chore(api): update composite API spec

stainless-app[bot] · stainless-app[bot] · commit 5cc95f1ee99c · 2026-04-30T14:47:02.000Z
diff --git a/.stats.yml b/.stats.yml
@@ -1,4 +1,4 @@
 configured_endpoints: 2195
 openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-a6c352830d1270d0abb5bb983058ea21815e1bb7d2e163965335dcb0e706f057.yml
-openapi_spec_hash: 93aa588f2a0a180eefe9654f56cd065b
+openapi_spec_hash: a7e122c59429c7ec48c11144e6842390
 config_hash: a83bae9f0be0219cfe77d38d5af60d4a
diff --git a/src/cloudflare/resources/fraud/fraud.py b/src/cloudflare/resources/fraud/fraud.py
@@ -49,6 +49,7 @@ def update(
         self,
         *,
         zone_id: str,
+        authentication_settings: fraud_update_params.AuthenticationSettings | Omit = omit,
         user_profiles: Literal["enabled", "disabled"] | Omit = omit,
         username_expressions: SequenceNotStr[str] | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
@@ -69,6 +70,14 @@ def update(
         Args:
           zone_id: Identifier.
 
+          authentication_settings: Configuration for classifying login authentication outcomes based on the origin
+              response. Requires `user_profiles` to be enabled.
+
+              - Success and failure criteria are independently updatable — sending only
+                `success_criteria` leaves failure codes untouched, and vice versa.
+              - Omit `authentication_settings` entirely to leave both unchanged.
+              - Status codes must not overlap between success and failure criteria.
+
           user_profiles: Whether Fraud User Profiles is enabled for the zone.
 
           username_expressions: List of expressions to detect usernames in write HTTP requests.
@@ -93,6 +102,7 @@ def update(
             path_template("/zones/{zone_id}/fraud_detection/settings", zone_id=zone_id),
             body=maybe_transform(
                 {
+                    "authentication_settings": authentication_settings,
                     "user_profiles": user_profiles,
                     "username_expressions": username_expressions,
                 },
@@ -172,6 +182,7 @@ async def update(
         self,
         *,
         zone_id: str,
+        authentication_settings: fraud_update_params.AuthenticationSettings | Omit = omit,
         user_profiles: Literal["enabled", "disabled"] | Omit = omit,
         username_expressions: SequenceNotStr[str] | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
@@ -192,6 +203,14 @@ async def update(
         Args:
           zone_id: Identifier.
 
+          authentication_settings: Configuration for classifying login authentication outcomes based on the origin
+              response. Requires `user_profiles` to be enabled.
+
+              - Success and failure criteria are independently updatable — sending only
+                `success_criteria` leaves failure codes untouched, and vice versa.
+              - Omit `authentication_settings` entirely to leave both unchanged.
+              - Status codes must not overlap between success and failure criteria.
+
           user_profiles: Whether Fraud User Profiles is enabled for the zone.
 
           username_expressions: List of expressions to detect usernames in write HTTP requests.
@@ -216,6 +235,7 @@ async def update(
             path_template("/zones/{zone_id}/fraud_detection/settings", zone_id=zone_id),
             body=await async_maybe_transform(
                 {
+                    "authentication_settings": authentication_settings,
                     "user_profiles": user_profiles,
                     "username_expressions": username_expressions,
                 },
diff --git a/src/cloudflare/types/fraud/fraud_settings.py b/src/cloudflare/types/fraud/fraud_settings.py
@@ -5,10 +5,78 @@
 
 from ..._models import BaseModel
 
-__all__ = ["FraudSettings"]
+__all__ = [
+    "FraudSettings",
+    "AuthenticationSettings",
+    "AuthenticationSettingsFailureCriteria",
+    "AuthenticationSettingsSuccessCriteria",
+]
+
+
+class AuthenticationSettingsFailureCriteria(BaseModel):
+    """Criterion for identifying failed login responses."""
+
+    kind: Literal["status_code"]
+    """The type of criterion. Currently only `status_code` is supported."""
+
+    status_codes: Optional[List[int]] = None
+    """HTTP status codes to match against the origin response.
+
+    - Maximum of 10 codes per criterion.
+    - Each code must be a valid HTTP status code (100-599).
+    - Codes are deduplicated and sorted on save.
+    - Omit to leave unchanged on update.
+    - Provide an empty array `[]` to clear codes on update.
+    """
+
+
+class AuthenticationSettingsSuccessCriteria(BaseModel):
+    """Criterion for identifying successful login responses."""
+
+    kind: Literal["status_code"]
+    """The type of criterion. Currently only `status_code` is supported."""
+
+    status_codes: Optional[List[int]] = None
+    """HTTP status codes to match against the origin response.
+
+    - Maximum of 10 codes per criterion.
+    - Each code must be a valid HTTP status code (100-599).
+    - Codes are deduplicated and sorted on save.
+    - Omit to leave unchanged on update.
+    - Provide an empty array `[]` to clear codes on update.
+    """
+
+
+class AuthenticationSettings(BaseModel):
+    """
+    Configuration for classifying login authentication outcomes based on the origin response.
+    Requires `user_profiles` to be enabled.
+
+    - Success and failure criteria are independently updatable — sending only `success_criteria`
+      leaves failure codes untouched, and vice versa.
+    - Omit `authentication_settings` entirely to leave both unchanged.
+    - Status codes must not overlap between success and failure criteria.
+    """
+
+    failure_criteria: Optional[AuthenticationSettingsFailureCriteria] = None
+    """Criterion for identifying failed login responses."""
+
+    success_criteria: Optional[AuthenticationSettingsSuccessCriteria] = None
+    """Criterion for identifying successful login responses."""
 
 
 class FraudSettings(BaseModel):
+    authentication_settings: Optional[AuthenticationSettings] = None
+    """
+    Configuration for classifying login authentication outcomes based on the origin
+    response. Requires `user_profiles` to be enabled.
+
+    - Success and failure criteria are independently updatable — sending only
+      `success_criteria` leaves failure codes untouched, and vice versa.
+    - Omit `authentication_settings` entirely to leave both unchanged.
+    - Status codes must not overlap between success and failure criteria.
+    """
+
     user_profiles: Optional[Literal["enabled", "disabled"]] = None
     """Whether Fraud User Profiles is enabled for the zone."""
 
diff --git a/src/cloudflare/types/fraud/fraud_update_params.py b/src/cloudflare/types/fraud/fraud_update_params.py
@@ -2,17 +2,34 @@
 
 from __future__ import annotations
 
+from typing import Iterable
 from typing_extensions import Literal, Required, TypedDict
 
 from ..._types import SequenceNotStr
 
-__all__ = ["FraudUpdateParams"]
+__all__ = [
+    "FraudUpdateParams",
+    "AuthenticationSettings",
+    "AuthenticationSettingsFailureCriteria",
+    "AuthenticationSettingsSuccessCriteria",
+]
 
 
 class FraudUpdateParams(TypedDict, total=False):
     zone_id: Required[str]
     """Identifier."""
 
+    authentication_settings: AuthenticationSettings
+    """
+    Configuration for classifying login authentication outcomes based on the origin
+    response. Requires `user_profiles` to be enabled.
+
+    - Success and failure criteria are independently updatable — sending only
+      `success_criteria` leaves failure codes untouched, and vice versa.
+    - Omit `authentication_settings` entirely to leave both unchanged.
+    - Status codes must not overlap between success and failure criteria.
+    """
+
     user_profiles: Literal["enabled", "disabled"]
     """Whether Fraud User Profiles is enabled for the zone."""
 
@@ -25,3 +42,55 @@ class FraudUpdateParams(TypedDict, total=False):
     - Invalid expressions will result in a 10400 Bad Request with details in the
       `messages` array.
     """
+
+
+class AuthenticationSettingsFailureCriteria(TypedDict, total=False):
+    """Criterion for identifying failed login responses."""
+
+    kind: Required[Literal["status_code"]]
+    """The type of criterion. Currently only `status_code` is supported."""
+
+    status_codes: Iterable[int]
+    """HTTP status codes to match against the origin response.
+
+    - Maximum of 10 codes per criterion.
+    - Each code must be a valid HTTP status code (100-599).
+    - Codes are deduplicated and sorted on save.
+    - Omit to leave unchanged on update.
+    - Provide an empty array `[]` to clear codes on update.
+    """
+
+
+class AuthenticationSettingsSuccessCriteria(TypedDict, total=False):
+    """Criterion for identifying successful login responses."""
+
+    kind: Required[Literal["status_code"]]
+    """The type of criterion. Currently only `status_code` is supported."""
+
+    status_codes: Iterable[int]
+    """HTTP status codes to match against the origin response.
+
+    - Maximum of 10 codes per criterion.
+    - Each code must be a valid HTTP status code (100-599).
+    - Codes are deduplicated and sorted on save.
+    - Omit to leave unchanged on update.
+    - Provide an empty array `[]` to clear codes on update.
+    """
+
+
+class AuthenticationSettings(TypedDict, total=False):
+    """
+    Configuration for classifying login authentication outcomes based on the origin response.
+    Requires `user_profiles` to be enabled.
+
+    - Success and failure criteria are independently updatable — sending only `success_criteria`
+      leaves failure codes untouched, and vice versa.
+    - Omit `authentication_settings` entirely to leave both unchanged.
+    - Status codes must not overlap between success and failure criteria.
+    """
+
+    failure_criteria: AuthenticationSettingsFailureCriteria
+    """Criterion for identifying failed login responses."""
+
+    success_criteria: AuthenticationSettingsSuccessCriteria
+    """Criterion for identifying successful login responses."""
diff --git a/tests/api_resources/test_fraud.py b/tests/api_resources/test_fraud.py
@@ -28,6 +28,16 @@ def test_method_update(self, client: Cloudflare) -> None:
     def test_method_update_with_all_params(self, client: Cloudflare) -> None:
         fraud = client.fraud.update(
             zone_id="023e105f4ecef8ad9ca31a8372d0c353",
+            authentication_settings={
+                "failure_criteria": {
+                    "kind": "status_code",
+                    "status_codes": [200, 201],
+                },
+                "success_criteria": {
+                    "kind": "status_code",
+                    "status_codes": [200, 201],
+                },
+            },
             user_profiles="disabled",
             username_expressions=["string"],
         )
@@ -119,6 +129,16 @@ async def test_method_update(self, async_client: AsyncCloudflare) -> None:
     async def test_method_update_with_all_params(self, async_client: AsyncCloudflare) -> None:
         fraud = await async_client.fraud.update(
             zone_id="023e105f4ecef8ad9ca31a8372d0c353",
+            authentication_settings={
+                "failure_criteria": {
+                    "kind": "status_code",
+                    "status_codes": [200, 201],
+                },
+                "success_criteria": {
+                    "kind": "status_code",
+                    "status_codes": [200, 201],
+                },
+            },
             user_profiles="disabled",
             username_expressions=["string"],
         )
