cloudflare/cloudflare-typescript v6.0.0

v6.0.0

Repository: cloudflare/cloudflare-typescript

Tag: v6.0.0

Published: 2026-04-30T17:17:32Z

Prerelease: no

Release notes:

6.0.0 (2026-04-30)

This is a major version release of the Cloudflare TypeScript SDK. It includes 11 entirely new top-level API resources, new sub-resources and methods across 50+ existing resources, SDK infrastructure improvements, and breaking changes to the generated API surface from the v5.x line. The total API surface grew from ~96 resource sections to 106, with 885 source files changed.

Full Changelog: v6.0.0-beta.2...v6.0.0

Breaking Changes

SDK Infrastructure

• Retry-After handling changed: The SDK now respects any server-specified Retry-After value for rate-limited requests. Previously, values over 60 seconds were ignored and a default backoff was used instead.
• Empty response handling: Responses with content-length: 0 now return undefined instead of attempting to parse the body. This may affect code that expected an empty object or null.
• Environment variable reading: Empty string env vars (e.g., CLOUDFLARE_API_TOKEN="") are now treated as unset. Previously, an empty string was considered a valid value.
• Path query parameter merging: URL search params embedded in endpoint paths are now extracted and merged into the query object. This fixes edge cases but may change behavior if you were manually constructing URLs with query strings.

Removed Endpoints (17)

The following HTTP endpoints were removed from the SDK:

• DELETE /accounts/{account_id}/cloudforce-one/events/{event_id}
• DELETE /accounts/{account_id}/email-security/settings/domains
• DELETE /accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}
• GET /accounts/{account_id}/dlp/profiles/predefined/{profile_id}
• GET /accounts/{account_id}/email-security/investigate/{postfix_id} (and /detections, /preview, /raw, /trace)
• GET /accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}
• GET /accounts/{account_id}/intel/ip-list
• PATCH /accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}
• POST /accounts/{account_id}/abuse-reports/{report_type}
• POST /accounts/{account_id}/dlp/profiles/predefined
• POST /accounts/{account_id}/email-security/investigate/{postfix_id}/move
• POST /accounts/{account_id}/email-security/investigate/{postfix_id}/reclassify
• PUT /accounts/{account_id}/dlp/profiles/predefined/{profile_id}

Method Signature Changes (4)

The following methods changed their positional argument signatures:

• client.ai.toMarkdown.transform(file, { ...params }) -> client.ai.toMarkdown.transform({ ...params }) -- file moved from positional arg into params body
• client.radar.ai.toMarkdown.create(body, { ...params }) -> client.radar.ai.toMarkdown.create({ ...params }) -- body moved from positional arg into params
• client.abuseReports.create(reportType, { ...params }) -> client.abuseReports.create(reportParam, { ...params }) -- positional arg renamed
• client.iam.userGroups.members.create(userGroupId, [ ...body ]) -> client.iam.userGroups.members.create(userGroupId, [ ...members ]) -- body array param renamed (same for .update)

Removed Client Paths (1)

• client.intel.ipLists -- removed entirely (endpoint GET /accounts/{account_id}/intel/ip-list removed)

Renamed Client Paths (2)

• client.originTLSClientAuth.hostnames.certificates -> client.originTLSClientAuth.zoneCertificates
• client.radar.netflows -> client.radar.netFlows (casing change)

Return Type Changes (179)

179 methods changed their return type. The three categories:

• 133 methods now return `null` instead of a typed response object. This affects delete operations, some create/update operations, and several get operations across accounts, cache, d1, filters, firewall, hyperdrive, iam, kv, logpush, logs, r2, stream, workers, zero-trust, zones, and others. Example:

// Before (v5)
const result: AccountDeleteResponse = await client.accounts.delete({ ... });
// After (v6)
const result: null = await client.accounts.delete({ ... });

• 17 methods changed pagination type. Example:

// Before (v5): KeysCursorPaginationAfter
// After (v6): KeysCursorLimitPagination
const keys = await client.kv.namespaces.keys.list(namespaceId, { ... });

• 29 methods changed to a different named type. Examples:
• client.zeroTrust.tunnels.cloudflared.create(): CloudflaredCreateResponse -> CloudflareTunnel
• client.zeroTrust.dlp.profiles.predefined.get(): Profile -> PredefinedProfile
• client.apiGateway.userSchemas.edit(): PublicSchema -> OldPublicSchema
• client.zeroTrust.gateway.proxyEndpoints.get(): ProxyEndpointsSinglePage -> ProxyEndpoint (pagination -> single)
• client.zeroTrust.gateway.proxyEndpoints.list(): ProxyEndpoint -> ProxyEndpointsSinglePage (single -> pagination)

Removed Types (43)

The following exported types were removed. Some were renamed, some consolidated into other types, some removed with their endpoints:

• Shared types removed from root: ASN, AuditLog, CertificateCA, CertificateRequestType, CloudflareTunnel, ErrorData, Identifier, LoadBalancerPreview, Member, PaginationInfo, Permission, PermissionGrant, RatePlan, ResponseInfo, Result, Role, SortDirection, Subscription, SubscriptionComponent, SubscriptionZone, Token, TokenConditionCIDRList, TokenPolicy, TokenValue
• Response types consolidated: CloudflaredCreateResponse, CloudflaredDeleteResponse, CloudflaredEditResponse, CloudflaredGetResponse, CloudflaredListResponse (all consolidated into CloudflareTunnel), SchemaUpload (-> UserSchemaCreateResponse), TotalTLSCreateResponse, ThreatEventDeleteResponse, DomainBulkDeleteResponse
• Renamed: NetflowSummaryResponse/NetflowTimeseriesResponse (-> NetFlows*), CtSummaryResponse/CtTimeseriesResponse/CtTimeseriesGroupsResponse (casing fix), SubnetListResponse (-> Subnet), CloudflareSourceUpdateResponse (-> Subnet), SchemaCreateResponse/SchemaEditResponse (-> restructured), TldGetResponse

API Surface Structure

• api.md restructured: The monolithic api.md (8,897 lines) has been split into 106…