Back to monitors

vercel

Vercel API

REST
OpenAPI (JSON)
https://openapi.vercel.sh/
Informational AI classification

Removed empty 402 error response descriptions from OpenAPI

The OpenAPI specification removed two instances of HTTP 402 error responses that had empty descriptions from unspecified endpoints. These changes are documentation/schema cleanup with no impact on actual API behaviour or functionality.

Alert history

  • Informational

    Removed empty 402 error response descriptions from OpenAPI

    The OpenAPI specification removed two instances of HTTP 402 error responses that had empty descriptions from unspecified endpoints. These changes are documentation/schema cleanup with no impact on actual API behaviour or functionality.

  • Breaking

    Remove dheCipherSuite field and 409/500 response codes from API spec

    Two distinct breaking changes are present: 1) The dheCipherSuite response field (type string) has been removed from multiple log/event response schemas — it also appears in required arrays, meaning clients that rely on its presence will break. 2) The 409 and 500 response status codes have been removed from one endpoint's documented responses, which may affect error-handling logic in clients that branch on those codes.

  • Additive

    Add user-emu-account-deleted webhook event type

    The Vercel API now includes a new webhook event type user-emu-account-deleted in the list of supported events. This is a purely additive change that enables integrations to receive notifications when enterprise managed user accounts are deleted.

  • Additive

    Add alias, aliasError, aliasWarning fields to deployment event response

    Three new response fields — alias, aliasError, and aliasWarning — are added to deployment event objects in two response schemas (likely covering two related list/get endpoints). alias is a string array; aliasError and aliasWarning are nullable objects with code and message (required), plus optional link and action on aliasWarning. Although listed as required in the schema, these are net-new fields added to the response, so existing clients that ignore unknown fields are unaffected — no existing fields were removed or changed.

  • Additive

    Add mfe_group_ids array field to environment schemas

    A new optional mfe_group_ids array field (containing string items) has been added to environment response schemas across multiple API endpoints. This is a purely additive change that allows clients to optionally consume the new field without breaking existing integrations.

  • Additive

    Add new log event types to deployment logs

    The Vercel API now includes additional log event type schemas in deployment logs, supporting new event types like command, delimiter, deployment-state, edge-function-invocation, exit, fatal, metric, middleware, middleware-invocation, report, stderr, and stdout. These new schemas add support for structured payload data including proxy metrics and edge function details, while maintaining backward compatibility by keeping the previously supported event type available.

  • Additive

    Add strictPasswordProtectionSettings to API schema

    A new strictPasswordProtectionSettings object property has been added to the API schema, allowing project owners to require Owner role for password protection changes. This is an additive change that includes the new field in team settings responses and introduces a corresponding audit log event type (strict-password-protection-settings).

  • Additive

    Add organization-slug-update event type and payload schema

    The Vercel API adds a new organization-slug-update event type to three locations in the OpenAPI specification, along with a new payload schema containing organizationId and slug fields. This is purely additive and enables customers to subscribe to organization slug update events without affecting existing integrations.

  • Additive

    Add organization-create event type support

    The Vercel API now supports a new organization-create event type in webhooks. This includes a new event payload schema with fields rootTeamId, slug, and name alongside the existing organizationId. The change is backwards-compatible as it only adds new options to existing event type enumerations and introduces a new optional event payload variant.

  • Additive

    Add headers source type and transforms/rulesets fields

    The diff adds headers as a new enum option to source type fields (alongside existing header, cookie, environment, etc.), introduces a new transforms array field supporting header manipulation operations, and adds a comprehensive rulesets field with support for advanced rule conditions and actions including rate limiting, redirects, and logging. These are all purely additive schema changes that extend existing security/routing configurations without removing or breaking existing functionality.

  • Additive

    Add omitScriptNonce boolean field to security options

    A new optional boolean field omitScriptNonce has been added to security configuration objects in the Vercel API. This allows users to control script nonce behavior when configuring security headers, and does not break existing integrations as the field is optional.

  • Additive

    Add AI Gateway guardrails and moderation fields to API

    The Vercel API adds support for AI Gateway guardrails via new aiGatewayGuardrails ACL action fields, moderation fields (moderationApplied, piiRedactionApplied) in response schemas, and new auth scopes (read-write:ai-gateway-guardrails, read:ai-gateway-guardrails). A new webhook event type ai-gateway-guardrails-updated is also introduced. These are purely additive changes with no impact on existing integrations.

  • Additive

    Add DELETE artifacts endpoint and new auth/event scopes

    This change adds a new DELETE /v1/artifacts endpoint to clear all remote cache artifacts for a team, new OAuth permission scopes (manage:speed-insights, manage:web-analytics, read:speed-insights, read:web-analytics), and a new webhook event type team-remote-caching-purge. All additions are purely new without breaking existing API contracts.

  • Additive

    Add OIDC token-exchange grant and audit log fields

    The Vercel API now supports the urn:ietf:params:oauth:grant-type:token-exchange grant type for OAuth flows and adds three new optional response fields to audit logs: issuerUrl, policyId, and oidcSubject. These changes enable OIDC-authenticated token exchange workflows and provide enhanced audit trail information for authentication flows.

  • Additive

    Add "attestation" enum value to manifest kind field

    The kind field now accepts a new enum value "attestation" in addition to "index" and "manifest". This is an additive change that expands what types of container image manifests can be represented; existing integrations using the previous enum values will continue to work, but may now encounter the new value in responses.

  • Additive

    Add cacheReason field and durationMs to Vercel API responses

    Two new optional response fields have been added to the Vercel API: cacheReason (type: string) has been added to multiple response schemas across different endpoints (appearing in 6 locations), and durationMs (type: number) has been added to command execution data. These are purely additive changes that expand response information without affecting existing integrations.

  • Additive

    Add blobs.isDefaultApp field and teamThrottled field to project schemas

    This change adds two new optional response fields to project schemas: blobs.isDefaultApp (a boolean marking the default team-level Vercel-managed blob project) and teamThrottled (a boolean synced from team billing status indicating team-wide throttling). Both are new optional fields appearing in multiple project response objects across the API, along with refinement of the throttled field description to clarify it applies to per-project rather than team-level throttling. A new read-write:team-members authorization scope is also added to several token scopes. These changes are purely additive and will not break existing clients.

  • Additive

    Add alert-investigation-project-allowlist-updated event type

    A new event type alert-investigation-project-allowlist-updated has been added to the Vercel API webhook/event system, along with a new event payload schema containing previousProjectCount and nextProjectCount fields. This is a purely additive change that enables clients to subscribe to and handle allowlist update events without breaking existing integrations.

  • Additive

    Add expiresAt field to sandbox response

    A new optional response field expiresAt has been added to the sandbox schema, indicating when the currently running sandbox will time out. This is a purely additive change that does not affect existing integrations.

  • Additive

    Add providerAttemptSafetyIdentifier fields and read:remote-cache scope

    Two new optional response fields (providerAttemptSafetyIdentifier and providerAttemptDevSafetyIdentifier) have been added to provider attempt objects in multiple endpoints, and a new optional OAuth scope (read:remote-cache) has been introduced. These additions do not break existing clients and are purely additive.

  • Additive

    Add vcr field to user blocks object in user details

    Added a new optional vcr field to the user blocks response object, containing blockage information for VCR features with properties like blockReason, blockedFrom, blockedUntil, and updatedAt. This is a purely additive change that does not affect existing integrations.

  • Additive

    Add VCR get repository tag endpoint

    A new endpoint GET /v1/vcr/repository/{idOrName}/tags/{tag} has been added to fetch a single tag from a Vercel Container Registry repository along with image metadata and VHS-readiness status. A new VcrTag schema was introduced to support this endpoint's response. This is a purely additive change that extends the VCR API without modifying existing behavior.

  • Additive

    Add DOMAIN_OWNER_DELETION_REQUEST suspension reason

    A new enum value DOMAIN_OWNER_DELETION_REQUEST has been added to the reason field in suspension-related response schemas. This is an additive change that expands the set of documented suspension reasons without breaking existing integrations.

  • Informational

    Update environment variable creation error descriptions

    Error response descriptions for environment variable creation endpoints were updated: the 403 response removed text about production variable permission requirements, and the 409 response description was cleared. These are documentation-only changes to error messaging that do not affect API behavior or client integrations.

  • Additive

    Add attributionTarget and attributionEventName fields

    Two new optional response fields, attributionTarget and attributionEventName, have been added to analytics/logs endpoints. These fields are purely additive and do not affect existing integrations.

  • Additive

    Add "list" operator for filtering in Vercel API

    The Vercel API adds a new "list" operator (type: string) to filter query parameters across multiple endpoints. This is purely additive — the new operator appears as an optional field in filter objects and an allowed enum value, enabling clients to perform new filtering operations without breaking existing code.

  • Additive

    Add build-timeout-failure to buildMachineElasticReason enum and new reason field

    The Vercel API adds a new enum value build-timeout-failure to the buildMachineElasticReason field across multiple endpoints and response schemas. Additionally, a new optional reason field is added to describe why build machines were upgraded or downgraded. Both changes are purely additive and cannot break existing integrations.

  • Additive

    Add buildMachineElasticReason field and team identifiers

    A new optional response field buildMachineElasticReason (enum string) has been added to multiple build/deployment response objects across the API, providing insight into why a build machine type was selected. Additionally, two new required fields teamId and slug have been added to the managedTeams object structure. These are purely additive changes that expand the API's response surface without breaking existing clients.

  • Additive

    Add security-list audit event types

    Three new audit event types have been added: security-list-created, security-list-deleted, and security-list-updated. These are additive extensions to the audit event enumeration that allow tracking of security list management operations.

  • Additive

    Add VCR (Vercel Container Registry) API and image sandbox support

    The Vercel API introduces new container registry management endpoints under /v1/vcr/ and related schemas for managing repositories, images, and image metadata. Additionally, an image field is added to the sandbox configuration schema. These are purely additive changes that do not break existing integrations.

  • Additive

    Add AI Gateway model allowlist webhook events

    Two new webhook event types have been added: ai-gateway-model-allowlist-toggled and ai-gateway-model-allowlist-models-updated. These represent new AI Gateway model allowlist events with their own payload schemas (toggled event includes a boolean enabled field; models-updated includes added and removed string array fields). This is purely additive and does not affect existing integrations.

  • Additive

    Expand deployment response schema with new fields and enums

    The deployment object response schema gains several new fields (checksConclusion, checksState, connectBuildsEnabled, connectConfigurationId, deletedAt, monorepoManager, oidcTokenClaims, previewCommentsEnabled, readyAt, readySubstate) and adds enum constraints to existing fields (plan, readyState, type). Additionally, the alias field is now required. All changes are backward-compatible additions; existing clients receive new fields in responses but can ignore them if not needed.

  • Breaking

    Project ID path param type narrowed from oneOf[string|boolean] to string

    The schema for the idOrName path parameter (project identifier) was changed from oneOf: [string, boolean] to type: string. Any client passing a boolean value for this parameter will now be considered invalid per the spec. In practice, a boolean project identifier was likely never a valid use case, but generated clients or strict validators that relied on the boolean variant being allowed may break.

  • Breaking

    Two usage record field keys renamed in response schema

    Two fields in a response object have been renamed: workflowStorageworkflowStorageWrite and workflowStepworkflowEvents. Any client code that reads or references these fields by their old names will break, as the old keys no longer exist in the schema.

  • Breaking

    Subscription intent output schema restructured; effectiveBehavior now required

    The output object for subscription plan-change intents has been significantly restructured. The changedResources items previously used a oneOf with four distinct typed variants (set_plan_item_quantity, increase_plan_item_quantity, decrease_plan_item_quantity, adjust_plan_item_quantity) — each with its own type discriminator and required fields — and have been collapsed into a single unified object schema. The type discriminator field is gone, resourceIds semantics changed, and the new field effectiveBehavior ("end_of_term" | "immediate") has been added to the output required fields, meaning any client that previously relied on the oneOf variant shapes or omitted effectiveBehavior will break.

  • Additive

    Add rolling release start endpoint and firewall config promoted event

    Added new POST /v1/projects/{idOrName}/rolling-release/start endpoint to initiate rolling releases for deployments, with full response schema including rolling release state tracking. Also added team-firewall-config-promoted as a new allowed audit event type in three event enum definitions. These are purely additive changes that do not affect existing integrations.

  • Additive

    Add read:project-flags auth scope

    The read:project-flags OAuth scope has been added to five API endpoint definitions in the OpenAPI specification. This is an additive change that enables new authentication permissions for accessing project flags; existing integrations with other scopes will continue to work unchanged.

  • Additive

    Add firewall and connector response fields to Vercel API

    The diff adds new optional fields to Vercel API responses: isConnectedToPrioritizedProject (boolean) on connector list responses, configVersion (string or number) on firewall event payloads, and a new event type team-firewall-config-modified for webhook subscriptions. The change removes crs from the required fields list on firewall configuration objects. These additions enable clients to distinguish prioritized project connectors and track firewall configuration changes without breaking existing integrations.

  • Additive

    Add securityConfig field and vcr-repository-deleted event type

    The Vercel API adds two new optional response fields: a securityConfig array field across multiple ACL-related schemas, and a new vcr-repository-deleted event type to webhook event enums. These are purely additive changes that extend the API surface without breaking existing integrations.

  • Additive

    Add serviceName field and AI metrics fields to function config

    The diff adds a new optional serviceName field to function configuration objects across multiple endpoints, and adds several new fields (chatId, messageId, inputTokens, outputTokens, timestamp, and an events array) to an AI event payload schema. All new fields appear to be response fields and do not remove or alter existing functionality, making this purely additive.

  • Additive

    Add surchargeCostCurrency and gatewayCostCurrency fields

    Two new optional string fields, surchargeCostCurrency and gatewayCostCurrency, have been added to multiple response schemas in the Vercel API. These fields are purely additive and cannot break existing integrations that do not use them.

  • Additive

    Add domain-zone-change-internal event type and payload fields

    The Vercel API adds a new event type domain-zone-change-internal and expands the payload schema for domain zone change events. New optional fields zone, domain, initiator, source, and previousZone are now documented for domain zone change event payloads. These are purely additive changes that extend the webhook event system without altering existing event types or breaking client code.

  • Additive

    Add AI Gateway ACL permissions and fields

    The Vercel API adds three new team permissions — AiGatewayApiKeyOwnedBySelf, AiGatewayCredits, and AiGatewaySettings — along with corresponding optional ACL resource fields (aiGatewayApiKey, aiGatewayApiKeyOwnedBySelf, aiGatewayCredits, aiGatewaySettings) across multiple schema definitions. These additions enable fine-grained access control for AI Gateway features and are purely additive changes that do not affect existing behavior.

  • Breaking

    Remove mfe_group_ids field from multiple response schemas

    The mfe_group_ids array field has been removed from at least 6 response schema locations across the Vercel OpenAPI spec. Any client code that reads or depends on mfe_group_ids in these responses will no longer find it documented and may break if the field is also removed from the actual API responses.

  • Additive

    Add web-analytics visits aggregate endpoint and VCR webhook events

    Vercel added a new GET /v1/query/web-analytics/visits/aggregate endpoint to count and aggregate pageviews on projects, and introduced three new webhook event types: vcr-image-deleted, vcr-image-pushed, and vcr-repository-created. Both changes are purely additive and do not alter existing functionality.

  • Additive

    Add mfe_group_ids field to project configuration

    A new optional mfe_group_ids field (array of strings) has been added to the project configuration response schema across multiple endpoints. This is a purely additive change that allows existing clients to continue working without modification while new clients can utilize the additional field for micro-frontend grouping information.

  • Additive

    Add AI Gateway private models/providers to ACL and webhooks

    The diff adds three new optional fields to role/token ACL schemas (aiGatewayPrivateModels and codeOwners) and two new API token permission scopes (read-write:ai-gateway-private-models and read:ai-gateway-private-models). It also expands webhook event types to include six new events for private model and provider lifecycle (ai-gateway-private-model-* and ai-gateway-private-provider-*). These are all additive changes that extend capability without breaking existing integrations.

  • Additive

    Make `type` field optional in service routing destinations

    The type field in service routing destination objects is now optional instead of required. The field previously had a fixed enum value of "service" and is no longer necessary for identification since service presence alone identifies the destination format. This is backwards-compatible as existing requests including type will continue to work.

  • Additive

    Add 402 error response code to three endpoints

    Three API endpoints now document a 402 error response (payment required). This is a new documented error condition that clients may encounter and should handle, but does not break existing integrations as it's additive to the error responses.

  • Additive

    Add emu-member-removed-unverified-domain event type

    A new event type emu-member-removed-unverified-domain has been added to the Vercel API's event system, along with a new response schema containing deletedUser (with username and email), deletedUid, and emailDomain fields. This is a purely additive change that extends the event types webhooks can subscribe to without affecting existing integrations.