

Alerting Silences (`client.alerting.silences`)

create, update, list, delete, get

IAM SSO (`client.iam.sso`)

create, update, list, delete, get, beginVerification

Pipelines v1 (`client.pipelines`)

Sinks: create, list, delete, get
Streams: create, update, list, delete, get

Zero-Trust AI Controls / MCP (`client.zeroTrust.access.aiControls.mcp`)

Portals: create, update, list, delete, read
Servers: create, update, list, delete, read, sync

Accounts

managed_by field with parent_org_id, parent_org_name

Addressing LOA Documents

auto_generated field on LOADocumentCreateResponse

Addressing Prefixes

delegate_loa_creation, irr_validation_state, ownership_validation_state, ownership_validation_token, rpki_validation_state

AI

Added toMarkdown.supported() method to get all supported conversion formats

AI Gateway

zdr field added to all responses and params

Alerting

New alert type: abuse_report_alert
type field added to PolicyFilter

Browser Rendering

ContentCreateParams: refined to discriminated union (Variant0 | Variant1)
Split into URL-based and HTML-based parameter variants for better type safety

Client Certificates

reactivate parameter in edit

CloudforceOne

ThreatEventCreateParams.indicatorType: required → optional
hasChildren field added to all threat event response types
datasetIds query parameter on AttackerListParams, CategoryListParams, TargetIndustryListParams
categoryUuid field on TagCreateResponse
indicators array for multi-indicator support per event
uuid and preserveUuid fields for UUID preservation in bulk create
format query parameter ('json' | 'stix2') on ThreatEventListParams
createdAt, datasetId fields on ThreatEventEditParams

Content Scanning

Added create(), update(), get() methods

Custom Pages

New page types: basic_challenge, under_attack, waf_challenge

D1

served_by_colo - colo that handled query
jurisdiction - 'eu' | 'fedramp'
Time Travel (client.d1.database.timeTravel): getBookmark(), restore() - point-in-time recovery

Email Security

New fields on InvestigateListResponse/InvestigateGetResponse: envelope_from, envelope_to, postfix_id_outbound, replyto
New detection classification: 'outbound_ndr'
Enhanced Finding interface with attachment, detection, field, portion, reason, score
Added cursor query parameter to InvestigateListParams

Gateway Lists

New list types: CATEGORY, LOCATION, DEVICE

Intel

New issue type: 'configuration_suggestion'
payload field: unknown → typed Payload interface with detection_method, zone_tag

Leaked Credential Checks

Added detections.get() method

Logpush

New datasets: dex_application_tests, dex_device_state_events, ipsec_logs, warp_config_changes, warp_toggle_changes

Load Balancers

Monitor.port: number → number | null
Pool.load_shedding: LoadShedding → LoadShedding | null
Pool.origin_steering: OriginSteering → OriginSteering | null

Magic Transit

license_key field on connectors
provision_license parameter for auto-provisioning
IPSec: custom_remote_identities with FQDN support
Snapshots: Bond interface, probed_mtu field

Queues

Added subscriptions.get() method
Enhanced SubscriptionGetResponse with typed event source interfaces
New event source types: Images, KV, R2, Vectorize, Workers AI, Workers Builds, Workflows

R2

Sippy: new provider s3 (S3-compatible endpoints)
Sippy: bucketUrl field for S3-compatible sources
Super Slurper: keys field on source response schemas (specify specific keys to migrate)
Super Slurper: pathPrefix field on source schemas
Super Slurper: region field on S3 source params

Radar

Added geolocations.list(), geolocations.get() methods
Added V2 dimension-based methods (summaryV2, timeseriesGroupsV2) to radar sub-resources

Resource Sharing

Added terminal boolean field to Resource Error interfaces

Rules

Added id field to ItemDeleteParams.Item

Rulesets

New buffering fields on SetConfigRule: request_body_buffering, response_body_buffering

Secrets Store

New scopes: 'dex', 'access' (in addition to 'workers', 'ai_gateway')

SSL Certificate Packs

Response types now proper interfaces (was unknown)
Fields now required: id, certificates, hosts, status, type

Security Center

payload field: unknown → typed Payload interface with detection_method, zone_tag

Shared Types

Added: CloudflareTunnelsV4PagePaginationArray pagination class

Workers

Added subdomains.delete() method
Worker.references - track external dependencies (domains, Durable Objects, queues)
Worker.startup_time_ms - startup timing
Script.observability - observability settings with logging
Script.tag, Script.tags - immutable ID and tags
Placement: support for region, hostname, host-based placement
tags, tail_consumers now accept | null
Telemetry: traces field, $containers event info, durableObjectId, transactionName, abr_level fields

Workers for Platforms

ScriptUpdateResponse: new fields entry_point, observability, tag, tags
placement field now union of 4 variants (smart mode, region, hostname, host)
tags, tail_consumers now nullable
TagUpdateParams.body now accepts null

Workflows

instance_retention: unknown → typed InstanceRetention interface with error_retention, success_retention
New status option: 'restart' added to StatusEditParams.status

Zero-Trust Devices

External emergency disconnect settings (4 new fields)
antivirus device posture check type
os_version_extra documentation improvements

Zones

New response types: SubscriptionCreateResponse, SubscriptionUpdateResponse, SubscriptionGetResponse

Zero-Trust Access Applications

New ApplicationType values: 'mcp', 'mcp_portal', 'proxy_endpoint'
New destination type: ViaMcpServerPortalDestination for MCP server access

Zero-Trust Gateway

Added rules.listTenant() method

Zero-Trust Gateway - Proxy Endpoints

ProxyEndpoint: interface → discriminated union (ZeroTrustGatewayProxyEndpointIP | ZeroTrustGatewayProxyEndpointIdentity)
ProxyEndpointCreateParams: interface → union type
Added kind field: 'ip' | 'identity'

Zero-Trust Tunnels

WARPConnector*Response: union type → interface

Deprecations

API Gateway: UserSchemas, Settings, SchemaValidation resources
Audit Logs: auditLogId.not (use id.not)
CloudforceOne: ThreatEvents.get(), IndicatorTypes.list()
Devices: public_ip field (use DEX API)
Email Security: item_count field in Move responses
Pipelines: v0 methods (use v1)
Radar: old summary() and timeseriesGroups() methods (use V2)
Rulesets: disable_apps, mirage fields
WARP Connector: connections field
Workers: environment parameter in Domains
Zones: ResponseBuffering page rule

Bug Fixes

mcp: correct code tool API endpoint (599703c)
mcp: return correct lines on typescript errors (5d6f999)
organization_profile: fix bad reference (d84ea77)
schema_validation: correctly reflect model to openapi mapping (bb86151)
workers: fix tests (2ee37f7)

Documentation

Added deprecation notices with migration paths
api_gateway: deprecate API Shield Schema Validation resources (8a4b20f)
Improved JSDoc examples across all resources
workers: expose subdomain delete documentation (4f7cc1f)

Cloudflare changelogs | SDK

Cloudflare Fundamentals, SDK - Cloudflare Python SDK v5.0.0-beta.1 now available

Breaking Changes

Features

New API Resources

New Endpoints (Existing Resources)

acm.totaltls

cloudforceone.threatevents

contentscanning

dns.records

intel.indicatorfeeds

leakedcredentialchecks.detections

queues.consumers

radar.ai

radar.bgp

workers.subdomains

zerotrust.networks

General Fixes and Improvements

Type System & Compatibility

Request/Response Handling

Parsing & Data Processing

Cloudflare Fundamentals, SDK - Cloudflare Typescript SDK v6.0.0-beta.1 now available

Breaking Changes

Addressing - Parameter Requirements Changed

API Gateway

CloudforceOne - Response Type Changes

D1 Database - Query Parameters

DNS Records - Type Renames (21 types)

IAM Resource Groups

Origin CA Certificates - Parameter Requirements Changed

Pages

Pipelines - v0 to v1 Migration

R2

Radar

Resource Sharing

Schema Validation

Spectrum

Workers

Zero-Trust DLP

Zero-Trust Tunnels

Features

Abuse Reports (client.abuseReports)

AI Search (client.aisearch)

Connectivity (client.connectivity)

Organizations (client.organizations)

R2 Data Catalog (client.r2DataCatalog)

Realtime Kit (client.realtimeKit)

Token Validation (client.tokenValidation)

Alerting Silences (client.alerting.silences)

IAM SSO (client.iam.sso)

Pipelines v1 (client.pipelines)

Zero-Trust AI Controls / MCP (client.zeroTrust.access.aiControls.mcp)

Accounts

Addressing LOA Documents

Addressing Prefixes

AI

AI Gateway

Alerting

Browser Rendering

Client Certificates

CloudforceOne

Content Scanning

Custom Pages

D1

Email Security

Gateway Lists

Intel

Leaked Credential Checks

Logpush

Load Balancers

Magic Transit

Pages

Queues

R2

Radar

Resource Sharing

Rules

Rulesets

Secrets Store

SSL Certificate Packs

`acm.totaltls`

`cloudforceone.threatevents`

`contentscanning`

`dns.records`

`intel.indicatorfeeds`

`leakedcredentialchecks.detections`

`queues.consumers`

`radar.ai`

`radar.bgp`

`workers.subdomains`

`zerotrust.networks`

Abuse Reports (`client.abuseReports`)

AI Search (`client.aisearch`)

Connectivity (`client.connectivity`)

Organizations (`client.organizations`)

R2 Data Catalog (`client.r2DataCatalog`)

Realtime Kit (`client.realtimeKit`)

Token Validation (`client.tokenValidation`)

Alerting Silences (`client.alerting.silences`)

IAM SSO (`client.iam.sso`)

Pipelines v1 (`client.pipelines`)

Zero-Trust AI Controls / MCP (`client.zeroTrust.access.aiControls.mcp`)