Add tanstack-start-lovable framework support
The Vercel API now includes tanstack-start-lovable as a supported framework option in framework enumeration fields. This is an additive change allowing deployments to specify this new framework type without breaking existing integrations.
Alert history
- Additive
Add tanstack-start-lovable framework support
The Vercel API now includes
tanstack-start-lovableas a supported framework option in framework enumeration fields. This is an additive change allowing deployments to specify this new framework type without breaking existing integrations. - Additive
Add Passport publicPathRules and enforcementScope fields
Three new optional fields added to the Vercel API: publicPathRules (array of path matching rules) in the passport configuration, and enforcementScope (with values "all" or "preview") in two different security policy contexts. These are backwards-compatible additions that enable new functionality without affecting existing integrations.
- Informational
Removed empty 402 error response descriptions from OpenAPI
The OpenAPI specification removed two instances of HTTP 402 error responses that had empty descriptions from unspecified endpoints. These changes are documentation/schema cleanup with no impact on actual API behaviour or functionality.
- Breaking
Remove dheCipherSuite field and 409/500 response codes from API spec
Two distinct breaking changes are present: 1) The
dheCipherSuiteresponse field (typestring) has been removed from multiple log/event response schemas — it also appears inrequiredarrays, meaning clients that rely on its presence will break. 2) The409and500response status codes have been removed from one endpoint's documented responses, which may affect error-handling logic in clients that branch on those codes. - Additive
Add user-emu-account-deleted webhook event type
The Vercel API now includes a new webhook event type
user-emu-account-deletedin the list of supported events. This is a purely additive change that enables integrations to receive notifications when enterprise managed user accounts are deleted. - Additive
Add alias, aliasError, aliasWarning fields to deployment event response
Three new response fields —
alias,aliasError, andaliasWarning— are added to deployment event objects in two response schemas (likely covering two related list/get endpoints).aliasis a string array;aliasErrorandaliasWarningare nullable objects withcodeandmessage(required), plus optionallinkandactiononaliasWarning. Although listed asrequiredin the schema, these are net-new fields added to the response, so existing clients that ignore unknown fields are unaffected — no existing fields were removed or changed. - Additive
Add mfe_group_ids array field to environment schemas
A new optional
mfe_group_idsarray field (containing string items) has been added to environment response schemas across multiple API endpoints. This is a purely additive change that allows clients to optionally consume the new field without breaking existing integrations. - Additive
Add new log event types to deployment logs
The Vercel API now includes additional log event type schemas in deployment logs, supporting new event types like
command,delimiter,deployment-state,edge-function-invocation,exit,fatal,metric,middleware,middleware-invocation,report,stderr, andstdout. These new schemas add support for structured payload data including proxy metrics and edge function details, while maintaining backward compatibility by keeping the previously supported event type available. - Additive
Add strictPasswordProtectionSettings to API schema
A new
strictPasswordProtectionSettingsobject property has been added to the API schema, allowing project owners to require Owner role for password protection changes. This is an additive change that includes the new field in team settings responses and introduces a corresponding audit log event type (strict-password-protection-settings). - Additive
Add organization-slug-update event type and payload schema
The Vercel API adds a new
organization-slug-updateevent type to three locations in the OpenAPI specification, along with a new payload schema containingorganizationIdandslugfields. This is purely additive and enables customers to subscribe to organization slug update events without affecting existing integrations. - Additive
Add organization-create event type support
The Vercel API now supports a new
organization-createevent type in webhooks. This includes a new event payload schema with fieldsrootTeamId,slug, andnamealongside the existingorganizationId. The change is backwards-compatible as it only adds new options to existing event type enumerations and introduces a new optional event payload variant. - Additive
Add headers source type and transforms/rulesets fields
The diff adds
headersas a new enum option to source type fields (alongside existingheader,cookie,environment, etc.), introduces a newtransformsarray field supporting header manipulation operations, and adds a comprehensiverulesetsfield with support for advanced rule conditions and actions including rate limiting, redirects, and logging. These are all purely additive schema changes that extend existing security/routing configurations without removing or breaking existing functionality. - Additive
Add omitScriptNonce boolean field to security options
A new optional boolean field
omitScriptNoncehas been added to security configuration objects in the Vercel API. This allows users to control script nonce behavior when configuring security headers, and does not break existing integrations as the field is optional. - Additive
Add AI Gateway guardrails and moderation fields to API
The Vercel API adds support for AI Gateway guardrails via new
aiGatewayGuardrailsACL action fields, moderation fields (moderationApplied,piiRedactionApplied) in response schemas, and new auth scopes (read-write:ai-gateway-guardrails,read:ai-gateway-guardrails). A new webhook event typeai-gateway-guardrails-updatedis also introduced. These are purely additive changes with no impact on existing integrations. - Additive
Add DELETE artifacts endpoint and new auth/event scopes
This change adds a new DELETE /v1/artifacts endpoint to clear all remote cache artifacts for a team, new OAuth permission scopes (
manage:speed-insights,manage:web-analytics,read:speed-insights,read:web-analytics), and a new webhook event typeteam-remote-caching-purge. All additions are purely new without breaking existing API contracts. - Additive
Add OIDC token-exchange grant and audit log fields
The Vercel API now supports the
urn:ietf:params:oauth:grant-type:token-exchangegrant type for OAuth flows and adds three new optional response fields to audit logs:issuerUrl,policyId, andoidcSubject. These changes enable OIDC-authenticated token exchange workflows and provide enhanced audit trail information for authentication flows. - Additive
Add "attestation" enum value to manifest kind field
The
kindfield now accepts a new enum value"attestation"in addition to"index"and"manifest". This is an additive change that expands what types of container image manifests can be represented; existing integrations using the previous enum values will continue to work, but may now encounter the new value in responses. - Additive
Add cacheReason field and durationMs to Vercel API responses
Two new optional response fields have been added to the Vercel API:
cacheReason(type: string) has been added to multiple response schemas across different endpoints (appearing in 6 locations), anddurationMs(type: number) has been added to command execution data. These are purely additive changes that expand response information without affecting existing integrations. - Additive
Add blobs.isDefaultApp field and teamThrottled field to project schemas
This change adds two new optional response fields to project schemas:
blobs.isDefaultApp(a boolean marking the default team-level Vercel-managed blob project) andteamThrottled(a boolean synced from team billing status indicating team-wide throttling). Both are new optional fields appearing in multiple project response objects across the API, along with refinement of thethrottledfield description to clarify it applies to per-project rather than team-level throttling. A newread-write:team-membersauthorization scope is also added to several token scopes. These changes are purely additive and will not break existing clients. - Additive
Add alert-investigation-project-allowlist-updated event type
A new event type
alert-investigation-project-allowlist-updatedhas been added to the Vercel API webhook/event system, along with a new event payload schema containingpreviousProjectCountandnextProjectCountfields. This is a purely additive change that enables clients to subscribe to and handle allowlist update events without breaking existing integrations. - Additive
Add expiresAt field to sandbox response
A new optional response field
expiresAthas been added to the sandbox schema, indicating when the currently running sandbox will time out. This is a purely additive change that does not affect existing integrations. - Additive
Add providerAttemptSafetyIdentifier fields and read:remote-cache scope
Two new optional response fields (
providerAttemptSafetyIdentifierandproviderAttemptDevSafetyIdentifier) have been added to provider attempt objects in multiple endpoints, and a new optional OAuth scope (read:remote-cache) has been introduced. These additions do not break existing clients and are purely additive. - Additive
Add vcr field to user blocks object in user details
Added a new optional
vcrfield to the user blocks response object, containing blockage information for VCR features with properties likeblockReason,blockedFrom,blockedUntil, andupdatedAt. This is a purely additive change that does not affect existing integrations. - Additive
Add VCR get repository tag endpoint
A new endpoint
GET /v1/vcr/repository/{idOrName}/tags/{tag}has been added to fetch a single tag from a Vercel Container Registry repository along with image metadata and VHS-readiness status. A newVcrTagschema was introduced to support this endpoint's response. This is a purely additive change that extends the VCR API without modifying existing behavior. - Additive
Add DOMAIN_OWNER_DELETION_REQUEST suspension reason
A new enum value
DOMAIN_OWNER_DELETION_REQUESThas been added to thereasonfield in suspension-related response schemas. This is an additive change that expands the set of documented suspension reasons without breaking existing integrations. - Informational
Update environment variable creation error descriptions
Error response descriptions for environment variable creation endpoints were updated: the 403 response removed text about production variable permission requirements, and the 409 response description was cleared. These are documentation-only changes to error messaging that do not affect API behavior or client integrations.
- Additive
Add attributionTarget and attributionEventName fields
Two new optional response fields,
attributionTargetandattributionEventName, have been added to analytics/logs endpoints. These fields are purely additive and do not affect existing integrations. - Additive
Add "list" operator for filtering in Vercel API
The Vercel API adds a new
"list"operator (type: string) to filter query parameters across multiple endpoints. This is purely additive — the new operator appears as an optional field in filter objects and an allowed enum value, enabling clients to perform new filtering operations without breaking existing code. - Additive
Add build-timeout-failure to buildMachineElasticReason enum and new reason field
The Vercel API adds a new enum value
build-timeout-failureto thebuildMachineElasticReasonfield across multiple endpoints and response schemas. Additionally, a new optionalreasonfield is added to describe why build machines were upgraded or downgraded. Both changes are purely additive and cannot break existing integrations. - Additive
Add buildMachineElasticReason field and team identifiers
A new optional response field
buildMachineElasticReason(enum string) has been added to multiple build/deployment response objects across the API, providing insight into why a build machine type was selected. Additionally, two new required fieldsteamIdandslughave been added to themanagedTeamsobject structure. These are purely additive changes that expand the API's response surface without breaking existing clients. - Additive
Add security-list audit event types
Three new audit event types have been added:
security-list-created,security-list-deleted, andsecurity-list-updated. These are additive extensions to the audit event enumeration that allow tracking of security list management operations. - Additive
Add VCR (Vercel Container Registry) API and image sandbox support
The Vercel API introduces new container registry management endpoints under
/v1/vcr/and related schemas for managing repositories, images, and image metadata. Additionally, animagefield is added to the sandbox configuration schema. These are purely additive changes that do not break existing integrations. - Additive
Add AI Gateway model allowlist webhook events
Two new webhook event types have been added:
ai-gateway-model-allowlist-toggledandai-gateway-model-allowlist-models-updated. These represent new AI Gateway model allowlist events with their own payload schemas (toggled event includes a booleanenabledfield; models-updated includesaddedandremovedstring array fields). This is purely additive and does not affect existing integrations. - Additive
Expand deployment response schema with new fields and enums
The deployment object response schema gains several new fields (
checksConclusion,checksState,connectBuildsEnabled,connectConfigurationId,deletedAt,monorepoManager,oidcTokenClaims,previewCommentsEnabled,readyAt,readySubstate) and adds enum constraints to existing fields (plan,readyState,type). Additionally, thealiasfield is now required. All changes are backward-compatible additions; existing clients receive new fields in responses but can ignore them if not needed. - Breaking
Project ID path param type narrowed from oneOf[string|boolean] to string
The schema for the
idOrNamepath parameter (project identifier) was changed fromoneOf: [string, boolean]totype: string. Any client passing a boolean value for this parameter will now be considered invalid per the spec. In practice, a boolean project identifier was likely never a valid use case, but generated clients or strict validators that relied on thebooleanvariant being allowed may break. - Breaking
Two usage record field keys renamed in response schema
Two fields in a response object have been renamed:
workflowStorage→workflowStorageWriteandworkflowStep→workflowEvents. Any client code that reads or references these fields by their old names will break, as the old keys no longer exist in the schema. - Breaking
Subscription intent output schema restructured; effectiveBehavior now required
The
outputobject for subscription plan-change intents has been significantly restructured. ThechangedResourcesitems previously used aoneOfwith four distinct typed variants (set_plan_item_quantity,increase_plan_item_quantity,decrease_plan_item_quantity,adjust_plan_item_quantity) — each with its owntypediscriminator andrequiredfields — and have been collapsed into a single unified object schema. Thetypediscriminator field is gone,resourceIdssemantics changed, and the new fieldeffectiveBehavior("end_of_term" | "immediate") has been added to theoutputrequired fields, meaning any client that previously relied on theoneOfvariant shapes or omittedeffectiveBehaviorwill break. - Additive
Add rolling release start endpoint and firewall config promoted event
Added new
POST /v1/projects/{idOrName}/rolling-release/startendpoint to initiate rolling releases for deployments, with full response schema including rolling release state tracking. Also addedteam-firewall-config-promotedas a new allowed audit event type in three event enum definitions. These are purely additive changes that do not affect existing integrations. - Additive
Add read:project-flags auth scope
The
read:project-flagsOAuth scope has been added to five API endpoint definitions in the OpenAPI specification. This is an additive change that enables new authentication permissions for accessing project flags; existing integrations with other scopes will continue to work unchanged. - Additive
Add firewall and connector response fields to Vercel API
The diff adds new optional fields to Vercel API responses:
isConnectedToPrioritizedProject(boolean) on connector list responses,configVersion(string or number) on firewall event payloads, and a new event typeteam-firewall-config-modifiedfor webhook subscriptions. The change removescrsfrom the required fields list on firewall configuration objects. These additions enable clients to distinguish prioritized project connectors and track firewall configuration changes without breaking existing integrations. - Additive
Add securityConfig field and vcr-repository-deleted event type
The Vercel API adds two new optional response fields: a
securityConfigarray field across multiple ACL-related schemas, and a newvcr-repository-deletedevent type to webhook event enums. These are purely additive changes that extend the API surface without breaking existing integrations. - Additive
Add serviceName field and AI metrics fields to function config
The diff adds a new optional
serviceNamefield to function configuration objects across multiple endpoints, and adds several new fields (chatId,messageId,inputTokens,outputTokens,timestamp, and aneventsarray) to an AI event payload schema. All new fields appear to be response fields and do not remove or alter existing functionality, making this purely additive. - Additive
Add surchargeCostCurrency and gatewayCostCurrency fields
Two new optional string fields,
surchargeCostCurrencyandgatewayCostCurrency, have been added to multiple response schemas in the Vercel API. These fields are purely additive and cannot break existing integrations that do not use them. - Additive
Add domain-zone-change-internal event type and payload fields
The Vercel API adds a new event type
domain-zone-change-internaland expands the payload schema for domain zone change events. New optional fieldszone,domain,initiator,source, andpreviousZoneare now documented for domain zone change event payloads. These are purely additive changes that extend the webhook event system without altering existing event types or breaking client code. - Additive
Add AI Gateway ACL permissions and fields
The Vercel API adds three new team permissions —
AiGatewayApiKeyOwnedBySelf,AiGatewayCredits, andAiGatewaySettings— along with corresponding optional ACL resource fields (aiGatewayApiKey,aiGatewayApiKeyOwnedBySelf,aiGatewayCredits,aiGatewaySettings) across multiple schema definitions. These additions enable fine-grained access control for AI Gateway features and are purely additive changes that do not affect existing behavior. - Breaking
Remove mfe_group_ids field from multiple response schemas
The
mfe_group_idsarray field has been removed from at least 6 response schema locations across the Vercel OpenAPI spec. Any client code that reads or depends onmfe_group_idsin these responses will no longer find it documented and may break if the field is also removed from the actual API responses. - Additive
Add web-analytics visits aggregate endpoint and VCR webhook events
Vercel added a new
GET /v1/query/web-analytics/visits/aggregateendpoint to count and aggregate pageviews on projects, and introduced three new webhook event types:vcr-image-deleted,vcr-image-pushed, andvcr-repository-created. Both changes are purely additive and do not alter existing functionality. - Additive
Add mfe_group_ids field to project configuration
A new optional
mfe_group_idsfield (array of strings) has been added to the project configuration response schema across multiple endpoints. This is a purely additive change that allows existing clients to continue working without modification while new clients can utilize the additional field for micro-frontend grouping information. - Additive
Add AI Gateway private models/providers to ACL and webhooks
The diff adds three new optional fields to role/token ACL schemas (
aiGatewayPrivateModelsandcodeOwners) and two new API token permission scopes (read-write:ai-gateway-private-modelsandread:ai-gateway-private-models). It also expands webhook event types to include six new events for private model and provider lifecycle (ai-gateway-private-model-*andai-gateway-private-provider-*). These are all additive changes that extend capability without breaking existing integrations. - Additive
Make `type` field optional in service routing destinations
The
typefield in service routing destination objects is now optional instead of required. The field previously had a fixed enum value of"service"and is no longer necessary for identification sinceservicepresence alone identifies the destination format. This is backwards-compatible as existing requests includingtypewill continue to work.