2026-02-05

Added

App Deployments API

A new set of endpoints for managing the application deployment lifecycle has been introduced:
  • List Deployments: GET /api/v1/apps`/{uuid}`/deployments
  • Get Deployment Details: “GET /api/v1/apps/{uuid}/deployments/{id}
  • Get Build Logs: GET /api/v1/apps`/{uuid}`/deployments`/{id}`/logs
  • Stream Build Logs: GET /api/v1/apps`/{uuid}`/deployments`/{id}`/stream_logs
  • Cancel Deployment: POST /api/v1/apps`/{uuid}`/deployments`/{id}`/cancel
  • Rollback Deployment: POST /api/v1/apps`/{uuid}`/deployments`/{id}`/rollback

App Ports API

Full management of application network ports is now available:
  • List Ports: GET /api/v1/workspaces`/{ws}`/apps`/{app}`/ports
  • Create Port: POST /api/v1/workspaces`/{ws}`/apps`/{app}`/ports
  • Delete Port: “DELETE /api/v1/workspaces/{ws}/apps/{app}/ports/{id}
  • Expose Port Publicly: PATCH /api/v1/workspaces`/{ws}`/apps`/{app}`/ports`/{id}`/expose_publicly
  • Make Port Private: PATCH /api/v1/workspaces`/{ws}`/apps`/{app}`/ports`/{id}`/make_private

Add-on Password Rotation

The new POST /api/v1/apps`/{uuid}`/addons`/{id}`/rotate_password endpoint allows for secure password rotation for supported add-ons, such as databases.

Basic Authentication

The PUT /api/v1/apps`/{uuid}`/security endpoint now supports basic_auth_enabled, basic_auth_username, and basic_auth_password parameters, allowing you to enable and configure Basic Authentication for your application.

Changed

  • Deployment Options: The POST /api/v1/apps`/{uuid}`/deploy endpoint now accepts commit_sha and branch parameters, enabling more precise deployments from Git repositories.
  • Builder Options: The builder parameter in POST /api/v1/apps has been expanded to support auto (automatic buildpack detection) and custom (language-specific builder) in addition to dockerfile.
  • Resource Validation: The “PUT /api/v1/resources/{uuid} endpoint now validates against plan downgrades to prevent assigning a plan with insufficient resources (CPU, RAM, storage).
  • Add-on Deletion Logic: The logic for deleting an add-on (“DELETE /api/v1/apps/{uuid}/addons/{id}) has been refactored into a dedicated service object for improved maintainability.

Removed

  • The POST /api/v1/apps`/{uuid}`/sync_parent_image endpoint has been removed.