From 25ac005b6028aaf44daf00ff29dc0fea43827056 Mon Sep 17 00:00:00 2001
From: "stainless-app[bot]"
 <142633134+stainless-app[bot]@users.noreply.github.com>
Date: Thu, 12 Dec 2024 20:56:59 +0000
Subject: [PATCH] feat(api): api update

---
 .stats.yml                                    |   4 +-
 api.md                                        |  45 +-
 .../resources/zero_trust/devices/__init__.py  |  14 -
 .../resources/zero_trust/devices/devices.py   |  32 --
 .../zero_trust/devices/fleet_status.py        | 220 --------
 .../resources/zero_trust/dex/__init__.py      |  14 -
 .../zero_trust/dex/commands/__init__.py       |  47 --
 .../zero_trust/dex/commands/commands.py       | 417 ---------------
 .../zero_trust/dex/commands/downloads.py      | 190 -------
 .../zero_trust/dex/commands/quota.py          | 176 -------
 .../resources/zero_trust/dex/dex.py           |  33 --
 .../zero_trust/gateway/lists/lists.py         |  20 +-
 src/cloudflare/resources/zones/holds.py       |  14 +-
 .../types/accounts/token_create_params.py     |   2 +-
 .../types/accounts/token_create_response.py   |   2 +-
 .../types/accounts/token_update_params.py     |   2 +-
 .../types/magic_transit/sites/wan.py          |   7 +
 src/cloudflare/types/page_rules/page_rule.py  |  78 ++-
 .../page_rules/page_rule_create_params.py     |  78 ++-
 .../types/page_rules/page_rule_edit_params.py |  78 ++-
 .../page_rules/page_rule_update_params.py     |  78 ++-
 src/cloudflare/types/shared/token.py          |   2 +-
 src/cloudflare/types/shared/token_policy.py   |  12 +-
 .../types/shared_params/token_policy.py       |  12 +-
 .../types/user/token_create_params.py         |   2 +-
 .../types/user/token_create_response.py       |   2 +-
 .../types/user/token_update_params.py         |   2 +-
 .../access/application_create_params.py       | 405 +++++++++++++++
 .../access/application_create_response.py     | 473 +++++++++++++++++-
 .../access/application_get_response.py        | 473 +++++++++++++++++-
 .../access/application_list_response.py       | 473 +++++++++++++++++-
 .../access/application_update_params.py       | 405 +++++++++++++++
 .../access/application_update_response.py     | 473 +++++++++++++++++-
 .../types/zero_trust/devices/__init__.py      |   2 -
 .../devices/fleet_status_get_params.py        |  20 -
 .../devices/fleet_status_get_response.py      | 268 ----------
 .../types/zero_trust/dex/__init__.py          |   4 -
 .../zero_trust/dex/command_create_params.py   |  57 ---
 .../zero_trust/dex/command_create_response.py |  30 --
 .../zero_trust/dex/command_list_params.py     |  39 --
 .../zero_trust/dex/command_list_response.py   |  30 --
 .../types/zero_trust/dex/commands/__init__.py |   2 -
 .../dex/commands/quota_get_response.py        |  18 -
 .../zero_trust/gateway/list_update_params.py  |   6 +
 tests/api_resources/accounts/test_tokens.py   | 106 +++-
 tests/api_resources/user/test_tokens.py       |  86 +++-
 .../zero_trust/devices/test_fleet_status.py   | 150 ------
 .../zero_trust/dex/commands/__init__.py       |   1 -
 .../zero_trust/dex/commands/test_downloads.py | 184 -------
 .../zero_trust/dex/commands/test_quota.py     |  98 ----
 .../zero_trust/dex/test_commands.py           | 281 -----------
 .../zero_trust/gateway/test_lists.py          |  12 +
 tests/api_resources/zones/test_holds.py       |  18 +-
 53 files changed, 3103 insertions(+), 2594 deletions(-)
 delete mode 100644 src/cloudflare/resources/zero_trust/devices/fleet_status.py
 delete mode 100644 src/cloudflare/resources/zero_trust/dex/commands/__init__.py
 delete mode 100644 src/cloudflare/resources/zero_trust/dex/commands/commands.py
 delete mode 100644 src/cloudflare/resources/zero_trust/dex/commands/downloads.py
 delete mode 100644 src/cloudflare/resources/zero_trust/dex/commands/quota.py
 delete mode 100644 src/cloudflare/types/zero_trust/devices/fleet_status_get_params.py
 delete mode 100644 src/cloudflare/types/zero_trust/devices/fleet_status_get_response.py
 delete mode 100644 src/cloudflare/types/zero_trust/dex/command_create_params.py
 delete mode 100644 src/cloudflare/types/zero_trust/dex/command_create_response.py
 delete mode 100644 src/cloudflare/types/zero_trust/dex/command_list_params.py
 delete mode 100644 src/cloudflare/types/zero_trust/dex/command_list_response.py
 delete mode 100644 src/cloudflare/types/zero_trust/dex/commands/quota_get_response.py
 delete mode 100644 tests/api_resources/zero_trust/devices/test_fleet_status.py
 delete mode 100644 tests/api_resources/zero_trust/dex/commands/__init__.py
 delete mode 100644 tests/api_resources/zero_trust/dex/commands/test_downloads.py
 delete mode 100644 tests/api_resources/zero_trust/dex/commands/test_quota.py
 delete mode 100644 tests/api_resources/zero_trust/dex/test_commands.py

diff --git a/.stats.yml b/.stats.yml
index 24f4e2b477c..3b704f87bcf 100644
--- a/.stats.yml
+++ b/.stats.yml
@@ -1,2 +1,2 @@
-configured_endpoints: 1460
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-31e83e551de81cf50b30c8dda5b5b8f3f7e7034ad82af7fb6caa67f76cae7e9d.yml
+configured_endpoints: 1455
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-4118c37824cecf34c05447175906b84c57105e89ea6a092fee7047b46613e094.yml
diff --git a/api.md b/api.md
index a7c4dcff441..6e0daf9fc74 100644
--- a/api.md
+++ b/api.md
@@ -416,7 +416,7 @@ from cloudflare.types.zones import ZoneHold
 Methods:
 
 - <code title="post /zones/{zone_id}/hold">client.zones.holds.<a href="./src/cloudflare/resources/zones/holds.py">create</a>(\*, zone_id, \*\*<a href="src/cloudflare/types/zones/hold_create_params.py">params</a>) -> <a href="./src/cloudflare/types/zones/zone_hold.py">ZoneHold</a></code>
-- <code title="delete /zones/{zone_id}/hold">client.zones.holds.<a href="./src/cloudflare/resources/zones/holds.py">delete</a>(\*, zone_id, \*\*<a href="src/cloudflare/types/zones/hold_delete_params.py">params</a>) -> <a href="./src/cloudflare/types/zones/zone_hold.py">Optional[ZoneHold]</a></code>
+- <code title="delete /zones/{zone_id}/hold">client.zones.holds.<a href="./src/cloudflare/resources/zones/holds.py">delete</a>(\*, zone_id, \*\*<a href="src/cloudflare/types/zones/hold_delete_params.py">params</a>) -> <a href="./src/cloudflare/types/zones/zone_hold.py">ZoneHold</a></code>
 - <code title="get /zones/{zone_id}/hold">client.zones.holds.<a href="./src/cloudflare/resources/zones/holds.py">get</a>(\*, zone_id) -> <a href="./src/cloudflare/types/zones/zone_hold.py">ZoneHold</a></code>
 
 ## Subscriptions
@@ -4841,18 +4841,6 @@ Methods:
 - <code title="delete /accounts/{account_id}/devices/networks/{network_id}">client.zero_trust.devices.networks.<a href="./src/cloudflare/resources/zero_trust/devices/networks.py">delete</a>(network_id, \*, account_id) -> <a href="./src/cloudflare/types/zero_trust/devices/network_delete_response.py">Optional[NetworkDeleteResponse]</a></code>
 - <code title="get /accounts/{account_id}/devices/networks/{network_id}">client.zero_trust.devices.networks.<a href="./src/cloudflare/resources/zero_trust/devices/networks.py">get</a>(network_id, \*, account_id) -> <a href="./src/cloudflare/types/zero_trust/devices/device_network.py">Optional[DeviceNetwork]</a></code>
 
-### FleetStatus
-
-Types:
-
-```python
-from cloudflare.types.zero_trust.devices import FleetStatusGetResponse
-```
-
-Methods:
-
-- <code title="get /accounts/{account_id}/devices/{device_id}/fleet-status/live">client.zero_trust.devices.fleet_status.<a href="./src/cloudflare/resources/zero_trust/devices/fleet_status.py">get</a>(device_id, \*, account_id, \*\*<a href="src/cloudflare/types/zero_trust/devices/fleet_status_get_params.py">params</a>) -> <a href="./src/cloudflare/types/zero_trust/devices/fleet_status_get_response.py">FleetStatusGetResponse</a></code>
-
 ### Policies
 
 Types:
@@ -5591,37 +5579,6 @@ from cloudflare.types.zero_trust import (
 )
 ```
 
-### Commands
-
-Types:
-
-```python
-from cloudflare.types.zero_trust.dex import CommandCreateResponse, CommandListResponse
-```
-
-Methods:
-
-- <code title="post /accounts/{account_id}/commands">client.zero_trust.dex.commands.<a href="./src/cloudflare/resources/zero_trust/dex/commands/commands.py">create</a>(\*, account_id, \*\*<a href="src/cloudflare/types/zero_trust/dex/command_create_params.py">params</a>) -> <a href="./src/cloudflare/types/zero_trust/dex/command_create_response.py">Optional[CommandCreateResponse]</a></code>
-- <code title="get /accounts/{account_id}/commands">client.zero_trust.dex.commands.<a href="./src/cloudflare/resources/zero_trust/dex/commands/commands.py">list</a>(\*, account_id, \*\*<a href="src/cloudflare/types/zero_trust/dex/command_list_params.py">params</a>) -> <a href="./src/cloudflare/types/zero_trust/dex/command_list_response.py">SyncV4PagePagination[Optional[CommandListResponse]]</a></code>
-
-#### Downloads
-
-Methods:
-
-- <code title="get /accounts/{account_id}/commands/{command_id}/downloads/{filename}">client.zero_trust.dex.commands.downloads.<a href="./src/cloudflare/resources/zero_trust/dex/commands/downloads.py">get</a>(filename, \*, account_id, command_id) -> BinaryAPIResponse</code>
-
-#### Quota
-
-Types:
-
-```python
-from cloudflare.types.zero_trust.dex.commands import QuotaGetResponse
-```
-
-Methods:
-
-- <code title="get /accounts/{account_id}/commands/quota">client.zero_trust.dex.commands.quota.<a href="./src/cloudflare/resources/zero_trust/dex/commands/quota.py">get</a>(\*, account_id) -> <a href="./src/cloudflare/types/zero_trust/dex/commands/quota_get_response.py">Optional[QuotaGetResponse]</a></code>
-
 ### Colos
 
 Types:
diff --git a/src/cloudflare/resources/zero_trust/devices/__init__.py b/src/cloudflare/resources/zero_trust/devices/__init__.py
index 5b55d59405f..3002bba6155 100644
--- a/src/cloudflare/resources/zero_trust/devices/__init__.py
+++ b/src/cloudflare/resources/zero_trust/devices/__init__.py
@@ -64,14 +64,6 @@
     DEXTestsResourceWithStreamingResponse,
     AsyncDEXTestsResourceWithStreamingResponse,
 )
-from .fleet_status import (
-    FleetStatusResource,
-    AsyncFleetStatusResource,
-    FleetStatusResourceWithRawResponse,
-    AsyncFleetStatusResourceWithRawResponse,
-    FleetStatusResourceWithStreamingResponse,
-    AsyncFleetStatusResourceWithStreamingResponse,
-)
 from .override_codes import (
     OverrideCodesResource,
     AsyncOverrideCodesResource,
@@ -94,12 +86,6 @@
     "AsyncNetworksResourceWithRawResponse",
     "NetworksResourceWithStreamingResponse",
     "AsyncNetworksResourceWithStreamingResponse",
-    "FleetStatusResource",
-    "AsyncFleetStatusResource",
-    "FleetStatusResourceWithRawResponse",
-    "AsyncFleetStatusResourceWithRawResponse",
-    "FleetStatusResourceWithStreamingResponse",
-    "AsyncFleetStatusResourceWithStreamingResponse",
     "PoliciesResource",
     "AsyncPoliciesResource",
     "PoliciesResourceWithRawResponse",
diff --git a/src/cloudflare/resources/zero_trust/devices/devices.py b/src/cloudflare/resources/zero_trust/devices/devices.py
index c8da8b5a201..73e50bc540a 100644
--- a/src/cloudflare/resources/zero_trust/devices/devices.py
+++ b/src/cloudflare/resources/zero_trust/devices/devices.py
@@ -72,14 +72,6 @@
     async_to_streamed_response_wrapper,
 )
 from ...._wrappers import ResultWrapper
-from .fleet_status import (
-    FleetStatusResource,
-    AsyncFleetStatusResource,
-    FleetStatusResourceWithRawResponse,
-    AsyncFleetStatusResourceWithRawResponse,
-    FleetStatusResourceWithStreamingResponse,
-    AsyncFleetStatusResourceWithStreamingResponse,
-)
 from ....pagination import SyncSinglePage, AsyncSinglePage
 from .override_codes import (
     OverrideCodesResource,
@@ -107,10 +99,6 @@ def dex_tests(self) -> DEXTestsResource:
     def networks(self) -> NetworksResource:
         return NetworksResource(self._client)
 
-    @cached_property
-    def fleet_status(self) -> FleetStatusResource:
-        return FleetStatusResource(self._client)
-
     @cached_property
     def policies(self) -> PoliciesResource:
         return PoliciesResource(self._client)
@@ -245,10 +233,6 @@ def dex_tests(self) -> AsyncDEXTestsResource:
     def networks(self) -> AsyncNetworksResource:
         return AsyncNetworksResource(self._client)
 
-    @cached_property
-    def fleet_status(self) -> AsyncFleetStatusResource:
-        return AsyncFleetStatusResource(self._client)
-
     @cached_property
     def policies(self) -> AsyncPoliciesResource:
         return AsyncPoliciesResource(self._client)
@@ -393,10 +377,6 @@ def dex_tests(self) -> DEXTestsResourceWithRawResponse:
     def networks(self) -> NetworksResourceWithRawResponse:
         return NetworksResourceWithRawResponse(self._devices.networks)
 
-    @cached_property
-    def fleet_status(self) -> FleetStatusResourceWithRawResponse:
-        return FleetStatusResourceWithRawResponse(self._devices.fleet_status)
-
     @cached_property
     def policies(self) -> PoliciesResourceWithRawResponse:
         return PoliciesResourceWithRawResponse(self._devices.policies)
@@ -441,10 +421,6 @@ def dex_tests(self) -> AsyncDEXTestsResourceWithRawResponse:
     def networks(self) -> AsyncNetworksResourceWithRawResponse:
         return AsyncNetworksResourceWithRawResponse(self._devices.networks)
 
-    @cached_property
-    def fleet_status(self) -> AsyncFleetStatusResourceWithRawResponse:
-        return AsyncFleetStatusResourceWithRawResponse(self._devices.fleet_status)
-
     @cached_property
     def policies(self) -> AsyncPoliciesResourceWithRawResponse:
         return AsyncPoliciesResourceWithRawResponse(self._devices.policies)
@@ -489,10 +465,6 @@ def dex_tests(self) -> DEXTestsResourceWithStreamingResponse:
     def networks(self) -> NetworksResourceWithStreamingResponse:
         return NetworksResourceWithStreamingResponse(self._devices.networks)
 
-    @cached_property
-    def fleet_status(self) -> FleetStatusResourceWithStreamingResponse:
-        return FleetStatusResourceWithStreamingResponse(self._devices.fleet_status)
-
     @cached_property
     def policies(self) -> PoliciesResourceWithStreamingResponse:
         return PoliciesResourceWithStreamingResponse(self._devices.policies)
@@ -537,10 +509,6 @@ def dex_tests(self) -> AsyncDEXTestsResourceWithStreamingResponse:
     def networks(self) -> AsyncNetworksResourceWithStreamingResponse:
         return AsyncNetworksResourceWithStreamingResponse(self._devices.networks)
 
-    @cached_property
-    def fleet_status(self) -> AsyncFleetStatusResourceWithStreamingResponse:
-        return AsyncFleetStatusResourceWithStreamingResponse(self._devices.fleet_status)
-
     @cached_property
     def policies(self) -> AsyncPoliciesResourceWithStreamingResponse:
         return AsyncPoliciesResourceWithStreamingResponse(self._devices.policies)
diff --git a/src/cloudflare/resources/zero_trust/devices/fleet_status.py b/src/cloudflare/resources/zero_trust/devices/fleet_status.py
deleted file mode 100644
index 871b776677f..00000000000
--- a/src/cloudflare/resources/zero_trust/devices/fleet_status.py
+++ /dev/null
@@ -1,220 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from __future__ import annotations
-
-import httpx
-
-from ...._types import NOT_GIVEN, Body, Query, Headers, NotGiven
-from ...._utils import (
-    maybe_transform,
-    async_maybe_transform,
-)
-from ...._compat import cached_property
-from ...._resource import SyncAPIResource, AsyncAPIResource
-from ...._response import (
-    to_raw_response_wrapper,
-    to_streamed_response_wrapper,
-    async_to_raw_response_wrapper,
-    async_to_streamed_response_wrapper,
-)
-from ...._base_client import make_request_options
-from ....types.zero_trust.devices import fleet_status_get_params
-from ....types.zero_trust.devices.fleet_status_get_response import FleetStatusGetResponse
-
-__all__ = ["FleetStatusResource", "AsyncFleetStatusResource"]
-
-
-class FleetStatusResource(SyncAPIResource):
-    @cached_property
-    def with_raw_response(self) -> FleetStatusResourceWithRawResponse:
-        """
-        This property can be used as a prefix for any HTTP method call to return the
-        the raw response object instead of the parsed content.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#accessing-raw-response-data-eg-headers
-        """
-        return FleetStatusResourceWithRawResponse(self)
-
-    @cached_property
-    def with_streaming_response(self) -> FleetStatusResourceWithStreamingResponse:
-        """
-        An alternative to `.with_raw_response` that doesn't eagerly read the response body.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#with_streaming_response
-        """
-        return FleetStatusResourceWithStreamingResponse(self)
-
-    def get(
-        self,
-        device_id: str,
-        *,
-        account_id: str,
-        since_minutes: float,
-        colo: str | NotGiven = NOT_GIVEN,
-        time_now: str | NotGiven = NOT_GIVEN,
-        # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
-        # The extra values given here take precedence over values defined on the client or passed to this method.
-        extra_headers: Headers | None = None,
-        extra_query: Query | None = None,
-        extra_body: Body | None = None,
-        timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
-    ) -> FleetStatusGetResponse:
-        """
-        Get the live status of a latest device given device_id from the device_state
-        table
-
-        Args:
-          device_id: Device-specific ID, given as UUID v4
-
-          since_minutes: Number of minutes before current time
-
-          colo: List of data centers to filter results
-
-          time_now: Number of minutes before current time
-
-          extra_headers: Send extra headers
-
-          extra_query: Add additional query parameters to the request
-
-          extra_body: Add additional JSON properties to the request
-
-          timeout: Override the client-level default timeout for this request, in seconds
-        """
-        if not account_id:
-            raise ValueError(f"Expected a non-empty value for `account_id` but received {account_id!r}")
-        if not device_id:
-            raise ValueError(f"Expected a non-empty value for `device_id` but received {device_id!r}")
-        return self._get(
-            f"/accounts/{account_id}/devices/{device_id}/fleet-status/live",
-            options=make_request_options(
-                extra_headers=extra_headers,
-                extra_query=extra_query,
-                extra_body=extra_body,
-                timeout=timeout,
-                query=maybe_transform(
-                    {
-                        "since_minutes": since_minutes,
-                        "colo": colo,
-                        "time_now": time_now,
-                    },
-                    fleet_status_get_params.FleetStatusGetParams,
-                ),
-            ),
-            cast_to=FleetStatusGetResponse,
-        )
-
-
-class AsyncFleetStatusResource(AsyncAPIResource):
-    @cached_property
-    def with_raw_response(self) -> AsyncFleetStatusResourceWithRawResponse:
-        """
-        This property can be used as a prefix for any HTTP method call to return the
-        the raw response object instead of the parsed content.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#accessing-raw-response-data-eg-headers
-        """
-        return AsyncFleetStatusResourceWithRawResponse(self)
-
-    @cached_property
-    def with_streaming_response(self) -> AsyncFleetStatusResourceWithStreamingResponse:
-        """
-        An alternative to `.with_raw_response` that doesn't eagerly read the response body.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#with_streaming_response
-        """
-        return AsyncFleetStatusResourceWithStreamingResponse(self)
-
-    async def get(
-        self,
-        device_id: str,
-        *,
-        account_id: str,
-        since_minutes: float,
-        colo: str | NotGiven = NOT_GIVEN,
-        time_now: str | NotGiven = NOT_GIVEN,
-        # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
-        # The extra values given here take precedence over values defined on the client or passed to this method.
-        extra_headers: Headers | None = None,
-        extra_query: Query | None = None,
-        extra_body: Body | None = None,
-        timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
-    ) -> FleetStatusGetResponse:
-        """
-        Get the live status of a latest device given device_id from the device_state
-        table
-
-        Args:
-          device_id: Device-specific ID, given as UUID v4
-
-          since_minutes: Number of minutes before current time
-
-          colo: List of data centers to filter results
-
-          time_now: Number of minutes before current time
-
-          extra_headers: Send extra headers
-
-          extra_query: Add additional query parameters to the request
-
-          extra_body: Add additional JSON properties to the request
-
-          timeout: Override the client-level default timeout for this request, in seconds
-        """
-        if not account_id:
-            raise ValueError(f"Expected a non-empty value for `account_id` but received {account_id!r}")
-        if not device_id:
-            raise ValueError(f"Expected a non-empty value for `device_id` but received {device_id!r}")
-        return await self._get(
-            f"/accounts/{account_id}/devices/{device_id}/fleet-status/live",
-            options=make_request_options(
-                extra_headers=extra_headers,
-                extra_query=extra_query,
-                extra_body=extra_body,
-                timeout=timeout,
-                query=await async_maybe_transform(
-                    {
-                        "since_minutes": since_minutes,
-                        "colo": colo,
-                        "time_now": time_now,
-                    },
-                    fleet_status_get_params.FleetStatusGetParams,
-                ),
-            ),
-            cast_to=FleetStatusGetResponse,
-        )
-
-
-class FleetStatusResourceWithRawResponse:
-    def __init__(self, fleet_status: FleetStatusResource) -> None:
-        self._fleet_status = fleet_status
-
-        self.get = to_raw_response_wrapper(
-            fleet_status.get,
-        )
-
-
-class AsyncFleetStatusResourceWithRawResponse:
-    def __init__(self, fleet_status: AsyncFleetStatusResource) -> None:
-        self._fleet_status = fleet_status
-
-        self.get = async_to_raw_response_wrapper(
-            fleet_status.get,
-        )
-
-
-class FleetStatusResourceWithStreamingResponse:
-    def __init__(self, fleet_status: FleetStatusResource) -> None:
-        self._fleet_status = fleet_status
-
-        self.get = to_streamed_response_wrapper(
-            fleet_status.get,
-        )
-
-
-class AsyncFleetStatusResourceWithStreamingResponse:
-    def __init__(self, fleet_status: AsyncFleetStatusResource) -> None:
-        self._fleet_status = fleet_status
-
-        self.get = async_to_streamed_response_wrapper(
-            fleet_status.get,
-        )
diff --git a/src/cloudflare/resources/zero_trust/dex/__init__.py b/src/cloudflare/resources/zero_trust/dex/__init__.py
index defe96da107..b79e8e9ec69 100644
--- a/src/cloudflare/resources/zero_trust/dex/__init__.py
+++ b/src/cloudflare/resources/zero_trust/dex/__init__.py
@@ -24,14 +24,6 @@
     TestsResourceWithStreamingResponse,
     AsyncTestsResourceWithStreamingResponse,
 )
-from .commands import (
-    CommandsResource,
-    AsyncCommandsResource,
-    CommandsResourceWithRawResponse,
-    AsyncCommandsResourceWithRawResponse,
-    CommandsResourceWithStreamingResponse,
-    AsyncCommandsResourceWithStreamingResponse,
-)
 from .http_tests import (
     HTTPTestsResource,
     AsyncHTTPTestsResource,
@@ -66,12 +58,6 @@
 )
 
 __all__ = [
-    "CommandsResource",
-    "AsyncCommandsResource",
-    "CommandsResourceWithRawResponse",
-    "AsyncCommandsResourceWithRawResponse",
-    "CommandsResourceWithStreamingResponse",
-    "AsyncCommandsResourceWithStreamingResponse",
     "ColosResource",
     "AsyncColosResource",
     "ColosResourceWithRawResponse",
diff --git a/src/cloudflare/resources/zero_trust/dex/commands/__init__.py b/src/cloudflare/resources/zero_trust/dex/commands/__init__.py
deleted file mode 100644
index 4566edefe96..00000000000
--- a/src/cloudflare/resources/zero_trust/dex/commands/__init__.py
+++ /dev/null
@@ -1,47 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from .quota import (
-    QuotaResource,
-    AsyncQuotaResource,
-    QuotaResourceWithRawResponse,
-    AsyncQuotaResourceWithRawResponse,
-    QuotaResourceWithStreamingResponse,
-    AsyncQuotaResourceWithStreamingResponse,
-)
-from .commands import (
-    CommandsResource,
-    AsyncCommandsResource,
-    CommandsResourceWithRawResponse,
-    AsyncCommandsResourceWithRawResponse,
-    CommandsResourceWithStreamingResponse,
-    AsyncCommandsResourceWithStreamingResponse,
-)
-from .downloads import (
-    DownloadsResource,
-    AsyncDownloadsResource,
-    DownloadsResourceWithRawResponse,
-    AsyncDownloadsResourceWithRawResponse,
-    DownloadsResourceWithStreamingResponse,
-    AsyncDownloadsResourceWithStreamingResponse,
-)
-
-__all__ = [
-    "DownloadsResource",
-    "AsyncDownloadsResource",
-    "DownloadsResourceWithRawResponse",
-    "AsyncDownloadsResourceWithRawResponse",
-    "DownloadsResourceWithStreamingResponse",
-    "AsyncDownloadsResourceWithStreamingResponse",
-    "QuotaResource",
-    "AsyncQuotaResource",
-    "QuotaResourceWithRawResponse",
-    "AsyncQuotaResourceWithRawResponse",
-    "QuotaResourceWithStreamingResponse",
-    "AsyncQuotaResourceWithStreamingResponse",
-    "CommandsResource",
-    "AsyncCommandsResource",
-    "CommandsResourceWithRawResponse",
-    "AsyncCommandsResourceWithRawResponse",
-    "CommandsResourceWithStreamingResponse",
-    "AsyncCommandsResourceWithStreamingResponse",
-]
diff --git a/src/cloudflare/resources/zero_trust/dex/commands/commands.py b/src/cloudflare/resources/zero_trust/dex/commands/commands.py
deleted file mode 100644
index f59aadf5646..00000000000
--- a/src/cloudflare/resources/zero_trust/dex/commands/commands.py
+++ /dev/null
@@ -1,417 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from __future__ import annotations
-
-from typing import Type, Union, Iterable, Optional, cast
-from datetime import datetime
-from typing_extensions import Literal
-
-import httpx
-
-from .quota import (
-    QuotaResource,
-    AsyncQuotaResource,
-    QuotaResourceWithRawResponse,
-    AsyncQuotaResourceWithRawResponse,
-    QuotaResourceWithStreamingResponse,
-    AsyncQuotaResourceWithStreamingResponse,
-)
-from .downloads import (
-    DownloadsResource,
-    AsyncDownloadsResource,
-    DownloadsResourceWithRawResponse,
-    AsyncDownloadsResourceWithRawResponse,
-    DownloadsResourceWithStreamingResponse,
-    AsyncDownloadsResourceWithStreamingResponse,
-)
-from ....._types import NOT_GIVEN, Body, Query, Headers, NotGiven
-from ....._utils import (
-    maybe_transform,
-    async_maybe_transform,
-)
-from ....._compat import cached_property
-from ....._resource import SyncAPIResource, AsyncAPIResource
-from ....._response import (
-    to_raw_response_wrapper,
-    to_streamed_response_wrapper,
-    async_to_raw_response_wrapper,
-    async_to_streamed_response_wrapper,
-)
-from ....._wrappers import ResultWrapper
-from .....pagination import SyncV4PagePagination, AsyncV4PagePagination
-from ....._base_client import AsyncPaginator, make_request_options
-from .....types.zero_trust.dex import command_list_params, command_create_params
-from .....types.zero_trust.dex.command_list_response import CommandListResponse
-from .....types.zero_trust.dex.command_create_response import CommandCreateResponse
-
-__all__ = ["CommandsResource", "AsyncCommandsResource"]
-
-
-class CommandsResource(SyncAPIResource):
-    @cached_property
-    def downloads(self) -> DownloadsResource:
-        return DownloadsResource(self._client)
-
-    @cached_property
-    def quota(self) -> QuotaResource:
-        return QuotaResource(self._client)
-
-    @cached_property
-    def with_raw_response(self) -> CommandsResourceWithRawResponse:
-        """
-        This property can be used as a prefix for any HTTP method call to return the
-        the raw response object instead of the parsed content.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#accessing-raw-response-data-eg-headers
-        """
-        return CommandsResourceWithRawResponse(self)
-
-    @cached_property
-    def with_streaming_response(self) -> CommandsResourceWithStreamingResponse:
-        """
-        An alternative to `.with_raw_response` that doesn't eagerly read the response body.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#with_streaming_response
-        """
-        return CommandsResourceWithStreamingResponse(self)
-
-    def create(
-        self,
-        *,
-        account_id: str,
-        commands: Iterable[command_create_params.Command],
-        # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
-        # The extra values given here take precedence over values defined on the client or passed to this method.
-        extra_headers: Headers | None = None,
-        extra_query: Query | None = None,
-        extra_body: Body | None = None,
-        timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
-    ) -> Optional[CommandCreateResponse]:
-        """
-        Initiate commands for up to 10 devices per account
-
-        Args:
-          commands: List of device-level commands to execute
-
-          extra_headers: Send extra headers
-
-          extra_query: Add additional query parameters to the request
-
-          extra_body: Add additional JSON properties to the request
-
-          timeout: Override the client-level default timeout for this request, in seconds
-        """
-        if not account_id:
-            raise ValueError(f"Expected a non-empty value for `account_id` but received {account_id!r}")
-        return self._post(
-            f"/accounts/{account_id}/commands",
-            body=maybe_transform({"commands": commands}, command_create_params.CommandCreateParams),
-            options=make_request_options(
-                extra_headers=extra_headers,
-                extra_query=extra_query,
-                extra_body=extra_body,
-                timeout=timeout,
-                post_parser=ResultWrapper[Optional[CommandCreateResponse]]._unwrapper,
-            ),
-            cast_to=cast(Type[Optional[CommandCreateResponse]], ResultWrapper[CommandCreateResponse]),
-        )
-
-    def list(
-        self,
-        *,
-        account_id: str,
-        page: float,
-        per_page: float,
-        command_type: str | NotGiven = NOT_GIVEN,
-        device_id: str | NotGiven = NOT_GIVEN,
-        from_: Union[str, datetime] | NotGiven = NOT_GIVEN,
-        status: Literal["PENDING_EXEC", "PENDING_UPLOAD", "SUCCESS", "FAILED"] | NotGiven = NOT_GIVEN,
-        to: Union[str, datetime] | NotGiven = NOT_GIVEN,
-        user_email: str | NotGiven = NOT_GIVEN,
-        # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
-        # The extra values given here take precedence over values defined on the client or passed to this method.
-        extra_headers: Headers | None = None,
-        extra_query: Query | None = None,
-        extra_body: Body | None = None,
-        timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
-    ) -> SyncV4PagePagination[Optional[CommandListResponse]]:
-        """
-        Retrieves a paginated list of commands issued to devices under the specified
-        account, optionally filtered by time range, device, or other parameters
-
-        Args:
-          page: Page number for pagination
-
-          per_page: Number of results per page
-
-          command_type: Optionally filter executed commands by command type
-
-          device_id: Unique identifier for a device
-
-          from_: Start time for the query in ISO (RFC3339 - ISO 8601) format
-
-          status: Optionally filter executed commands by status
-
-          to: End time for the query in ISO (RFC3339 - ISO 8601) format
-
-          user_email: Email tied to the device
-
-          extra_headers: Send extra headers
-
-          extra_query: Add additional query parameters to the request
-
-          extra_body: Add additional JSON properties to the request
-
-          timeout: Override the client-level default timeout for this request, in seconds
-        """
-        if not account_id:
-            raise ValueError(f"Expected a non-empty value for `account_id` but received {account_id!r}")
-        return self._get_api_list(
-            f"/accounts/{account_id}/commands",
-            page=SyncV4PagePagination[Optional[CommandListResponse]],
-            options=make_request_options(
-                extra_headers=extra_headers,
-                extra_query=extra_query,
-                extra_body=extra_body,
-                timeout=timeout,
-                query=maybe_transform(
-                    {
-                        "page": page,
-                        "per_page": per_page,
-                        "command_type": command_type,
-                        "device_id": device_id,
-                        "from_": from_,
-                        "status": status,
-                        "to": to,
-                        "user_email": user_email,
-                    },
-                    command_list_params.CommandListParams,
-                ),
-            ),
-            model=CommandListResponse,
-        )
-
-
-class AsyncCommandsResource(AsyncAPIResource):
-    @cached_property
-    def downloads(self) -> AsyncDownloadsResource:
-        return AsyncDownloadsResource(self._client)
-
-    @cached_property
-    def quota(self) -> AsyncQuotaResource:
-        return AsyncQuotaResource(self._client)
-
-    @cached_property
-    def with_raw_response(self) -> AsyncCommandsResourceWithRawResponse:
-        """
-        This property can be used as a prefix for any HTTP method call to return the
-        the raw response object instead of the parsed content.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#accessing-raw-response-data-eg-headers
-        """
-        return AsyncCommandsResourceWithRawResponse(self)
-
-    @cached_property
-    def with_streaming_response(self) -> AsyncCommandsResourceWithStreamingResponse:
-        """
-        An alternative to `.with_raw_response` that doesn't eagerly read the response body.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#with_streaming_response
-        """
-        return AsyncCommandsResourceWithStreamingResponse(self)
-
-    async def create(
-        self,
-        *,
-        account_id: str,
-        commands: Iterable[command_create_params.Command],
-        # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
-        # The extra values given here take precedence over values defined on the client or passed to this method.
-        extra_headers: Headers | None = None,
-        extra_query: Query | None = None,
-        extra_body: Body | None = None,
-        timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
-    ) -> Optional[CommandCreateResponse]:
-        """
-        Initiate commands for up to 10 devices per account
-
-        Args:
-          commands: List of device-level commands to execute
-
-          extra_headers: Send extra headers
-
-          extra_query: Add additional query parameters to the request
-
-          extra_body: Add additional JSON properties to the request
-
-          timeout: Override the client-level default timeout for this request, in seconds
-        """
-        if not account_id:
-            raise ValueError(f"Expected a non-empty value for `account_id` but received {account_id!r}")
-        return await self._post(
-            f"/accounts/{account_id}/commands",
-            body=await async_maybe_transform({"commands": commands}, command_create_params.CommandCreateParams),
-            options=make_request_options(
-                extra_headers=extra_headers,
-                extra_query=extra_query,
-                extra_body=extra_body,
-                timeout=timeout,
-                post_parser=ResultWrapper[Optional[CommandCreateResponse]]._unwrapper,
-            ),
-            cast_to=cast(Type[Optional[CommandCreateResponse]], ResultWrapper[CommandCreateResponse]),
-        )
-
-    def list(
-        self,
-        *,
-        account_id: str,
-        page: float,
-        per_page: float,
-        command_type: str | NotGiven = NOT_GIVEN,
-        device_id: str | NotGiven = NOT_GIVEN,
-        from_: Union[str, datetime] | NotGiven = NOT_GIVEN,
-        status: Literal["PENDING_EXEC", "PENDING_UPLOAD", "SUCCESS", "FAILED"] | NotGiven = NOT_GIVEN,
-        to: Union[str, datetime] | NotGiven = NOT_GIVEN,
-        user_email: str | NotGiven = NOT_GIVEN,
-        # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
-        # The extra values given here take precedence over values defined on the client or passed to this method.
-        extra_headers: Headers | None = None,
-        extra_query: Query | None = None,
-        extra_body: Body | None = None,
-        timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
-    ) -> AsyncPaginator[Optional[CommandListResponse], AsyncV4PagePagination[Optional[CommandListResponse]]]:
-        """
-        Retrieves a paginated list of commands issued to devices under the specified
-        account, optionally filtered by time range, device, or other parameters
-
-        Args:
-          page: Page number for pagination
-
-          per_page: Number of results per page
-
-          command_type: Optionally filter executed commands by command type
-
-          device_id: Unique identifier for a device
-
-          from_: Start time for the query in ISO (RFC3339 - ISO 8601) format
-
-          status: Optionally filter executed commands by status
-
-          to: End time for the query in ISO (RFC3339 - ISO 8601) format
-
-          user_email: Email tied to the device
-
-          extra_headers: Send extra headers
-
-          extra_query: Add additional query parameters to the request
-
-          extra_body: Add additional JSON properties to the request
-
-          timeout: Override the client-level default timeout for this request, in seconds
-        """
-        if not account_id:
-            raise ValueError(f"Expected a non-empty value for `account_id` but received {account_id!r}")
-        return self._get_api_list(
-            f"/accounts/{account_id}/commands",
-            page=AsyncV4PagePagination[Optional[CommandListResponse]],
-            options=make_request_options(
-                extra_headers=extra_headers,
-                extra_query=extra_query,
-                extra_body=extra_body,
-                timeout=timeout,
-                query=maybe_transform(
-                    {
-                        "page": page,
-                        "per_page": per_page,
-                        "command_type": command_type,
-                        "device_id": device_id,
-                        "from_": from_,
-                        "status": status,
-                        "to": to,
-                        "user_email": user_email,
-                    },
-                    command_list_params.CommandListParams,
-                ),
-            ),
-            model=CommandListResponse,
-        )
-
-
-class CommandsResourceWithRawResponse:
-    def __init__(self, commands: CommandsResource) -> None:
-        self._commands = commands
-
-        self.create = to_raw_response_wrapper(
-            commands.create,
-        )
-        self.list = to_raw_response_wrapper(
-            commands.list,
-        )
-
-    @cached_property
-    def downloads(self) -> DownloadsResourceWithRawResponse:
-        return DownloadsResourceWithRawResponse(self._commands.downloads)
-
-    @cached_property
-    def quota(self) -> QuotaResourceWithRawResponse:
-        return QuotaResourceWithRawResponse(self._commands.quota)
-
-
-class AsyncCommandsResourceWithRawResponse:
-    def __init__(self, commands: AsyncCommandsResource) -> None:
-        self._commands = commands
-
-        self.create = async_to_raw_response_wrapper(
-            commands.create,
-        )
-        self.list = async_to_raw_response_wrapper(
-            commands.list,
-        )
-
-    @cached_property
-    def downloads(self) -> AsyncDownloadsResourceWithRawResponse:
-        return AsyncDownloadsResourceWithRawResponse(self._commands.downloads)
-
-    @cached_property
-    def quota(self) -> AsyncQuotaResourceWithRawResponse:
-        return AsyncQuotaResourceWithRawResponse(self._commands.quota)
-
-
-class CommandsResourceWithStreamingResponse:
-    def __init__(self, commands: CommandsResource) -> None:
-        self._commands = commands
-
-        self.create = to_streamed_response_wrapper(
-            commands.create,
-        )
-        self.list = to_streamed_response_wrapper(
-            commands.list,
-        )
-
-    @cached_property
-    def downloads(self) -> DownloadsResourceWithStreamingResponse:
-        return DownloadsResourceWithStreamingResponse(self._commands.downloads)
-
-    @cached_property
-    def quota(self) -> QuotaResourceWithStreamingResponse:
-        return QuotaResourceWithStreamingResponse(self._commands.quota)
-
-
-class AsyncCommandsResourceWithStreamingResponse:
-    def __init__(self, commands: AsyncCommandsResource) -> None:
-        self._commands = commands
-
-        self.create = async_to_streamed_response_wrapper(
-            commands.create,
-        )
-        self.list = async_to_streamed_response_wrapper(
-            commands.list,
-        )
-
-    @cached_property
-    def downloads(self) -> AsyncDownloadsResourceWithStreamingResponse:
-        return AsyncDownloadsResourceWithStreamingResponse(self._commands.downloads)
-
-    @cached_property
-    def quota(self) -> AsyncQuotaResourceWithStreamingResponse:
-        return AsyncQuotaResourceWithStreamingResponse(self._commands.quota)
diff --git a/src/cloudflare/resources/zero_trust/dex/commands/downloads.py b/src/cloudflare/resources/zero_trust/dex/commands/downloads.py
deleted file mode 100644
index 4baa6e25922..00000000000
--- a/src/cloudflare/resources/zero_trust/dex/commands/downloads.py
+++ /dev/null
@@ -1,190 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from __future__ import annotations
-
-import httpx
-
-from ....._types import NOT_GIVEN, Body, Query, Headers, NotGiven
-from ....._compat import cached_property
-from ....._resource import SyncAPIResource, AsyncAPIResource
-from ....._response import (
-    BinaryAPIResponse,
-    AsyncBinaryAPIResponse,
-    StreamedBinaryAPIResponse,
-    AsyncStreamedBinaryAPIResponse,
-    to_custom_raw_response_wrapper,
-    to_custom_streamed_response_wrapper,
-    async_to_custom_raw_response_wrapper,
-    async_to_custom_streamed_response_wrapper,
-)
-from ....._base_client import make_request_options
-
-__all__ = ["DownloadsResource", "AsyncDownloadsResource"]
-
-
-class DownloadsResource(SyncAPIResource):
-    @cached_property
-    def with_raw_response(self) -> DownloadsResourceWithRawResponse:
-        """
-        This property can be used as a prefix for any HTTP method call to return the
-        the raw response object instead of the parsed content.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#accessing-raw-response-data-eg-headers
-        """
-        return DownloadsResourceWithRawResponse(self)
-
-    @cached_property
-    def with_streaming_response(self) -> DownloadsResourceWithStreamingResponse:
-        """
-        An alternative to `.with_raw_response` that doesn't eagerly read the response body.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#with_streaming_response
-        """
-        return DownloadsResourceWithStreamingResponse(self)
-
-    def get(
-        self,
-        filename: str,
-        *,
-        account_id: str,
-        command_id: str,
-        # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
-        # The extra values given here take precedence over values defined on the client or passed to this method.
-        extra_headers: Headers | None = None,
-        extra_query: Query | None = None,
-        extra_body: Body | None = None,
-        timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
-    ) -> BinaryAPIResponse:
-        """Downloads artifacts for an executed command.
-
-        Bulk downloads are not supported
-
-        Args:
-          command_id: Unique identifier for a command
-
-          extra_headers: Send extra headers
-
-          extra_query: Add additional query parameters to the request
-
-          extra_body: Add additional JSON properties to the request
-
-          timeout: Override the client-level default timeout for this request, in seconds
-        """
-        if not account_id:
-            raise ValueError(f"Expected a non-empty value for `account_id` but received {account_id!r}")
-        if not command_id:
-            raise ValueError(f"Expected a non-empty value for `command_id` but received {command_id!r}")
-        if not filename:
-            raise ValueError(f"Expected a non-empty value for `filename` but received {filename!r}")
-        extra_headers = {"Accept": "application/zip", **(extra_headers or {})}
-        return self._get(
-            f"/accounts/{account_id}/commands/{command_id}/downloads/{filename}",
-            options=make_request_options(
-                extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
-            ),
-            cast_to=BinaryAPIResponse,
-        )
-
-
-class AsyncDownloadsResource(AsyncAPIResource):
-    @cached_property
-    def with_raw_response(self) -> AsyncDownloadsResourceWithRawResponse:
-        """
-        This property can be used as a prefix for any HTTP method call to return the
-        the raw response object instead of the parsed content.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#accessing-raw-response-data-eg-headers
-        """
-        return AsyncDownloadsResourceWithRawResponse(self)
-
-    @cached_property
-    def with_streaming_response(self) -> AsyncDownloadsResourceWithStreamingResponse:
-        """
-        An alternative to `.with_raw_response` that doesn't eagerly read the response body.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#with_streaming_response
-        """
-        return AsyncDownloadsResourceWithStreamingResponse(self)
-
-    async def get(
-        self,
-        filename: str,
-        *,
-        account_id: str,
-        command_id: str,
-        # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
-        # The extra values given here take precedence over values defined on the client or passed to this method.
-        extra_headers: Headers | None = None,
-        extra_query: Query | None = None,
-        extra_body: Body | None = None,
-        timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
-    ) -> AsyncBinaryAPIResponse:
-        """Downloads artifacts for an executed command.
-
-        Bulk downloads are not supported
-
-        Args:
-          command_id: Unique identifier for a command
-
-          extra_headers: Send extra headers
-
-          extra_query: Add additional query parameters to the request
-
-          extra_body: Add additional JSON properties to the request
-
-          timeout: Override the client-level default timeout for this request, in seconds
-        """
-        if not account_id:
-            raise ValueError(f"Expected a non-empty value for `account_id` but received {account_id!r}")
-        if not command_id:
-            raise ValueError(f"Expected a non-empty value for `command_id` but received {command_id!r}")
-        if not filename:
-            raise ValueError(f"Expected a non-empty value for `filename` but received {filename!r}")
-        extra_headers = {"Accept": "application/zip", **(extra_headers or {})}
-        return await self._get(
-            f"/accounts/{account_id}/commands/{command_id}/downloads/{filename}",
-            options=make_request_options(
-                extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
-            ),
-            cast_to=AsyncBinaryAPIResponse,
-        )
-
-
-class DownloadsResourceWithRawResponse:
-    def __init__(self, downloads: DownloadsResource) -> None:
-        self._downloads = downloads
-
-        self.get = to_custom_raw_response_wrapper(
-            downloads.get,
-            BinaryAPIResponse,
-        )
-
-
-class AsyncDownloadsResourceWithRawResponse:
-    def __init__(self, downloads: AsyncDownloadsResource) -> None:
-        self._downloads = downloads
-
-        self.get = async_to_custom_raw_response_wrapper(
-            downloads.get,
-            AsyncBinaryAPIResponse,
-        )
-
-
-class DownloadsResourceWithStreamingResponse:
-    def __init__(self, downloads: DownloadsResource) -> None:
-        self._downloads = downloads
-
-        self.get = to_custom_streamed_response_wrapper(
-            downloads.get,
-            StreamedBinaryAPIResponse,
-        )
-
-
-class AsyncDownloadsResourceWithStreamingResponse:
-    def __init__(self, downloads: AsyncDownloadsResource) -> None:
-        self._downloads = downloads
-
-        self.get = async_to_custom_streamed_response_wrapper(
-            downloads.get,
-            AsyncStreamedBinaryAPIResponse,
-        )
diff --git a/src/cloudflare/resources/zero_trust/dex/commands/quota.py b/src/cloudflare/resources/zero_trust/dex/commands/quota.py
deleted file mode 100644
index f16c78b78ce..00000000000
--- a/src/cloudflare/resources/zero_trust/dex/commands/quota.py
+++ /dev/null
@@ -1,176 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from __future__ import annotations
-
-from typing import Type, Optional, cast
-
-import httpx
-
-from ....._types import NOT_GIVEN, Body, Query, Headers, NotGiven
-from ....._compat import cached_property
-from ....._resource import SyncAPIResource, AsyncAPIResource
-from ....._response import (
-    to_raw_response_wrapper,
-    to_streamed_response_wrapper,
-    async_to_raw_response_wrapper,
-    async_to_streamed_response_wrapper,
-)
-from ....._wrappers import ResultWrapper
-from ....._base_client import make_request_options
-from .....types.zero_trust.dex.commands.quota_get_response import QuotaGetResponse
-
-__all__ = ["QuotaResource", "AsyncQuotaResource"]
-
-
-class QuotaResource(SyncAPIResource):
-    @cached_property
-    def with_raw_response(self) -> QuotaResourceWithRawResponse:
-        """
-        This property can be used as a prefix for any HTTP method call to return the
-        the raw response object instead of the parsed content.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#accessing-raw-response-data-eg-headers
-        """
-        return QuotaResourceWithRawResponse(self)
-
-    @cached_property
-    def with_streaming_response(self) -> QuotaResourceWithStreamingResponse:
-        """
-        An alternative to `.with_raw_response` that doesn't eagerly read the response body.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#with_streaming_response
-        """
-        return QuotaResourceWithStreamingResponse(self)
-
-    def get(
-        self,
-        *,
-        account_id: str,
-        # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
-        # The extra values given here take precedence over values defined on the client or passed to this method.
-        extra_headers: Headers | None = None,
-        extra_query: Query | None = None,
-        extra_body: Body | None = None,
-        timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
-    ) -> Optional[QuotaGetResponse]:
-        """
-        Retrieves the current quota usage and limits for device commands within a
-        specific account, including the time when the quota will reset
-
-        Args:
-          extra_headers: Send extra headers
-
-          extra_query: Add additional query parameters to the request
-
-          extra_body: Add additional JSON properties to the request
-
-          timeout: Override the client-level default timeout for this request, in seconds
-        """
-        if not account_id:
-            raise ValueError(f"Expected a non-empty value for `account_id` but received {account_id!r}")
-        return self._get(
-            f"/accounts/{account_id}/commands/quota",
-            options=make_request_options(
-                extra_headers=extra_headers,
-                extra_query=extra_query,
-                extra_body=extra_body,
-                timeout=timeout,
-                post_parser=ResultWrapper[Optional[QuotaGetResponse]]._unwrapper,
-            ),
-            cast_to=cast(Type[Optional[QuotaGetResponse]], ResultWrapper[QuotaGetResponse]),
-        )
-
-
-class AsyncQuotaResource(AsyncAPIResource):
-    @cached_property
-    def with_raw_response(self) -> AsyncQuotaResourceWithRawResponse:
-        """
-        This property can be used as a prefix for any HTTP method call to return the
-        the raw response object instead of the parsed content.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#accessing-raw-response-data-eg-headers
-        """
-        return AsyncQuotaResourceWithRawResponse(self)
-
-    @cached_property
-    def with_streaming_response(self) -> AsyncQuotaResourceWithStreamingResponse:
-        """
-        An alternative to `.with_raw_response` that doesn't eagerly read the response body.
-
-        For more information, see https://www.github.com/cloudflare/cloudflare-python#with_streaming_response
-        """
-        return AsyncQuotaResourceWithStreamingResponse(self)
-
-    async def get(
-        self,
-        *,
-        account_id: str,
-        # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
-        # The extra values given here take precedence over values defined on the client or passed to this method.
-        extra_headers: Headers | None = None,
-        extra_query: Query | None = None,
-        extra_body: Body | None = None,
-        timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
-    ) -> Optional[QuotaGetResponse]:
-        """
-        Retrieves the current quota usage and limits for device commands within a
-        specific account, including the time when the quota will reset
-
-        Args:
-          extra_headers: Send extra headers
-
-          extra_query: Add additional query parameters to the request
-
-          extra_body: Add additional JSON properties to the request
-
-          timeout: Override the client-level default timeout for this request, in seconds
-        """
-        if not account_id:
-            raise ValueError(f"Expected a non-empty value for `account_id` but received {account_id!r}")
-        return await self._get(
-            f"/accounts/{account_id}/commands/quota",
-            options=make_request_options(
-                extra_headers=extra_headers,
-                extra_query=extra_query,
-                extra_body=extra_body,
-                timeout=timeout,
-                post_parser=ResultWrapper[Optional[QuotaGetResponse]]._unwrapper,
-            ),
-            cast_to=cast(Type[Optional[QuotaGetResponse]], ResultWrapper[QuotaGetResponse]),
-        )
-
-
-class QuotaResourceWithRawResponse:
-    def __init__(self, quota: QuotaResource) -> None:
-        self._quota = quota
-
-        self.get = to_raw_response_wrapper(
-            quota.get,
-        )
-
-
-class AsyncQuotaResourceWithRawResponse:
-    def __init__(self, quota: AsyncQuotaResource) -> None:
-        self._quota = quota
-
-        self.get = async_to_raw_response_wrapper(
-            quota.get,
-        )
-
-
-class QuotaResourceWithStreamingResponse:
-    def __init__(self, quota: QuotaResource) -> None:
-        self._quota = quota
-
-        self.get = to_streamed_response_wrapper(
-            quota.get,
-        )
-
-
-class AsyncQuotaResourceWithStreamingResponse:
-    def __init__(self, quota: AsyncQuotaResource) -> None:
-        self._quota = quota
-
-        self.get = async_to_streamed_response_wrapper(
-            quota.get,
-        )
diff --git a/src/cloudflare/resources/zero_trust/dex/dex.py b/src/cloudflare/resources/zero_trust/dex/dex.py
index c8f838301e9..654a940a2a3 100644
--- a/src/cloudflare/resources/zero_trust/dex/dex.py
+++ b/src/cloudflare/resources/zero_trust/dex/dex.py
@@ -18,14 +18,6 @@
     TestsResourceWithStreamingResponse,
     AsyncTestsResourceWithStreamingResponse,
 )
-from .commands import (
-    CommandsResource,
-    AsyncCommandsResource,
-    CommandsResourceWithRawResponse,
-    AsyncCommandsResourceWithRawResponse,
-    CommandsResourceWithStreamingResponse,
-    AsyncCommandsResourceWithStreamingResponse,
-)
 from ...._compat import cached_property
 from .http_tests import (
     HTTPTestsResource,
@@ -53,7 +45,6 @@
     TracerouteTestsResourceWithStreamingResponse,
     AsyncTracerouteTestsResourceWithStreamingResponse,
 )
-from .commands.commands import CommandsResource, AsyncCommandsResource
 from .http_tests.http_tests import HTTPTestsResource, AsyncHTTPTestsResource
 from .traceroute_test_results import (
     TracerouteTestResultsResource,
@@ -73,10 +64,6 @@
 
 
 class DEXResource(SyncAPIResource):
-    @cached_property
-    def commands(self) -> CommandsResource:
-        return CommandsResource(self._client)
-
     @cached_property
     def colos(self) -> ColosResource:
         return ColosResource(self._client)
@@ -122,10 +109,6 @@ def with_streaming_response(self) -> DEXResourceWithStreamingResponse:
 
 
 class AsyncDEXResource(AsyncAPIResource):
-    @cached_property
-    def commands(self) -> AsyncCommandsResource:
-        return AsyncCommandsResource(self._client)
-
     @cached_property
     def colos(self) -> AsyncColosResource:
         return AsyncColosResource(self._client)
@@ -174,10 +157,6 @@ class DEXResourceWithRawResponse:
     def __init__(self, dex: DEXResource) -> None:
         self._dex = dex
 
-    @cached_property
-    def commands(self) -> CommandsResourceWithRawResponse:
-        return CommandsResourceWithRawResponse(self._dex.commands)
-
     @cached_property
     def colos(self) -> ColosResourceWithRawResponse:
         return ColosResourceWithRawResponse(self._dex.colos)
@@ -207,10 +186,6 @@ class AsyncDEXResourceWithRawResponse:
     def __init__(self, dex: AsyncDEXResource) -> None:
         self._dex = dex
 
-    @cached_property
-    def commands(self) -> AsyncCommandsResourceWithRawResponse:
-        return AsyncCommandsResourceWithRawResponse(self._dex.commands)
-
     @cached_property
     def colos(self) -> AsyncColosResourceWithRawResponse:
         return AsyncColosResourceWithRawResponse(self._dex.colos)
@@ -240,10 +215,6 @@ class DEXResourceWithStreamingResponse:
     def __init__(self, dex: DEXResource) -> None:
         self._dex = dex
 
-    @cached_property
-    def commands(self) -> CommandsResourceWithStreamingResponse:
-        return CommandsResourceWithStreamingResponse(self._dex.commands)
-
     @cached_property
     def colos(self) -> ColosResourceWithStreamingResponse:
         return ColosResourceWithStreamingResponse(self._dex.colos)
@@ -273,10 +244,6 @@ class AsyncDEXResourceWithStreamingResponse:
     def __init__(self, dex: AsyncDEXResource) -> None:
         self._dex = dex
 
-    @cached_property
-    def commands(self) -> AsyncCommandsResourceWithStreamingResponse:
-        return AsyncCommandsResourceWithStreamingResponse(self._dex.commands)
-
     @cached_property
     def colos(self) -> AsyncColosResourceWithStreamingResponse:
         return AsyncColosResourceWithStreamingResponse(self._dex.colos)
diff --git a/src/cloudflare/resources/zero_trust/gateway/lists/lists.py b/src/cloudflare/resources/zero_trust/gateway/lists/lists.py
index db84089871a..324a7de6194 100644
--- a/src/cloudflare/resources/zero_trust/gateway/lists/lists.py
+++ b/src/cloudflare/resources/zero_trust/gateway/lists/lists.py
@@ -128,6 +128,7 @@ def update(
         account_id: str,
         name: str,
         description: str | NotGiven = NOT_GIVEN,
+        items: Iterable[GatewayItemParam] | NotGiven = NOT_GIVEN,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -135,8 +136,10 @@ def update(
         extra_body: Body | None = None,
         timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
     ) -> Optional[GatewayList]:
-        """
-        Updates a configured Zero Trust list.
+        """Updates a configured Zero Trust list.
+
+        Skips updating list items if not included
+        in the payload.
 
         Args:
           list_id: API Resource UUID tag.
@@ -145,6 +148,8 @@ def update(
 
           description: The description of the list.
 
+          items: The items in the list.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -163,6 +168,7 @@ def update(
                 {
                     "name": name,
                     "description": description,
+                    "items": items,
                 },
                 list_update_params.ListUpdateParams,
             ),
@@ -446,6 +452,7 @@ async def update(
         account_id: str,
         name: str,
         description: str | NotGiven = NOT_GIVEN,
+        items: Iterable[GatewayItemParam] | NotGiven = NOT_GIVEN,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -453,8 +460,10 @@ async def update(
         extra_body: Body | None = None,
         timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
     ) -> Optional[GatewayList]:
-        """
-        Updates a configured Zero Trust list.
+        """Updates a configured Zero Trust list.
+
+        Skips updating list items if not included
+        in the payload.
 
         Args:
           list_id: API Resource UUID tag.
@@ -463,6 +472,8 @@ async def update(
 
           description: The description of the list.
 
+          items: The items in the list.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -481,6 +492,7 @@ async def update(
                 {
                     "name": name,
                     "description": description,
+                    "items": items,
                 },
                 list_update_params.ListUpdateParams,
             ),
diff --git a/src/cloudflare/resources/zones/holds.py b/src/cloudflare/resources/zones/holds.py
index 890ce0319b9..38fbee1a43f 100644
--- a/src/cloudflare/resources/zones/holds.py
+++ b/src/cloudflare/resources/zones/holds.py
@@ -2,7 +2,7 @@
 
 from __future__ import annotations
 
-from typing import Type, Optional, cast
+from typing import Type, cast
 
 import httpx
 
@@ -105,7 +105,7 @@ def delete(
         extra_query: Query | None = None,
         extra_body: Body | None = None,
         timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
-    ) -> Optional[ZoneHold]:
+    ) -> ZoneHold:
         """
         Stop enforcement of a zone hold on the zone, permanently or temporarily,
         allowing the creation and activation of zones with this zone's hostname.
@@ -135,9 +135,9 @@ def delete(
                 extra_body=extra_body,
                 timeout=timeout,
                 query=maybe_transform({"hold_after": hold_after}, hold_delete_params.HoldDeleteParams),
-                post_parser=ResultWrapper[Optional[ZoneHold]]._unwrapper,
+                post_parser=ResultWrapper[ZoneHold]._unwrapper,
             ),
-            cast_to=cast(Type[Optional[ZoneHold]], ResultWrapper[ZoneHold]),
+            cast_to=cast(Type[ZoneHold], ResultWrapper[ZoneHold]),
         )
 
     def get(
@@ -261,7 +261,7 @@ async def delete(
         extra_query: Query | None = None,
         extra_body: Body | None = None,
         timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN,
-    ) -> Optional[ZoneHold]:
+    ) -> ZoneHold:
         """
         Stop enforcement of a zone hold on the zone, permanently or temporarily,
         allowing the creation and activation of zones with this zone's hostname.
@@ -291,9 +291,9 @@ async def delete(
                 extra_body=extra_body,
                 timeout=timeout,
                 query=await async_maybe_transform({"hold_after": hold_after}, hold_delete_params.HoldDeleteParams),
-                post_parser=ResultWrapper[Optional[ZoneHold]]._unwrapper,
+                post_parser=ResultWrapper[ZoneHold]._unwrapper,
             ),
-            cast_to=cast(Type[Optional[ZoneHold]], ResultWrapper[ZoneHold]),
+            cast_to=cast(Type[ZoneHold], ResultWrapper[ZoneHold]),
         )
 
     async def get(
diff --git a/src/cloudflare/types/accounts/token_create_params.py b/src/cloudflare/types/accounts/token_create_params.py
index aca51228744..e94512a93f9 100644
--- a/src/cloudflare/types/accounts/token_create_params.py
+++ b/src/cloudflare/types/accounts/token_create_params.py
@@ -50,5 +50,5 @@ class ConditionRequestIP(_ConditionRequestIPReservedKeywords, total=False):
 
 
 class Condition(TypedDict, total=False):
-    request_ip: Annotated[ConditionRequestIP, PropertyInfo(alias="request.ip")]
+    request_ip: ConditionRequestIP
     """Client IP restrictions."""
diff --git a/src/cloudflare/types/accounts/token_create_response.py b/src/cloudflare/types/accounts/token_create_response.py
index cfc75aba10c..baad5983f71 100644
--- a/src/cloudflare/types/accounts/token_create_response.py
+++ b/src/cloudflare/types/accounts/token_create_response.py
@@ -23,7 +23,7 @@ class ConditionRequestIP(BaseModel):
 
 
 class Condition(BaseModel):
-    request_ip: Optional[ConditionRequestIP] = FieldInfo(alias="request.ip", default=None)
+    request_ip: Optional[ConditionRequestIP] = None
     """Client IP restrictions."""
 
 
diff --git a/src/cloudflare/types/accounts/token_update_params.py b/src/cloudflare/types/accounts/token_update_params.py
index 297d40fffd3..fe7ed0cf440 100644
--- a/src/cloudflare/types/accounts/token_update_params.py
+++ b/src/cloudflare/types/accounts/token_update_params.py
@@ -53,5 +53,5 @@ class ConditionRequestIP(_ConditionRequestIPReservedKeywords, total=False):
 
 
 class Condition(TypedDict, total=False):
-    request_ip: Annotated[ConditionRequestIP, PropertyInfo(alias="request.ip")]
+    request_ip: ConditionRequestIP
     """Client IP restrictions."""
diff --git a/src/cloudflare/types/magic_transit/sites/wan.py b/src/cloudflare/types/magic_transit/sites/wan.py
index 1148e9f087f..dc8378ae312 100644
--- a/src/cloudflare/types/magic_transit/sites/wan.py
+++ b/src/cloudflare/types/magic_transit/sites/wan.py
@@ -1,6 +1,7 @@
 # File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
 
 from typing import Optional
+from typing_extensions import Literal
 
 from ...._models import BaseModel
 from .wan_static_addressing import WANStaticAddressing
@@ -12,6 +13,12 @@ class WAN(BaseModel):
     id: Optional[str] = None
     """Identifier"""
 
+    health_check_rate: Optional[Literal["low", "mid", "high"]] = None
+    """Magic WAN health check rate for tunnels created on this link.
+
+    The default value is `mid`.
+    """
+
     name: Optional[str] = None
 
     physport: Optional[int] = None
diff --git a/src/cloudflare/types/page_rules/page_rule.py b/src/cloudflare/types/page_rules/page_rule.py
index 3792ea151f9..64a7fa0508c 100644
--- a/src/cloudflare/types/page_rules/page_rule.py
+++ b/src/cloudflare/types/page_rules/page_rule.py
@@ -1,6 +1,6 @@
 # File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
 
-from typing import List, Union, Optional
+from typing import Dict, List, Union, Optional
 from datetime import datetime
 from typing_extensions import Literal, Annotated, TypeAlias
 
@@ -32,14 +32,15 @@
     "ActionBypassCacheOnCookie",
     "ActionCacheByDeviceType",
     "ActionCacheDeceptionArmor",
-    "ActionCacheKey",
-    "ActionCacheKeyValue",
-    "ActionCacheKeyValueCookie",
-    "ActionCacheKeyValueHeader",
-    "ActionCacheKeyValueHost",
-    "ActionCacheKeyValueQueryString",
-    "ActionCacheKeyValueUser",
+    "ActionCacheKeyFields",
+    "ActionCacheKeyFieldsValue",
+    "ActionCacheKeyFieldsValueCookie",
+    "ActionCacheKeyFieldsValueHeader",
+    "ActionCacheKeyFieldsValueHost",
+    "ActionCacheKeyFieldsValueQueryString",
+    "ActionCacheKeyFieldsValueUser",
     "ActionCacheOnCookie",
+    "ActionCacheTTLByStatus",
     "ActionDisableApps",
     "ActionDisablePerformance",
     "ActionDisableSecurity",
@@ -90,7 +91,7 @@ class ActionCacheDeceptionArmor(BaseModel):
     """The status of Cache Deception Armor."""
 
 
-class ActionCacheKeyValueCookie(BaseModel):
+class ActionCacheKeyFieldsValueCookie(BaseModel):
     check_presence: Optional[List[str]] = None
     """
     A list of cookies to check for the presence of, without including their actual
@@ -101,7 +102,7 @@ class ActionCacheKeyValueCookie(BaseModel):
     """A list of cookies to include."""
 
 
-class ActionCacheKeyValueHeader(BaseModel):
+class ActionCacheKeyFieldsValueHeader(BaseModel):
     check_presence: Optional[List[str]] = None
     """
     A list of headers to check for the presence of, without including their actual
@@ -115,12 +116,12 @@ class ActionCacheKeyValueHeader(BaseModel):
     """A list of headers to include."""
 
 
-class ActionCacheKeyValueHost(BaseModel):
+class ActionCacheKeyFieldsValueHost(BaseModel):
     resolved: Optional[bool] = None
     """Whether to include the Host header in the HTTP request sent to the origin."""
 
 
-class ActionCacheKeyValueQueryString(BaseModel):
+class ActionCacheKeyFieldsValueQueryString(BaseModel):
     exclude: Union[Literal["*"], List[str], None] = None
     """Ignore all query string parameters."""
 
@@ -128,7 +129,7 @@ class ActionCacheKeyValueQueryString(BaseModel):
     """Include all query string parameters."""
 
 
-class ActionCacheKeyValueUser(BaseModel):
+class ActionCacheKeyFieldsValueUser(BaseModel):
     device_type: Optional[bool] = None
     """
     Classifies a request as `mobile`, `desktop`, or `tablet` based on the User
@@ -145,38 +146,38 @@ class ActionCacheKeyValueUser(BaseModel):
     """
 
 
-class ActionCacheKeyValue(BaseModel):
-    cookie: Optional[ActionCacheKeyValueCookie] = None
+class ActionCacheKeyFieldsValue(BaseModel):
+    cookie: Optional[ActionCacheKeyFieldsValueCookie] = None
     """Controls which cookies appear in the Cache Key."""
 
-    header: Optional[ActionCacheKeyValueHeader] = None
+    header: Optional[ActionCacheKeyFieldsValueHeader] = None
     """Controls which headers go into the Cache Key.
 
     Exactly one of `include` or `exclude` is expected.
     """
 
-    host: Optional[ActionCacheKeyValueHost] = None
+    host: Optional[ActionCacheKeyFieldsValueHost] = None
     """Determines which host header to include in the Cache Key."""
 
-    query_string: Optional[ActionCacheKeyValueQueryString] = None
+    query_string: Optional[ActionCacheKeyFieldsValueQueryString] = None
     """Controls which URL query string parameters go into the Cache Key.
 
     Exactly one of `include` or `exclude` is expected.
     """
 
-    user: Optional[ActionCacheKeyValueUser] = None
+    user: Optional[ActionCacheKeyFieldsValueUser] = None
     """Feature fields to add features about the end-user (client) into the Cache Key."""
 
 
-class ActionCacheKey(BaseModel):
-    id: Optional[Literal["cache_key"]] = None
+class ActionCacheKeyFields(BaseModel):
+    id: Optional[Literal["cache_key_fields"]] = None
     """
     Control specifically what variables to include when deciding which resources to
     cache. This allows customers to determine what to cache based on something other
     than just the URL.
     """
 
-    value: Optional[ActionCacheKeyValue] = None
+    value: Optional[ActionCacheKeyFieldsValue] = None
 
 
 class ActionCacheOnCookie(BaseModel):
@@ -190,6 +191,36 @@ class ActionCacheOnCookie(BaseModel):
     """The regular expression to use for matching cookie names in the request."""
 
 
+class ActionCacheTTLByStatus(BaseModel):
+    id: Optional[Literal["cache_ttl_by_status"]] = None
+    """
+    Enterprise customers can set cache time-to-live (TTL) based on the response
+    status from the origin web server. Cache TTL refers to the duration of a
+    resource in the Cloudflare network before being marked as stale or discarded
+    from cache. Status codes are returned by a resource's origin. Setting cache TTL
+    based on response status overrides the default cache behavior (standard caching)
+    for static files and overrides cache instructions sent by the origin web server.
+    To cache non-static assets, set a Cache Level of Cache Everything using a Page
+    Rule. Setting no-store Cache-Control or a low TTL (using `max-age`/`s-maxage`)
+    increases requests to origin web servers and decreases performance.
+    """
+
+    value: Optional[Dict[str, Union[Literal["no-cache", "no-store"], int]]] = None
+    """
+    A JSON object containing status codes and their corresponding TTLs. Each
+    key-value pair in the cache TTL by status cache rule has the following syntax
+
+    - `status_code`: An integer value such as 200 or 500. status_code matches the
+      exact status code from the origin web server. Valid status codes are between
+      100-999.
+    - `status_code_range`: Integer values for from and to. status_code_range matches
+      any status code from the origin web server within the specified range.
+    - `value`: An integer value that defines the duration an asset is valid in
+      seconds or one of the following strings: no-store (equivalent to -1), no-cache
+      (equivalent to 0).
+    """
+
+
 class ActionDisableApps(BaseModel):
     id: Optional[Literal["disable_apps"]] = None
     """
@@ -309,9 +340,10 @@ class ActionRespectStrongEtag(BaseModel):
         ActionBypassCacheOnCookie,
         ActionCacheByDeviceType,
         ActionCacheDeceptionArmor,
-        ActionCacheKey,
+        ActionCacheKeyFields,
         CacheLevel,
         ActionCacheOnCookie,
+        ActionCacheTTLByStatus,
         ActionDisableApps,
         ActionDisablePerformance,
         ActionDisableSecurity,
diff --git a/src/cloudflare/types/page_rules/page_rule_create_params.py b/src/cloudflare/types/page_rules/page_rule_create_params.py
index 7a3dbc4fcf9..9a137919711 100644
--- a/src/cloudflare/types/page_rules/page_rule_create_params.py
+++ b/src/cloudflare/types/page_rules/page_rule_create_params.py
@@ -2,7 +2,7 @@
 
 from __future__ import annotations
 
-from typing import List, Union, Iterable
+from typing import Dict, List, Union, Iterable
 from typing_extensions import Literal, Required, TypeAlias, TypedDict
 
 from .target_param import TargetParam
@@ -31,14 +31,15 @@
     "ActionBypassCacheOnCookie",
     "ActionCacheByDeviceType",
     "ActionCacheDeceptionArmor",
-    "ActionCacheKey",
-    "ActionCacheKeyValue",
-    "ActionCacheKeyValueCookie",
-    "ActionCacheKeyValueHeader",
-    "ActionCacheKeyValueHost",
-    "ActionCacheKeyValueQueryString",
-    "ActionCacheKeyValueUser",
+    "ActionCacheKeyFields",
+    "ActionCacheKeyFieldsValue",
+    "ActionCacheKeyFieldsValueCookie",
+    "ActionCacheKeyFieldsValueHeader",
+    "ActionCacheKeyFieldsValueHost",
+    "ActionCacheKeyFieldsValueQueryString",
+    "ActionCacheKeyFieldsValueUser",
     "ActionCacheOnCookie",
+    "ActionCacheTTLByStatus",
     "ActionDisableApps",
     "ActionDisablePerformance",
     "ActionDisableSecurity",
@@ -115,7 +116,7 @@ class ActionCacheDeceptionArmor(TypedDict, total=False):
     """The status of Cache Deception Armor."""
 
 
-class ActionCacheKeyValueCookie(TypedDict, total=False):
+class ActionCacheKeyFieldsValueCookie(TypedDict, total=False):
     check_presence: List[str]
     """
     A list of cookies to check for the presence of, without including their actual
@@ -126,7 +127,7 @@ class ActionCacheKeyValueCookie(TypedDict, total=False):
     """A list of cookies to include."""
 
 
-class ActionCacheKeyValueHeader(TypedDict, total=False):
+class ActionCacheKeyFieldsValueHeader(TypedDict, total=False):
     check_presence: List[str]
     """
     A list of headers to check for the presence of, without including their actual
@@ -140,12 +141,12 @@ class ActionCacheKeyValueHeader(TypedDict, total=False):
     """A list of headers to include."""
 
 
-class ActionCacheKeyValueHost(TypedDict, total=False):
+class ActionCacheKeyFieldsValueHost(TypedDict, total=False):
     resolved: bool
     """Whether to include the Host header in the HTTP request sent to the origin."""
 
 
-class ActionCacheKeyValueQueryString(TypedDict, total=False):
+class ActionCacheKeyFieldsValueQueryString(TypedDict, total=False):
     exclude: Union[Literal["*"], List[str]]
     """Ignore all query string parameters."""
 
@@ -153,7 +154,7 @@ class ActionCacheKeyValueQueryString(TypedDict, total=False):
     """Include all query string parameters."""
 
 
-class ActionCacheKeyValueUser(TypedDict, total=False):
+class ActionCacheKeyFieldsValueUser(TypedDict, total=False):
     device_type: bool
     """
     Classifies a request as `mobile`, `desktop`, or `tablet` based on the User
@@ -170,38 +171,38 @@ class ActionCacheKeyValueUser(TypedDict, total=False):
     """
 
 
-class ActionCacheKeyValue(TypedDict, total=False):
-    cookie: ActionCacheKeyValueCookie
+class ActionCacheKeyFieldsValue(TypedDict, total=False):
+    cookie: ActionCacheKeyFieldsValueCookie
     """Controls which cookies appear in the Cache Key."""
 
-    header: ActionCacheKeyValueHeader
+    header: ActionCacheKeyFieldsValueHeader
     """Controls which headers go into the Cache Key.
 
     Exactly one of `include` or `exclude` is expected.
     """
 
-    host: ActionCacheKeyValueHost
+    host: ActionCacheKeyFieldsValueHost
     """Determines which host header to include in the Cache Key."""
 
-    query_string: ActionCacheKeyValueQueryString
+    query_string: ActionCacheKeyFieldsValueQueryString
     """Controls which URL query string parameters go into the Cache Key.
 
     Exactly one of `include` or `exclude` is expected.
     """
 
-    user: ActionCacheKeyValueUser
+    user: ActionCacheKeyFieldsValueUser
     """Feature fields to add features about the end-user (client) into the Cache Key."""
 
 
-class ActionCacheKey(TypedDict, total=False):
-    id: Literal["cache_key"]
+class ActionCacheKeyFields(TypedDict, total=False):
+    id: Literal["cache_key_fields"]
     """
     Control specifically what variables to include when deciding which resources to
     cache. This allows customers to determine what to cache based on something other
     than just the URL.
     """
 
-    value: ActionCacheKeyValue
+    value: ActionCacheKeyFieldsValue
 
 
 class ActionCacheOnCookie(TypedDict, total=False):
@@ -215,6 +216,36 @@ class ActionCacheOnCookie(TypedDict, total=False):
     """The regular expression to use for matching cookie names in the request."""
 
 
+class ActionCacheTTLByStatus(TypedDict, total=False):
+    id: Literal["cache_ttl_by_status"]
+    """
+    Enterprise customers can set cache time-to-live (TTL) based on the response
+    status from the origin web server. Cache TTL refers to the duration of a
+    resource in the Cloudflare network before being marked as stale or discarded
+    from cache. Status codes are returned by a resource's origin. Setting cache TTL
+    based on response status overrides the default cache behavior (standard caching)
+    for static files and overrides cache instructions sent by the origin web server.
+    To cache non-static assets, set a Cache Level of Cache Everything using a Page
+    Rule. Setting no-store Cache-Control or a low TTL (using `max-age`/`s-maxage`)
+    increases requests to origin web servers and decreases performance.
+    """
+
+    value: Dict[str, Union[Literal["no-cache", "no-store"], int]]
+    """
+    A JSON object containing status codes and their corresponding TTLs. Each
+    key-value pair in the cache TTL by status cache rule has the following syntax
+
+    - `status_code`: An integer value such as 200 or 500. status_code matches the
+      exact status code from the origin web server. Valid status codes are between
+      100-999.
+    - `status_code_range`: Integer values for from and to. status_code_range matches
+      any status code from the origin web server within the specified range.
+    - `value`: An integer value that defines the duration an asset is valid in
+      seconds or one of the following strings: no-store (equivalent to -1), no-cache
+      (equivalent to 0).
+    """
+
+
 class ActionDisableApps(TypedDict, total=False):
     id: Literal["disable_apps"]
     """
@@ -333,9 +364,10 @@ class ActionRespectStrongEtag(TypedDict, total=False):
     ActionBypassCacheOnCookie,
     ActionCacheByDeviceType,
     ActionCacheDeceptionArmor,
-    ActionCacheKey,
+    ActionCacheKeyFields,
     CacheLevelParam,
     ActionCacheOnCookie,
+    ActionCacheTTLByStatus,
     ActionDisableApps,
     ActionDisablePerformance,
     ActionDisableSecurity,
diff --git a/src/cloudflare/types/page_rules/page_rule_edit_params.py b/src/cloudflare/types/page_rules/page_rule_edit_params.py
index fe7c599ea02..ea3b103842d 100644
--- a/src/cloudflare/types/page_rules/page_rule_edit_params.py
+++ b/src/cloudflare/types/page_rules/page_rule_edit_params.py
@@ -2,7 +2,7 @@
 
 from __future__ import annotations
 
-from typing import List, Union, Iterable
+from typing import Dict, List, Union, Iterable
 from typing_extensions import Literal, Required, TypeAlias, TypedDict
 
 from .target_param import TargetParam
@@ -31,14 +31,15 @@
     "ActionBypassCacheOnCookie",
     "ActionCacheByDeviceType",
     "ActionCacheDeceptionArmor",
-    "ActionCacheKey",
-    "ActionCacheKeyValue",
-    "ActionCacheKeyValueCookie",
-    "ActionCacheKeyValueHeader",
-    "ActionCacheKeyValueHost",
-    "ActionCacheKeyValueQueryString",
-    "ActionCacheKeyValueUser",
+    "ActionCacheKeyFields",
+    "ActionCacheKeyFieldsValue",
+    "ActionCacheKeyFieldsValueCookie",
+    "ActionCacheKeyFieldsValueHeader",
+    "ActionCacheKeyFieldsValueHost",
+    "ActionCacheKeyFieldsValueQueryString",
+    "ActionCacheKeyFieldsValueUser",
     "ActionCacheOnCookie",
+    "ActionCacheTTLByStatus",
     "ActionDisableApps",
     "ActionDisablePerformance",
     "ActionDisableSecurity",
@@ -115,7 +116,7 @@ class ActionCacheDeceptionArmor(TypedDict, total=False):
     """The status of Cache Deception Armor."""
 
 
-class ActionCacheKeyValueCookie(TypedDict, total=False):
+class ActionCacheKeyFieldsValueCookie(TypedDict, total=False):
     check_presence: List[str]
     """
     A list of cookies to check for the presence of, without including their actual
@@ -126,7 +127,7 @@ class ActionCacheKeyValueCookie(TypedDict, total=False):
     """A list of cookies to include."""
 
 
-class ActionCacheKeyValueHeader(TypedDict, total=False):
+class ActionCacheKeyFieldsValueHeader(TypedDict, total=False):
     check_presence: List[str]
     """
     A list of headers to check for the presence of, without including their actual
@@ -140,12 +141,12 @@ class ActionCacheKeyValueHeader(TypedDict, total=False):
     """A list of headers to include."""
 
 
-class ActionCacheKeyValueHost(TypedDict, total=False):
+class ActionCacheKeyFieldsValueHost(TypedDict, total=False):
     resolved: bool
     """Whether to include the Host header in the HTTP request sent to the origin."""
 
 
-class ActionCacheKeyValueQueryString(TypedDict, total=False):
+class ActionCacheKeyFieldsValueQueryString(TypedDict, total=False):
     exclude: Union[Literal["*"], List[str]]
     """Ignore all query string parameters."""
 
@@ -153,7 +154,7 @@ class ActionCacheKeyValueQueryString(TypedDict, total=False):
     """Include all query string parameters."""
 
 
-class ActionCacheKeyValueUser(TypedDict, total=False):
+class ActionCacheKeyFieldsValueUser(TypedDict, total=False):
     device_type: bool
     """
     Classifies a request as `mobile`, `desktop`, or `tablet` based on the User
@@ -170,38 +171,38 @@ class ActionCacheKeyValueUser(TypedDict, total=False):
     """
 
 
-class ActionCacheKeyValue(TypedDict, total=False):
-    cookie: ActionCacheKeyValueCookie
+class ActionCacheKeyFieldsValue(TypedDict, total=False):
+    cookie: ActionCacheKeyFieldsValueCookie
     """Controls which cookies appear in the Cache Key."""
 
-    header: ActionCacheKeyValueHeader
+    header: ActionCacheKeyFieldsValueHeader
     """Controls which headers go into the Cache Key.
 
     Exactly one of `include` or `exclude` is expected.
     """
 
-    host: ActionCacheKeyValueHost
+    host: ActionCacheKeyFieldsValueHost
     """Determines which host header to include in the Cache Key."""
 
-    query_string: ActionCacheKeyValueQueryString
+    query_string: ActionCacheKeyFieldsValueQueryString
     """Controls which URL query string parameters go into the Cache Key.
 
     Exactly one of `include` or `exclude` is expected.
     """
 
-    user: ActionCacheKeyValueUser
+    user: ActionCacheKeyFieldsValueUser
     """Feature fields to add features about the end-user (client) into the Cache Key."""
 
 
-class ActionCacheKey(TypedDict, total=False):
-    id: Literal["cache_key"]
+class ActionCacheKeyFields(TypedDict, total=False):
+    id: Literal["cache_key_fields"]
     """
     Control specifically what variables to include when deciding which resources to
     cache. This allows customers to determine what to cache based on something other
     than just the URL.
     """
 
-    value: ActionCacheKeyValue
+    value: ActionCacheKeyFieldsValue
 
 
 class ActionCacheOnCookie(TypedDict, total=False):
@@ -215,6 +216,36 @@ class ActionCacheOnCookie(TypedDict, total=False):
     """The regular expression to use for matching cookie names in the request."""
 
 
+class ActionCacheTTLByStatus(TypedDict, total=False):
+    id: Literal["cache_ttl_by_status"]
+    """
+    Enterprise customers can set cache time-to-live (TTL) based on the response
+    status from the origin web server. Cache TTL refers to the duration of a
+    resource in the Cloudflare network before being marked as stale or discarded
+    from cache. Status codes are returned by a resource's origin. Setting cache TTL
+    based on response status overrides the default cache behavior (standard caching)
+    for static files and overrides cache instructions sent by the origin web server.
+    To cache non-static assets, set a Cache Level of Cache Everything using a Page
+    Rule. Setting no-store Cache-Control or a low TTL (using `max-age`/`s-maxage`)
+    increases requests to origin web servers and decreases performance.
+    """
+
+    value: Dict[str, Union[Literal["no-cache", "no-store"], int]]
+    """
+    A JSON object containing status codes and their corresponding TTLs. Each
+    key-value pair in the cache TTL by status cache rule has the following syntax
+
+    - `status_code`: An integer value such as 200 or 500. status_code matches the
+      exact status code from the origin web server. Valid status codes are between
+      100-999.
+    - `status_code_range`: Integer values for from and to. status_code_range matches
+      any status code from the origin web server within the specified range.
+    - `value`: An integer value that defines the duration an asset is valid in
+      seconds or one of the following strings: no-store (equivalent to -1), no-cache
+      (equivalent to 0).
+    """
+
+
 class ActionDisableApps(TypedDict, total=False):
     id: Literal["disable_apps"]
     """
@@ -333,9 +364,10 @@ class ActionRespectStrongEtag(TypedDict, total=False):
     ActionBypassCacheOnCookie,
     ActionCacheByDeviceType,
     ActionCacheDeceptionArmor,
-    ActionCacheKey,
+    ActionCacheKeyFields,
     CacheLevelParam,
     ActionCacheOnCookie,
+    ActionCacheTTLByStatus,
     ActionDisableApps,
     ActionDisablePerformance,
     ActionDisableSecurity,
diff --git a/src/cloudflare/types/page_rules/page_rule_update_params.py b/src/cloudflare/types/page_rules/page_rule_update_params.py
index ceff13a48fe..9328f0540b8 100644
--- a/src/cloudflare/types/page_rules/page_rule_update_params.py
+++ b/src/cloudflare/types/page_rules/page_rule_update_params.py
@@ -2,7 +2,7 @@
 
 from __future__ import annotations
 
-from typing import List, Union, Iterable
+from typing import Dict, List, Union, Iterable
 from typing_extensions import Literal, Required, TypeAlias, TypedDict
 
 from .target_param import TargetParam
@@ -31,14 +31,15 @@
     "ActionBypassCacheOnCookie",
     "ActionCacheByDeviceType",
     "ActionCacheDeceptionArmor",
-    "ActionCacheKey",
-    "ActionCacheKeyValue",
-    "ActionCacheKeyValueCookie",
-    "ActionCacheKeyValueHeader",
-    "ActionCacheKeyValueHost",
-    "ActionCacheKeyValueQueryString",
-    "ActionCacheKeyValueUser",
+    "ActionCacheKeyFields",
+    "ActionCacheKeyFieldsValue",
+    "ActionCacheKeyFieldsValueCookie",
+    "ActionCacheKeyFieldsValueHeader",
+    "ActionCacheKeyFieldsValueHost",
+    "ActionCacheKeyFieldsValueQueryString",
+    "ActionCacheKeyFieldsValueUser",
     "ActionCacheOnCookie",
+    "ActionCacheTTLByStatus",
     "ActionDisableApps",
     "ActionDisablePerformance",
     "ActionDisableSecurity",
@@ -115,7 +116,7 @@ class ActionCacheDeceptionArmor(TypedDict, total=False):
     """The status of Cache Deception Armor."""
 
 
-class ActionCacheKeyValueCookie(TypedDict, total=False):
+class ActionCacheKeyFieldsValueCookie(TypedDict, total=False):
     check_presence: List[str]
     """
     A list of cookies to check for the presence of, without including their actual
@@ -126,7 +127,7 @@ class ActionCacheKeyValueCookie(TypedDict, total=False):
     """A list of cookies to include."""
 
 
-class ActionCacheKeyValueHeader(TypedDict, total=False):
+class ActionCacheKeyFieldsValueHeader(TypedDict, total=False):
     check_presence: List[str]
     """
     A list of headers to check for the presence of, without including their actual
@@ -140,12 +141,12 @@ class ActionCacheKeyValueHeader(TypedDict, total=False):
     """A list of headers to include."""
 
 
-class ActionCacheKeyValueHost(TypedDict, total=False):
+class ActionCacheKeyFieldsValueHost(TypedDict, total=False):
     resolved: bool
     """Whether to include the Host header in the HTTP request sent to the origin."""
 
 
-class ActionCacheKeyValueQueryString(TypedDict, total=False):
+class ActionCacheKeyFieldsValueQueryString(TypedDict, total=False):
     exclude: Union[Literal["*"], List[str]]
     """Ignore all query string parameters."""
 
@@ -153,7 +154,7 @@ class ActionCacheKeyValueQueryString(TypedDict, total=False):
     """Include all query string parameters."""
 
 
-class ActionCacheKeyValueUser(TypedDict, total=False):
+class ActionCacheKeyFieldsValueUser(TypedDict, total=False):
     device_type: bool
     """
     Classifies a request as `mobile`, `desktop`, or `tablet` based on the User
@@ -170,38 +171,38 @@ class ActionCacheKeyValueUser(TypedDict, total=False):
     """
 
 
-class ActionCacheKeyValue(TypedDict, total=False):
-    cookie: ActionCacheKeyValueCookie
+class ActionCacheKeyFieldsValue(TypedDict, total=False):
+    cookie: ActionCacheKeyFieldsValueCookie
     """Controls which cookies appear in the Cache Key."""
 
-    header: ActionCacheKeyValueHeader
+    header: ActionCacheKeyFieldsValueHeader
     """Controls which headers go into the Cache Key.
 
     Exactly one of `include` or `exclude` is expected.
     """
 
-    host: ActionCacheKeyValueHost
+    host: ActionCacheKeyFieldsValueHost
     """Determines which host header to include in the Cache Key."""
 
-    query_string: ActionCacheKeyValueQueryString
+    query_string: ActionCacheKeyFieldsValueQueryString
     """Controls which URL query string parameters go into the Cache Key.
 
     Exactly one of `include` or `exclude` is expected.
     """
 
-    user: ActionCacheKeyValueUser
+    user: ActionCacheKeyFieldsValueUser
     """Feature fields to add features about the end-user (client) into the Cache Key."""
 
 
-class ActionCacheKey(TypedDict, total=False):
-    id: Literal["cache_key"]
+class ActionCacheKeyFields(TypedDict, total=False):
+    id: Literal["cache_key_fields"]
     """
     Control specifically what variables to include when deciding which resources to
     cache. This allows customers to determine what to cache based on something other
     than just the URL.
     """
 
-    value: ActionCacheKeyValue
+    value: ActionCacheKeyFieldsValue
 
 
 class ActionCacheOnCookie(TypedDict, total=False):
@@ -215,6 +216,36 @@ class ActionCacheOnCookie(TypedDict, total=False):
     """The regular expression to use for matching cookie names in the request."""
 
 
+class ActionCacheTTLByStatus(TypedDict, total=False):
+    id: Literal["cache_ttl_by_status"]
+    """
+    Enterprise customers can set cache time-to-live (TTL) based on the response
+    status from the origin web server. Cache TTL refers to the duration of a
+    resource in the Cloudflare network before being marked as stale or discarded
+    from cache. Status codes are returned by a resource's origin. Setting cache TTL
+    based on response status overrides the default cache behavior (standard caching)
+    for static files and overrides cache instructions sent by the origin web server.
+    To cache non-static assets, set a Cache Level of Cache Everything using a Page
+    Rule. Setting no-store Cache-Control or a low TTL (using `max-age`/`s-maxage`)
+    increases requests to origin web servers and decreases performance.
+    """
+
+    value: Dict[str, Union[Literal["no-cache", "no-store"], int]]
+    """
+    A JSON object containing status codes and their corresponding TTLs. Each
+    key-value pair in the cache TTL by status cache rule has the following syntax
+
+    - `status_code`: An integer value such as 200 or 500. status_code matches the
+      exact status code from the origin web server. Valid status codes are between
+      100-999.
+    - `status_code_range`: Integer values for from and to. status_code_range matches
+      any status code from the origin web server within the specified range.
+    - `value`: An integer value that defines the duration an asset is valid in
+      seconds or one of the following strings: no-store (equivalent to -1), no-cache
+      (equivalent to 0).
+    """
+
+
 class ActionDisableApps(TypedDict, total=False):
     id: Literal["disable_apps"]
     """
@@ -333,9 +364,10 @@ class ActionRespectStrongEtag(TypedDict, total=False):
     ActionBypassCacheOnCookie,
     ActionCacheByDeviceType,
     ActionCacheDeceptionArmor,
-    ActionCacheKey,
+    ActionCacheKeyFields,
     CacheLevelParam,
     ActionCacheOnCookie,
+    ActionCacheTTLByStatus,
     ActionDisableApps,
     ActionDisablePerformance,
     ActionDisableSecurity,
diff --git a/src/cloudflare/types/shared/token.py b/src/cloudflare/types/shared/token.py
index 60c5cc8e911..fd4787368c9 100644
--- a/src/cloudflare/types/shared/token.py
+++ b/src/cloudflare/types/shared/token.py
@@ -22,7 +22,7 @@ class ConditionRequestIP(BaseModel):
 
 
 class Condition(BaseModel):
-    request_ip: Optional[ConditionRequestIP] = FieldInfo(alias="request.ip", default=None)
+    request_ip: Optional[ConditionRequestIP] = None
     """Client IP restrictions."""
 
 
diff --git a/src/cloudflare/types/shared/token_policy.py b/src/cloudflare/types/shared/token_policy.py
index 9611c150894..10909830a01 100644
--- a/src/cloudflare/types/shared/token_policy.py
+++ b/src/cloudflare/types/shared/token_policy.py
@@ -1,11 +1,11 @@
 # File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
 
-from typing import List, Optional
+from typing import Dict, List, Optional
 from typing_extensions import Literal
 
 from ..._models import BaseModel
 
-__all__ = ["TokenPolicy", "PermissionGroup", "PermissionGroupMeta", "Resources"]
+__all__ = ["TokenPolicy", "PermissionGroup", "PermissionGroupMeta"]
 
 
 class PermissionGroupMeta(BaseModel):
@@ -25,12 +25,6 @@ class PermissionGroup(BaseModel):
     """Name of the group."""
 
 
-class Resources(BaseModel):
-    resource: Optional[str] = None
-
-    scope: Optional[str] = None
-
-
 class TokenPolicy(BaseModel):
     id: str
     """Policy identifier."""
@@ -41,5 +35,5 @@ class TokenPolicy(BaseModel):
     permission_groups: List[PermissionGroup]
     """A set of permission groups that are specified to the policy."""
 
-    resources: Resources
+    resources: Dict[str, str]
     """A list of resource names that the policy applies to."""
diff --git a/src/cloudflare/types/shared_params/token_policy.py b/src/cloudflare/types/shared_params/token_policy.py
index 789802e3df7..96b7d37451f 100644
--- a/src/cloudflare/types/shared_params/token_policy.py
+++ b/src/cloudflare/types/shared_params/token_policy.py
@@ -2,10 +2,10 @@
 
 from __future__ import annotations
 
-from typing import Iterable
+from typing import Dict, Iterable
 from typing_extensions import Literal, Required, TypedDict
 
-__all__ = ["TokenPolicy", "PermissionGroup", "PermissionGroupMeta", "Resources"]
+__all__ = ["TokenPolicy", "PermissionGroup", "PermissionGroupMeta"]
 
 
 class PermissionGroupMeta(TypedDict, total=False):
@@ -19,12 +19,6 @@ class PermissionGroup(TypedDict, total=False):
     """Attributes associated to the permission group."""
 
 
-class Resources(TypedDict, total=False):
-    resource: str
-
-    scope: str
-
-
 class TokenPolicy(TypedDict, total=False):
     effect: Required[Literal["allow", "deny"]]
     """Allow or deny operations against the resources."""
@@ -32,5 +26,5 @@ class TokenPolicy(TypedDict, total=False):
     permission_groups: Required[Iterable[PermissionGroup]]
     """A set of permission groups that are specified to the policy."""
 
-    resources: Required[Resources]
+    resources: Required[Dict[str, str]]
     """A list of resource names that the policy applies to."""
diff --git a/src/cloudflare/types/user/token_create_params.py b/src/cloudflare/types/user/token_create_params.py
index bf9e2e8de5b..166b95b2e7f 100644
--- a/src/cloudflare/types/user/token_create_params.py
+++ b/src/cloudflare/types/user/token_create_params.py
@@ -47,5 +47,5 @@ class ConditionRequestIP(_ConditionRequestIPReservedKeywords, total=False):
 
 
 class Condition(TypedDict, total=False):
-    request_ip: Annotated[ConditionRequestIP, PropertyInfo(alias="request.ip")]
+    request_ip: ConditionRequestIP
     """Client IP restrictions."""
diff --git a/src/cloudflare/types/user/token_create_response.py b/src/cloudflare/types/user/token_create_response.py
index cfc75aba10c..baad5983f71 100644
--- a/src/cloudflare/types/user/token_create_response.py
+++ b/src/cloudflare/types/user/token_create_response.py
@@ -23,7 +23,7 @@ class ConditionRequestIP(BaseModel):
 
 
 class Condition(BaseModel):
-    request_ip: Optional[ConditionRequestIP] = FieldInfo(alias="request.ip", default=None)
+    request_ip: Optional[ConditionRequestIP] = None
     """Client IP restrictions."""
 
 
diff --git a/src/cloudflare/types/user/token_update_params.py b/src/cloudflare/types/user/token_update_params.py
index b60ab209b89..6df123fcec8 100644
--- a/src/cloudflare/types/user/token_update_params.py
+++ b/src/cloudflare/types/user/token_update_params.py
@@ -50,5 +50,5 @@ class ConditionRequestIP(_ConditionRequestIPReservedKeywords, total=False):
 
 
 class Condition(TypedDict, total=False):
-    request_ip: Annotated[ConditionRequestIP, PropertyInfo(alias="request.ip")]
+    request_ip: ConditionRequestIP
     """Client IP restrictions."""
diff --git a/src/cloudflare/types/zero_trust/access/application_create_params.py b/src/cloudflare/types/zero_trust/access/application_create_params.py
index 5e7ff63435e..335b4de1b69 100644
--- a/src/cloudflare/types/zero_trust/access/application_create_params.py
+++ b/src/cloudflare/types/zero_trust/access/application_create_params.py
@@ -28,6 +28,9 @@
     "SelfHostedApplicationPolicyUnionMember2",
     "SelfHostedApplicationSCIMConfig",
     "SelfHostedApplicationSCIMConfigAuthentication",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "SaaSApplication",
     "SaaSApplicationPolicy",
     "SaaSApplicationPolicyAccessAppPolicyLink",
@@ -35,6 +38,9 @@
     "SaaSApplicationSaaSApp",
     "SaaSApplicationSCIMConfig",
     "SaaSApplicationSCIMConfigAuthentication",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserSSHApplication",
     "BrowserSSHApplicationDestination",
     "BrowserSSHApplicationPolicy",
@@ -42,6 +48,9 @@
     "BrowserSSHApplicationPolicyUnionMember2",
     "BrowserSSHApplicationSCIMConfig",
     "BrowserSSHApplicationSCIMConfigAuthentication",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserVNCApplication",
     "BrowserVNCApplicationDestination",
     "BrowserVNCApplicationPolicy",
@@ -49,6 +58,9 @@
     "BrowserVNCApplicationPolicyUnionMember2",
     "BrowserVNCApplicationSCIMConfig",
     "BrowserVNCApplicationSCIMConfigAuthentication",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "AppLauncherApplication",
     "AppLauncherApplicationFooterLink",
     "AppLauncherApplicationLandingPageDesign",
@@ -57,6 +69,9 @@
     "AppLauncherApplicationPolicyUnionMember2",
     "AppLauncherApplicationSCIMConfig",
     "AppLauncherApplicationSCIMConfigAuthentication",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "DeviceEnrollmentPermissionsApplication",
     "DeviceEnrollmentPermissionsApplicationFooterLink",
     "DeviceEnrollmentPermissionsApplicationLandingPageDesign",
@@ -65,6 +80,9 @@
     "DeviceEnrollmentPermissionsApplicationPolicyUnionMember2",
     "DeviceEnrollmentPermissionsApplicationSCIMConfig",
     "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthentication",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserIsolationPermissionsApplication",
     "BrowserIsolationPermissionsApplicationFooterLink",
     "BrowserIsolationPermissionsApplicationLandingPageDesign",
@@ -73,9 +91,15 @@
     "BrowserIsolationPermissionsApplicationPolicyUnionMember2",
     "BrowserIsolationPermissionsApplicationSCIMConfig",
     "BrowserIsolationPermissionsApplicationSCIMConfigAuthentication",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BookmarkApplication",
     "BookmarkApplicationSCIMConfig",
     "BookmarkApplicationSCIMConfigAuthentication",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "InfrastructureApplication",
     "InfrastructureApplicationTargetCriterion",
     "InfrastructureApplicationPolicy",
@@ -300,10 +324,58 @@ class SelfHostedApplicationPolicyUnionMember2(TypedDict, total=False):
     SelfHostedApplicationPolicyAccessAppPolicyLink, str, SelfHostedApplicationPolicyUnionMember2
 ]
 
+
+class SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 SelfHostedApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -455,10 +527,56 @@ class SaaSApplicationPolicyUnionMember2(TypedDict, total=False):
 
 SaaSApplicationSaaSApp: TypeAlias = Union[SAMLSaaSAppParam, OIDCSaaSAppParam]
 
+
+class SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(TypedDict, total=False):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 SaaSApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -713,10 +831,58 @@ class BrowserSSHApplicationPolicyUnionMember2(TypedDict, total=False):
     BrowserSSHApplicationPolicyAccessAppPolicyLink, str, BrowserSSHApplicationPolicyUnionMember2
 ]
 
+
+class BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserSSHApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -971,10 +1137,58 @@ class BrowserVNCApplicationPolicyUnionMember2(TypedDict, total=False):
     BrowserVNCApplicationPolicyAccessAppPolicyLink, str, BrowserVNCApplicationPolicyUnionMember2
 ]
 
+
+class BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserVNCApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1154,10 +1368,58 @@ class AppLauncherApplicationPolicyUnionMember2(TypedDict, total=False):
     AppLauncherApplicationPolicyAccessAppPolicyLink, str, AppLauncherApplicationPolicyUnionMember2
 ]
 
+
+class AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 AppLauncherApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1339,10 +1601,58 @@ class DeviceEnrollmentPermissionsApplicationPolicyUnionMember2(TypedDict, total=
     DeviceEnrollmentPermissionsApplicationPolicyUnionMember2,
 ]
 
+
+class DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 DeviceEnrollmentPermissionsApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1524,10 +1834,58 @@ class BrowserIsolationPermissionsApplicationPolicyUnionMember2(TypedDict, total=
     BrowserIsolationPermissionsApplicationPolicyUnionMember2,
 ]
 
+
+class BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserIsolationPermissionsApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1599,10 +1957,57 @@ class BookmarkApplication(TypedDict, total=False):
     """The application type."""
 
 
+class BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BookmarkApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
diff --git a/src/cloudflare/types/zero_trust/access/application_create_response.py b/src/cloudflare/types/zero_trust/access/application_create_response.py
index 0d58317ac07..9fe984fb2b4 100644
--- a/src/cloudflare/types/zero_trust/access/application_create_response.py
+++ b/src/cloudflare/types/zero_trust/access/application_create_response.py
@@ -25,41 +25,68 @@
     "SelfHostedApplicationDestination",
     "SelfHostedApplicationSCIMConfig",
     "SelfHostedApplicationSCIMConfigAuthentication",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "SaaSApplication",
     "SaaSApplicationSaaSApp",
     "SaaSApplicationSCIMConfig",
     "SaaSApplicationSCIMConfigAuthentication",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserSSHApplication",
     "BrowserSSHApplicationDestination",
     "BrowserSSHApplicationSCIMConfig",
     "BrowserSSHApplicationSCIMConfigAuthentication",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserVNCApplication",
     "BrowserVNCApplicationDestination",
     "BrowserVNCApplicationSCIMConfig",
     "BrowserVNCApplicationSCIMConfigAuthentication",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "AppLauncherApplication",
     "AppLauncherApplicationFooterLink",
     "AppLauncherApplicationLandingPageDesign",
     "AppLauncherApplicationSCIMConfig",
     "AppLauncherApplicationSCIMConfigAuthentication",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "DeviceEnrollmentPermissionsApplication",
     "DeviceEnrollmentPermissionsApplicationFooterLink",
     "DeviceEnrollmentPermissionsApplicationLandingPageDesign",
     "DeviceEnrollmentPermissionsApplicationSCIMConfig",
     "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthentication",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserIsolationPermissionsApplication",
     "BrowserIsolationPermissionsApplicationFooterLink",
     "BrowserIsolationPermissionsApplicationLandingPageDesign",
     "BrowserIsolationPermissionsApplicationSCIMConfig",
     "BrowserIsolationPermissionsApplicationSCIMConfigAuthentication",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BookmarkApplication",
     "BookmarkApplicationSCIMConfig",
     "BookmarkApplicationSCIMConfigAuthentication",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "InfrastructureApplication",
     "InfrastructureApplicationTargetCriterion",
     "InfrastructureApplicationPolicy",
     "InfrastructureApplicationSCIMConfig",
     "InfrastructureApplicationSCIMConfigAuthentication",
+    "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
 ]
 
 
@@ -77,8 +104,55 @@ class SelfHostedApplicationDestination(BaseModel):
     """
 
 
+class SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 SelfHostedApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -265,8 +339,56 @@ class SelfHostedApplication(BaseModel):
 
 SaaSApplicationSaaSApp: TypeAlias = Union[SAMLSaaSApp, OIDCSaaSApp]
 
+
+class SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 SaaSApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -374,8 +496,55 @@ class BrowserSSHApplicationDestination(BaseModel):
     """
 
 
+class BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserSSHApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -574,8 +743,55 @@ class BrowserVNCApplicationDestination(BaseModel):
     """
 
 
+class BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserVNCApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -785,8 +1001,55 @@ class AppLauncherApplicationLandingPageDesign(BaseModel):
     """The title shown on the landing page."""
 
 
+class AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 AppLauncherApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -919,8 +1182,57 @@ class DeviceEnrollmentPermissionsApplicationLandingPageDesign(BaseModel):
     """The title shown on the landing page."""
 
 
+class DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 DeviceEnrollmentPermissionsApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1053,8 +1365,57 @@ class BrowserIsolationPermissionsApplicationLandingPageDesign(BaseModel):
     """The title shown on the landing page."""
 
 
+class BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserIsolationPermissionsApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1162,8 +1523,55 @@ class BrowserIsolationPermissionsApplication(BaseModel):
     updated_at: Optional[datetime] = None
 
 
+class BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BookmarkApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1289,8 +1697,55 @@ class InfrastructureApplicationPolicy(BaseModel):
     updated_at: Optional[datetime] = None
 
 
+class InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 InfrastructureApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
diff --git a/src/cloudflare/types/zero_trust/access/application_get_response.py b/src/cloudflare/types/zero_trust/access/application_get_response.py
index 462a8a5259f..1e2031d1264 100644
--- a/src/cloudflare/types/zero_trust/access/application_get_response.py
+++ b/src/cloudflare/types/zero_trust/access/application_get_response.py
@@ -25,41 +25,68 @@
     "SelfHostedApplicationDestination",
     "SelfHostedApplicationSCIMConfig",
     "SelfHostedApplicationSCIMConfigAuthentication",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "SaaSApplication",
     "SaaSApplicationSaaSApp",
     "SaaSApplicationSCIMConfig",
     "SaaSApplicationSCIMConfigAuthentication",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserSSHApplication",
     "BrowserSSHApplicationDestination",
     "BrowserSSHApplicationSCIMConfig",
     "BrowserSSHApplicationSCIMConfigAuthentication",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserVNCApplication",
     "BrowserVNCApplicationDestination",
     "BrowserVNCApplicationSCIMConfig",
     "BrowserVNCApplicationSCIMConfigAuthentication",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "AppLauncherApplication",
     "AppLauncherApplicationFooterLink",
     "AppLauncherApplicationLandingPageDesign",
     "AppLauncherApplicationSCIMConfig",
     "AppLauncherApplicationSCIMConfigAuthentication",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "DeviceEnrollmentPermissionsApplication",
     "DeviceEnrollmentPermissionsApplicationFooterLink",
     "DeviceEnrollmentPermissionsApplicationLandingPageDesign",
     "DeviceEnrollmentPermissionsApplicationSCIMConfig",
     "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthentication",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserIsolationPermissionsApplication",
     "BrowserIsolationPermissionsApplicationFooterLink",
     "BrowserIsolationPermissionsApplicationLandingPageDesign",
     "BrowserIsolationPermissionsApplicationSCIMConfig",
     "BrowserIsolationPermissionsApplicationSCIMConfigAuthentication",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BookmarkApplication",
     "BookmarkApplicationSCIMConfig",
     "BookmarkApplicationSCIMConfigAuthentication",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "InfrastructureApplication",
     "InfrastructureApplicationTargetCriterion",
     "InfrastructureApplicationPolicy",
     "InfrastructureApplicationSCIMConfig",
     "InfrastructureApplicationSCIMConfigAuthentication",
+    "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
 ]
 
 
@@ -77,8 +104,55 @@ class SelfHostedApplicationDestination(BaseModel):
     """
 
 
+class SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 SelfHostedApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -265,8 +339,56 @@ class SelfHostedApplication(BaseModel):
 
 SaaSApplicationSaaSApp: TypeAlias = Union[SAMLSaaSApp, OIDCSaaSApp]
 
+
+class SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 SaaSApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -374,8 +496,55 @@ class BrowserSSHApplicationDestination(BaseModel):
     """
 
 
+class BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserSSHApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -574,8 +743,55 @@ class BrowserVNCApplicationDestination(BaseModel):
     """
 
 
+class BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserVNCApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -785,8 +1001,55 @@ class AppLauncherApplicationLandingPageDesign(BaseModel):
     """The title shown on the landing page."""
 
 
+class AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 AppLauncherApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -919,8 +1182,57 @@ class DeviceEnrollmentPermissionsApplicationLandingPageDesign(BaseModel):
     """The title shown on the landing page."""
 
 
+class DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 DeviceEnrollmentPermissionsApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1053,8 +1365,57 @@ class BrowserIsolationPermissionsApplicationLandingPageDesign(BaseModel):
     """The title shown on the landing page."""
 
 
+class BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserIsolationPermissionsApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1162,8 +1523,55 @@ class BrowserIsolationPermissionsApplication(BaseModel):
     updated_at: Optional[datetime] = None
 
 
+class BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BookmarkApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1289,8 +1697,55 @@ class InfrastructureApplicationPolicy(BaseModel):
     updated_at: Optional[datetime] = None
 
 
+class InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 InfrastructureApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
diff --git a/src/cloudflare/types/zero_trust/access/application_list_response.py b/src/cloudflare/types/zero_trust/access/application_list_response.py
index 88f3c0d8ad1..9a4ff2becdd 100644
--- a/src/cloudflare/types/zero_trust/access/application_list_response.py
+++ b/src/cloudflare/types/zero_trust/access/application_list_response.py
@@ -25,41 +25,68 @@
     "SelfHostedApplicationDestination",
     "SelfHostedApplicationSCIMConfig",
     "SelfHostedApplicationSCIMConfigAuthentication",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "SaaSApplication",
     "SaaSApplicationSaaSApp",
     "SaaSApplicationSCIMConfig",
     "SaaSApplicationSCIMConfigAuthentication",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserSSHApplication",
     "BrowserSSHApplicationDestination",
     "BrowserSSHApplicationSCIMConfig",
     "BrowserSSHApplicationSCIMConfigAuthentication",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserVNCApplication",
     "BrowserVNCApplicationDestination",
     "BrowserVNCApplicationSCIMConfig",
     "BrowserVNCApplicationSCIMConfigAuthentication",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "AppLauncherApplication",
     "AppLauncherApplicationFooterLink",
     "AppLauncherApplicationLandingPageDesign",
     "AppLauncherApplicationSCIMConfig",
     "AppLauncherApplicationSCIMConfigAuthentication",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "DeviceEnrollmentPermissionsApplication",
     "DeviceEnrollmentPermissionsApplicationFooterLink",
     "DeviceEnrollmentPermissionsApplicationLandingPageDesign",
     "DeviceEnrollmentPermissionsApplicationSCIMConfig",
     "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthentication",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserIsolationPermissionsApplication",
     "BrowserIsolationPermissionsApplicationFooterLink",
     "BrowserIsolationPermissionsApplicationLandingPageDesign",
     "BrowserIsolationPermissionsApplicationSCIMConfig",
     "BrowserIsolationPermissionsApplicationSCIMConfigAuthentication",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BookmarkApplication",
     "BookmarkApplicationSCIMConfig",
     "BookmarkApplicationSCIMConfigAuthentication",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "InfrastructureApplication",
     "InfrastructureApplicationTargetCriterion",
     "InfrastructureApplicationPolicy",
     "InfrastructureApplicationSCIMConfig",
     "InfrastructureApplicationSCIMConfigAuthentication",
+    "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
 ]
 
 
@@ -77,8 +104,55 @@ class SelfHostedApplicationDestination(BaseModel):
     """
 
 
+class SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 SelfHostedApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -265,8 +339,56 @@ class SelfHostedApplication(BaseModel):
 
 SaaSApplicationSaaSApp: TypeAlias = Union[SAMLSaaSApp, OIDCSaaSApp]
 
+
+class SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 SaaSApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -374,8 +496,55 @@ class BrowserSSHApplicationDestination(BaseModel):
     """
 
 
+class BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserSSHApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -574,8 +743,55 @@ class BrowserVNCApplicationDestination(BaseModel):
     """
 
 
+class BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserVNCApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -785,8 +1001,55 @@ class AppLauncherApplicationLandingPageDesign(BaseModel):
     """The title shown on the landing page."""
 
 
+class AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 AppLauncherApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -919,8 +1182,57 @@ class DeviceEnrollmentPermissionsApplicationLandingPageDesign(BaseModel):
     """The title shown on the landing page."""
 
 
+class DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 DeviceEnrollmentPermissionsApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1053,8 +1365,57 @@ class BrowserIsolationPermissionsApplicationLandingPageDesign(BaseModel):
     """The title shown on the landing page."""
 
 
+class BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserIsolationPermissionsApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1162,8 +1523,55 @@ class BrowserIsolationPermissionsApplication(BaseModel):
     updated_at: Optional[datetime] = None
 
 
+class BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BookmarkApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1289,8 +1697,55 @@ class InfrastructureApplicationPolicy(BaseModel):
     updated_at: Optional[datetime] = None
 
 
+class InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 InfrastructureApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
diff --git a/src/cloudflare/types/zero_trust/access/application_update_params.py b/src/cloudflare/types/zero_trust/access/application_update_params.py
index db1842e6805..160b8896c7d 100644
--- a/src/cloudflare/types/zero_trust/access/application_update_params.py
+++ b/src/cloudflare/types/zero_trust/access/application_update_params.py
@@ -28,6 +28,9 @@
     "SelfHostedApplicationPolicyUnionMember2",
     "SelfHostedApplicationSCIMConfig",
     "SelfHostedApplicationSCIMConfigAuthentication",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "SaaSApplication",
     "SaaSApplicationPolicy",
     "SaaSApplicationPolicyAccessAppPolicyLink",
@@ -35,6 +38,9 @@
     "SaaSApplicationSaaSApp",
     "SaaSApplicationSCIMConfig",
     "SaaSApplicationSCIMConfigAuthentication",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserSSHApplication",
     "BrowserSSHApplicationDestination",
     "BrowserSSHApplicationPolicy",
@@ -42,6 +48,9 @@
     "BrowserSSHApplicationPolicyUnionMember2",
     "BrowserSSHApplicationSCIMConfig",
     "BrowserSSHApplicationSCIMConfigAuthentication",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserVNCApplication",
     "BrowserVNCApplicationDestination",
     "BrowserVNCApplicationPolicy",
@@ -49,6 +58,9 @@
     "BrowserVNCApplicationPolicyUnionMember2",
     "BrowserVNCApplicationSCIMConfig",
     "BrowserVNCApplicationSCIMConfigAuthentication",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "AppLauncherApplication",
     "AppLauncherApplicationFooterLink",
     "AppLauncherApplicationLandingPageDesign",
@@ -57,6 +69,9 @@
     "AppLauncherApplicationPolicyUnionMember2",
     "AppLauncherApplicationSCIMConfig",
     "AppLauncherApplicationSCIMConfigAuthentication",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "DeviceEnrollmentPermissionsApplication",
     "DeviceEnrollmentPermissionsApplicationFooterLink",
     "DeviceEnrollmentPermissionsApplicationLandingPageDesign",
@@ -65,6 +80,9 @@
     "DeviceEnrollmentPermissionsApplicationPolicyUnionMember2",
     "DeviceEnrollmentPermissionsApplicationSCIMConfig",
     "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthentication",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserIsolationPermissionsApplication",
     "BrowserIsolationPermissionsApplicationFooterLink",
     "BrowserIsolationPermissionsApplicationLandingPageDesign",
@@ -73,9 +91,15 @@
     "BrowserIsolationPermissionsApplicationPolicyUnionMember2",
     "BrowserIsolationPermissionsApplicationSCIMConfig",
     "BrowserIsolationPermissionsApplicationSCIMConfigAuthentication",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BookmarkApplication",
     "BookmarkApplicationSCIMConfig",
     "BookmarkApplicationSCIMConfigAuthentication",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "InfrastructureApplication",
     "InfrastructureApplicationTargetCriterion",
     "InfrastructureApplicationPolicy",
@@ -300,10 +324,58 @@ class SelfHostedApplicationPolicyUnionMember2(TypedDict, total=False):
     SelfHostedApplicationPolicyAccessAppPolicyLink, str, SelfHostedApplicationPolicyUnionMember2
 ]
 
+
+class SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 SelfHostedApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -455,10 +527,56 @@ class SaaSApplicationPolicyUnionMember2(TypedDict, total=False):
 
 SaaSApplicationSaaSApp: TypeAlias = Union[SAMLSaaSAppParam, OIDCSaaSAppParam]
 
+
+class SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(TypedDict, total=False):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 SaaSApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -713,10 +831,58 @@ class BrowserSSHApplicationPolicyUnionMember2(TypedDict, total=False):
     BrowserSSHApplicationPolicyAccessAppPolicyLink, str, BrowserSSHApplicationPolicyUnionMember2
 ]
 
+
+class BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserSSHApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -971,10 +1137,58 @@ class BrowserVNCApplicationPolicyUnionMember2(TypedDict, total=False):
     BrowserVNCApplicationPolicyAccessAppPolicyLink, str, BrowserVNCApplicationPolicyUnionMember2
 ]
 
+
+class BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserVNCApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1154,10 +1368,58 @@ class AppLauncherApplicationPolicyUnionMember2(TypedDict, total=False):
     AppLauncherApplicationPolicyAccessAppPolicyLink, str, AppLauncherApplicationPolicyUnionMember2
 ]
 
+
+class AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 AppLauncherApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1339,10 +1601,58 @@ class DeviceEnrollmentPermissionsApplicationPolicyUnionMember2(TypedDict, total=
     DeviceEnrollmentPermissionsApplicationPolicyUnionMember2,
 ]
 
+
+class DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 DeviceEnrollmentPermissionsApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1524,10 +1834,58 @@ class BrowserIsolationPermissionsApplicationPolicyUnionMember2(TypedDict, total=
     BrowserIsolationPermissionsApplicationPolicyUnionMember2,
 ]
 
+
+class BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserIsolationPermissionsApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1599,10 +1957,57 @@ class BookmarkApplication(TypedDict, total=False):
     """The application type."""
 
 
+class BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BookmarkApplicationSCIMConfigAuthentication: TypeAlias = Union[
     SCIMConfigAuthenticationHTTPBasicParam,
     SCIMConfigAuthenticationOAuthBearerTokenParam,
     SCIMConfigAuthenticationOauth2Param,
+    BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
diff --git a/src/cloudflare/types/zero_trust/access/application_update_response.py b/src/cloudflare/types/zero_trust/access/application_update_response.py
index 4ccb2bedf25..a9f905cbe71 100644
--- a/src/cloudflare/types/zero_trust/access/application_update_response.py
+++ b/src/cloudflare/types/zero_trust/access/application_update_response.py
@@ -25,41 +25,68 @@
     "SelfHostedApplicationDestination",
     "SelfHostedApplicationSCIMConfig",
     "SelfHostedApplicationSCIMConfigAuthentication",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "SaaSApplication",
     "SaaSApplicationSaaSApp",
     "SaaSApplicationSCIMConfig",
     "SaaSApplicationSCIMConfigAuthentication",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserSSHApplication",
     "BrowserSSHApplicationDestination",
     "BrowserSSHApplicationSCIMConfig",
     "BrowserSSHApplicationSCIMConfigAuthentication",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserVNCApplication",
     "BrowserVNCApplicationDestination",
     "BrowserVNCApplicationSCIMConfig",
     "BrowserVNCApplicationSCIMConfigAuthentication",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "AppLauncherApplication",
     "AppLauncherApplicationFooterLink",
     "AppLauncherApplicationLandingPageDesign",
     "AppLauncherApplicationSCIMConfig",
     "AppLauncherApplicationSCIMConfigAuthentication",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "DeviceEnrollmentPermissionsApplication",
     "DeviceEnrollmentPermissionsApplicationFooterLink",
     "DeviceEnrollmentPermissionsApplicationLandingPageDesign",
     "DeviceEnrollmentPermissionsApplicationSCIMConfig",
     "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthentication",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BrowserIsolationPermissionsApplication",
     "BrowserIsolationPermissionsApplicationFooterLink",
     "BrowserIsolationPermissionsApplicationLandingPageDesign",
     "BrowserIsolationPermissionsApplicationSCIMConfig",
     "BrowserIsolationPermissionsApplicationSCIMConfigAuthentication",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "BookmarkApplication",
     "BookmarkApplicationSCIMConfig",
     "BookmarkApplicationSCIMConfigAuthentication",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
     "InfrastructureApplication",
     "InfrastructureApplicationTargetCriterion",
     "InfrastructureApplicationPolicy",
     "InfrastructureApplicationSCIMConfig",
     "InfrastructureApplicationSCIMConfigAuthentication",
+    "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
 ]
 
 
@@ -77,8 +104,55 @@ class SelfHostedApplicationDestination(BaseModel):
     """
 
 
+class SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 SelfHostedApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[SelfHostedApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -265,8 +339,56 @@ class SelfHostedApplication(BaseModel):
 
 SaaSApplicationSaaSApp: TypeAlias = Union[SAMLSaaSApp, OIDCSaaSApp]
 
+
+class SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 SaaSApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[SaaSApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -374,8 +496,55 @@ class BrowserSSHApplicationDestination(BaseModel):
     """
 
 
+class BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserSSHApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BrowserSSHApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -574,8 +743,55 @@ class BrowserVNCApplicationDestination(BaseModel):
     """
 
 
+class BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserVNCApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BrowserVNCApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -785,8 +1001,55 @@ class AppLauncherApplicationLandingPageDesign(BaseModel):
     """The title shown on the landing page."""
 
 
+class AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 AppLauncherApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[AppLauncherApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -919,8 +1182,57 @@ class DeviceEnrollmentPermissionsApplicationLandingPageDesign(BaseModel):
     """The title shown on the landing page."""
 
 
+class DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 DeviceEnrollmentPermissionsApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[DeviceEnrollmentPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1053,8 +1365,57 @@ class BrowserIsolationPermissionsApplicationLandingPageDesign(BaseModel):
     """The title shown on the landing page."""
 
 
+class BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BrowserIsolationPermissionsApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BrowserIsolationPermissionsApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1162,8 +1523,55 @@ class BrowserIsolationPermissionsApplication(BaseModel):
     updated_at: Optional[datetime] = None
 
 
+class BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 BookmarkApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[BookmarkApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
@@ -1289,8 +1697,55 @@ class InfrastructureApplicationPolicy(BaseModel):
     updated_at: Optional[datetime] = None
 
 
+class InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    BaseModel
+):
+    client_id: str
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: str
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Literal["access_service_token"]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
 InfrastructureApplicationSCIMConfigAuthentication: TypeAlias = Union[
-    SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2
+    SCIMConfigAuthenticationHTTPBasic,
+    SCIMConfigAuthenticationOAuthBearerToken,
+    SCIMConfigAuthenticationOauth2,
+    InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    List[InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
 ]
 
 
diff --git a/src/cloudflare/types/zero_trust/devices/__init__.py b/src/cloudflare/types/zero_trust/devices/__init__.py
index 37d71da7a5e..831df46d499 100644
--- a/src/cloudflare/types/zero_trust/devices/__init__.py
+++ b/src/cloudflare/types/zero_trust/devices/__init__.py
@@ -49,7 +49,6 @@
 from .unique_client_id_input import UniqueClientIDInput as UniqueClientIDInput
 from .unrevoke_create_params import UnrevokeCreateParams as UnrevokeCreateParams
 from .crowdstrike_input_param import CrowdstrikeInputParam as CrowdstrikeInputParam
-from .fleet_status_get_params import FleetStatusGetParams as FleetStatusGetParams
 from .network_delete_response import NetworkDeleteResponse as NetworkDeleteResponse
 from .posture_delete_response import PostureDeleteResponse as PostureDeleteResponse
 from .sentinelone_input_param import SentineloneInputParam as SentineloneInputParam
@@ -57,7 +56,6 @@
 from .dex_test_delete_response import DEXTestDeleteResponse as DEXTestDeleteResponse
 from .unrevoke_create_response import UnrevokeCreateResponse as UnrevokeCreateResponse
 from .domain_joined_input_param import DomainJoinedInputParam as DomainJoinedInputParam
-from .fleet_status_get_response import FleetStatusGetResponse as FleetStatusGetResponse
 from .workspace_one_input_param import WorkspaceOneInputParam as WorkspaceOneInputParam
 from .split_tunnel_exclude_param import SplitTunnelExcludeParam as SplitTunnelExcludeParam
 from .split_tunnel_include_param import SplitTunnelIncludeParam as SplitTunnelIncludeParam
diff --git a/src/cloudflare/types/zero_trust/devices/fleet_status_get_params.py b/src/cloudflare/types/zero_trust/devices/fleet_status_get_params.py
deleted file mode 100644
index 09a81b98c51..00000000000
--- a/src/cloudflare/types/zero_trust/devices/fleet_status_get_params.py
+++ /dev/null
@@ -1,20 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from __future__ import annotations
-
-from typing_extensions import Required, TypedDict
-
-__all__ = ["FleetStatusGetParams"]
-
-
-class FleetStatusGetParams(TypedDict, total=False):
-    account_id: Required[str]
-
-    since_minutes: Required[float]
-    """Number of minutes before current time"""
-
-    colo: str
-    """List of data centers to filter results"""
-
-    time_now: str
-    """Number of minutes before current time"""
diff --git a/src/cloudflare/types/zero_trust/devices/fleet_status_get_response.py b/src/cloudflare/types/zero_trust/devices/fleet_status_get_response.py
deleted file mode 100644
index f4feee2cb0c..00000000000
--- a/src/cloudflare/types/zero_trust/devices/fleet_status_get_response.py
+++ /dev/null
@@ -1,268 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from typing import List, Optional
-
-from pydantic import Field as FieldInfo
-
-from ...._models import BaseModel
-
-__all__ = [
-    "FleetStatusGetResponse",
-    "CPUPctByApp",
-    "DeviceIPV4",
-    "DeviceIPV4Location",
-    "DeviceIPV6",
-    "DeviceIPV6Location",
-    "GatewayIPV4",
-    "GatewayIPV4Location",
-    "GatewayIPV6",
-    "GatewayIPV6Location",
-    "ISPIPV4",
-    "ISPIPV4Location",
-    "ISPIPV6",
-    "ISPIPV6Location",
-    "RamUsedPctByApp",
-]
-
-
-class CPUPctByApp(BaseModel):
-    cpu_pct: Optional[float] = None
-
-    name: Optional[str] = None
-
-
-class DeviceIPV4Location(BaseModel):
-    city: Optional[str] = None
-
-    country_iso: Optional[str] = None
-
-    state_iso: Optional[str] = None
-
-    zip: Optional[str] = None
-
-
-class DeviceIPV4(BaseModel):
-    address: Optional[str] = None
-
-    asn: Optional[int] = None
-
-    aso: Optional[str] = None
-
-    location: Optional[DeviceIPV4Location] = None
-
-    netmask: Optional[str] = None
-
-    version: Optional[str] = None
-
-
-class DeviceIPV6Location(BaseModel):
-    city: Optional[str] = None
-
-    country_iso: Optional[str] = None
-
-    state_iso: Optional[str] = None
-
-    zip: Optional[str] = None
-
-
-class DeviceIPV6(BaseModel):
-    address: Optional[str] = None
-
-    asn: Optional[int] = None
-
-    aso: Optional[str] = None
-
-    location: Optional[DeviceIPV6Location] = None
-
-    netmask: Optional[str] = None
-
-    version: Optional[str] = None
-
-
-class GatewayIPV4Location(BaseModel):
-    city: Optional[str] = None
-
-    country_iso: Optional[str] = None
-
-    state_iso: Optional[str] = None
-
-    zip: Optional[str] = None
-
-
-class GatewayIPV4(BaseModel):
-    address: Optional[str] = None
-
-    asn: Optional[int] = None
-
-    aso: Optional[str] = None
-
-    location: Optional[GatewayIPV4Location] = None
-
-    netmask: Optional[str] = None
-
-    version: Optional[str] = None
-
-
-class GatewayIPV6Location(BaseModel):
-    city: Optional[str] = None
-
-    country_iso: Optional[str] = None
-
-    state_iso: Optional[str] = None
-
-    zip: Optional[str] = None
-
-
-class GatewayIPV6(BaseModel):
-    address: Optional[str] = None
-
-    asn: Optional[int] = None
-
-    aso: Optional[str] = None
-
-    location: Optional[GatewayIPV6Location] = None
-
-    netmask: Optional[str] = None
-
-    version: Optional[str] = None
-
-
-class ISPIPV4Location(BaseModel):
-    city: Optional[str] = None
-
-    country_iso: Optional[str] = None
-
-    state_iso: Optional[str] = None
-
-    zip: Optional[str] = None
-
-
-class ISPIPV4(BaseModel):
-    address: Optional[str] = None
-
-    asn: Optional[int] = None
-
-    aso: Optional[str] = None
-
-    location: Optional[ISPIPV4Location] = None
-
-    netmask: Optional[str] = None
-
-    version: Optional[str] = None
-
-
-class ISPIPV6Location(BaseModel):
-    city: Optional[str] = None
-
-    country_iso: Optional[str] = None
-
-    state_iso: Optional[str] = None
-
-    zip: Optional[str] = None
-
-
-class ISPIPV6(BaseModel):
-    address: Optional[str] = None
-
-    asn: Optional[int] = None
-
-    aso: Optional[str] = None
-
-    location: Optional[ISPIPV6Location] = None
-
-    netmask: Optional[str] = None
-
-    version: Optional[str] = None
-
-
-class RamUsedPctByApp(BaseModel):
-    name: Optional[str] = None
-
-    ram_used_pct: Optional[float] = None
-
-
-class FleetStatusGetResponse(BaseModel):
-    colo: str
-    """Cloudflare colo"""
-
-    device_id: str = FieldInfo(alias="deviceId")
-    """Device identifier (UUID v4)"""
-
-    mode: str
-    """The mode under which the WARP client is run"""
-
-    platform: str
-    """Operating system"""
-
-    status: str
-    """Network status"""
-
-    timestamp: str
-    """Timestamp in ISO format"""
-
-    version: str
-    """WARP client version"""
-
-    always_on: Optional[bool] = FieldInfo(alias="alwaysOn", default=None)
-
-    battery_charging: Optional[bool] = FieldInfo(alias="batteryCharging", default=None)
-
-    battery_cycles: Optional[int] = FieldInfo(alias="batteryCycles", default=None)
-
-    battery_pct: Optional[float] = FieldInfo(alias="batteryPct", default=None)
-
-    connection_type: Optional[str] = FieldInfo(alias="connectionType", default=None)
-
-    cpu_pct: Optional[float] = FieldInfo(alias="cpuPct", default=None)
-
-    cpu_pct_by_app: Optional[List[List[CPUPctByApp]]] = FieldInfo(alias="cpuPctByApp", default=None)
-
-    device_ipv4: Optional[DeviceIPV4] = FieldInfo(alias="deviceIpv4", default=None)
-
-    device_ipv6: Optional[DeviceIPV6] = FieldInfo(alias="deviceIpv6", default=None)
-
-    device_name: Optional[str] = FieldInfo(alias="deviceName", default=None)
-    """Device identifier (human readable)"""
-
-    disk_read_bps: Optional[int] = FieldInfo(alias="diskReadBps", default=None)
-
-    disk_usage_pct: Optional[float] = FieldInfo(alias="diskUsagePct", default=None)
-
-    disk_write_bps: Optional[int] = FieldInfo(alias="diskWriteBps", default=None)
-
-    doh_subdomain: Optional[str] = FieldInfo(alias="dohSubdomain", default=None)
-
-    estimated_loss_pct: Optional[float] = FieldInfo(alias="estimatedLossPct", default=None)
-
-    firewall_enabled: Optional[bool] = FieldInfo(alias="firewallEnabled", default=None)
-
-    gateway_ipv4: Optional[GatewayIPV4] = FieldInfo(alias="gatewayIpv4", default=None)
-
-    gateway_ipv6: Optional[GatewayIPV6] = FieldInfo(alias="gatewayIpv6", default=None)
-
-    handshake_latency_ms: Optional[float] = FieldInfo(alias="handshakeLatencyMs", default=None)
-
-    isp_ipv4: Optional[ISPIPV4] = FieldInfo(alias="ispIpv4", default=None)
-
-    isp_ipv6: Optional[ISPIPV6] = FieldInfo(alias="ispIpv6", default=None)
-
-    metal: Optional[str] = None
-
-    network_rcvd_bps: Optional[int] = FieldInfo(alias="networkRcvdBps", default=None)
-
-    network_sent_bps: Optional[int] = FieldInfo(alias="networkSentBps", default=None)
-
-    network_ssid: Optional[str] = FieldInfo(alias="networkSsid", default=None)
-
-    person_email: Optional[str] = FieldInfo(alias="personEmail", default=None)
-    """User contact email address"""
-
-    ram_available_kb: Optional[int] = FieldInfo(alias="ramAvailableKb", default=None)
-
-    ram_used_pct: Optional[float] = FieldInfo(alias="ramUsedPct", default=None)
-
-    ram_used_pct_by_app: Optional[List[List[RamUsedPctByApp]]] = FieldInfo(alias="ramUsedPctByApp", default=None)
-
-    switch_locked: Optional[bool] = FieldInfo(alias="switchLocked", default=None)
-
-    wifi_strength_dbm: Optional[int] = FieldInfo(alias="wifiStrengthDbm", default=None)
diff --git a/src/cloudflare/types/zero_trust/dex/__init__.py b/src/cloudflare/types/zero_trust/dex/__init__.py
index cd977b0b14c..d891e1d3a9d 100644
--- a/src/cloudflare/types/zero_trust/dex/__init__.py
+++ b/src/cloudflare/types/zero_trust/dex/__init__.py
@@ -8,12 +8,8 @@
 from .http_details import HTTPDetails as HTTPDetails
 from .colo_list_params import ColoListParams as ColoListParams
 from .test_list_params import TestListParams as TestListParams
-from .command_list_params import CommandListParams as CommandListParams
 from .http_test_get_params import HTTPTestGetParams as HTTPTestGetParams
 from .aggregate_time_period import AggregateTimePeriod as AggregateTimePeriod
-from .command_create_params import CommandCreateParams as CommandCreateParams
-from .command_list_response import CommandListResponse as CommandListResponse
-from .command_create_response import CommandCreateResponse as CommandCreateResponse
 from .fleet_status_live_params import FleetStatusLiveParams as FleetStatusLiveParams
 from .fleet_status_live_response import FleetStatusLiveResponse as FleetStatusLiveResponse
 from .traceroute_test_get_params import TracerouteTestGetParams as TracerouteTestGetParams
diff --git a/src/cloudflare/types/zero_trust/dex/command_create_params.py b/src/cloudflare/types/zero_trust/dex/command_create_params.py
deleted file mode 100644
index cbab76ab1c1..00000000000
--- a/src/cloudflare/types/zero_trust/dex/command_create_params.py
+++ /dev/null
@@ -1,57 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from __future__ import annotations
-
-from typing import List, Iterable
-from typing_extensions import Literal, Required, Annotated, TypedDict
-
-from ...._utils import PropertyInfo
-
-__all__ = ["CommandCreateParams", "Command", "CommandCommandArgs"]
-
-
-class CommandCreateParams(TypedDict, total=False):
-    account_id: Required[str]
-
-    commands: Required[Iterable[Command]]
-    """List of device-level commands to execute"""
-
-
-class CommandCommandArgs(TypedDict, total=False):
-    interfaces: List[Literal["default", "tunnel"]]
-    """List of interfaces to capture packets on"""
-
-    max_file_size_mb: Annotated[float, PropertyInfo(alias="max-file-size-mb")]
-    """Maximum file size (in MB) for the capture file.
-
-    Specifies the maximum file size of the warp-diag zip artifact that can be
-    uploaded. If the zip artifact exceeds the specified max file size, it will NOT
-    be uploaded
-    """
-
-    packet_size_bytes: Annotated[float, PropertyInfo(alias="packet-size-bytes")]
-    """Maximum number of bytes to save for each packet"""
-
-    test_all_routes: Annotated[bool, PropertyInfo(alias="test-all-routes")]
-    """Test an IP address from all included or excluded ranges.
-
-    Tests an IP address from all included or excluded ranges. Essentially the same
-    as running 'route get <ip>'' and collecting the results. This option may
-    increase the time taken to collect the warp-diag
-    """
-
-    time_limit_min: Annotated[float, PropertyInfo(alias="time-limit-min")]
-    """Limit on capture duration (in minutes)"""
-
-
-class Command(TypedDict, total=False):
-    command_type: Required[Literal["pcap", "warp-diag"]]
-    """Type of command to execute on the device"""
-
-    device_id: Required[str]
-    """Unique identifier for the device"""
-
-    user_email: Required[str]
-    """Email tied to the device"""
-
-    command_args: CommandCommandArgs
diff --git a/src/cloudflare/types/zero_trust/dex/command_create_response.py b/src/cloudflare/types/zero_trust/dex/command_create_response.py
deleted file mode 100644
index e3a1e432678..00000000000
--- a/src/cloudflare/types/zero_trust/dex/command_create_response.py
+++ /dev/null
@@ -1,30 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from typing import Dict, List, Optional
-from typing_extensions import Literal
-
-from ...._models import BaseModel
-
-__all__ = ["CommandCreateResponse", "Command"]
-
-
-class Command(BaseModel):
-    id: Optional[str] = None
-    """Unique identifier for the command"""
-
-    args: Optional[Dict[str, str]] = None
-    """Command arguments"""
-
-    device_id: Optional[str] = None
-    """Identifier for the device associated with the command"""
-
-    status: Optional[Literal["PENDING_EXEC", "PENDING_UPLOAD", "SUCCESS", "FAILED"]] = None
-    """Current status of the command"""
-
-    type: Optional[str] = None
-    """Type of the command (e.g., "pcap" or "warp-diag")"""
-
-
-class CommandCreateResponse(BaseModel):
-    commands: Optional[List[Command]] = None
-    """List of created commands"""
diff --git a/src/cloudflare/types/zero_trust/dex/command_list_params.py b/src/cloudflare/types/zero_trust/dex/command_list_params.py
deleted file mode 100644
index cbe58116f27..00000000000
--- a/src/cloudflare/types/zero_trust/dex/command_list_params.py
+++ /dev/null
@@ -1,39 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from __future__ import annotations
-
-from typing import Union
-from datetime import datetime
-from typing_extensions import Literal, Required, Annotated, TypedDict
-
-from ...._utils import PropertyInfo
-
-__all__ = ["CommandListParams"]
-
-
-class CommandListParams(TypedDict, total=False):
-    account_id: Required[str]
-
-    page: Required[float]
-    """Page number for pagination"""
-
-    per_page: Required[float]
-    """Number of results per page"""
-
-    command_type: str
-    """Optionally filter executed commands by command type"""
-
-    device_id: str
-    """Unique identifier for a device"""
-
-    from_: Annotated[Union[str, datetime], PropertyInfo(alias="from", format="iso8601")]
-    """Start time for the query in ISO (RFC3339 - ISO 8601) format"""
-
-    status: Literal["PENDING_EXEC", "PENDING_UPLOAD", "SUCCESS", "FAILED"]
-    """Optionally filter executed commands by status"""
-
-    to: Annotated[Union[str, datetime], PropertyInfo(format="iso8601")]
-    """End time for the query in ISO (RFC3339 - ISO 8601) format"""
-
-    user_email: str
-    """Email tied to the device"""
diff --git a/src/cloudflare/types/zero_trust/dex/command_list_response.py b/src/cloudflare/types/zero_trust/dex/command_list_response.py
deleted file mode 100644
index 601cef906ce..00000000000
--- a/src/cloudflare/types/zero_trust/dex/command_list_response.py
+++ /dev/null
@@ -1,30 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from typing import List, Optional
-from datetime import datetime
-
-from ...._models import BaseModel
-
-__all__ = ["CommandListResponse", "Command"]
-
-
-class Command(BaseModel):
-    id: Optional[str] = None
-
-    completed_date: Optional[datetime] = None
-
-    created_date: Optional[datetime] = None
-
-    device_id: Optional[str] = None
-
-    filename: Optional[str] = None
-
-    status: Optional[str] = None
-
-    type: Optional[str] = None
-
-    user_email: Optional[str] = None
-
-
-class CommandListResponse(BaseModel):
-    commands: Optional[List[Command]] = None
diff --git a/src/cloudflare/types/zero_trust/dex/commands/__init__.py b/src/cloudflare/types/zero_trust/dex/commands/__init__.py
index 83304891f5e..f8ee8b14b1c 100644
--- a/src/cloudflare/types/zero_trust/dex/commands/__init__.py
+++ b/src/cloudflare/types/zero_trust/dex/commands/__init__.py
@@ -1,5 +1,3 @@
 # File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
 
 from __future__ import annotations
-
-from .quota_get_response import QuotaGetResponse as QuotaGetResponse
diff --git a/src/cloudflare/types/zero_trust/dex/commands/quota_get_response.py b/src/cloudflare/types/zero_trust/dex/commands/quota_get_response.py
deleted file mode 100644
index df1cc7d0596..00000000000
--- a/src/cloudflare/types/zero_trust/dex/commands/quota_get_response.py
+++ /dev/null
@@ -1,18 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from datetime import datetime
-
-from ....._models import BaseModel
-
-__all__ = ["QuotaGetResponse"]
-
-
-class QuotaGetResponse(BaseModel):
-    quota: float
-    """The remaining number of commands that can be initiated for an account"""
-
-    quota_usage: float
-    """The number of commands that have been initiated for an account"""
-
-    reset_time: datetime
-    """The time when the quota resets"""
diff --git a/src/cloudflare/types/zero_trust/gateway/list_update_params.py b/src/cloudflare/types/zero_trust/gateway/list_update_params.py
index 0177452d00e..d02a3f2a256 100644
--- a/src/cloudflare/types/zero_trust/gateway/list_update_params.py
+++ b/src/cloudflare/types/zero_trust/gateway/list_update_params.py
@@ -2,8 +2,11 @@
 
 from __future__ import annotations
 
+from typing import Iterable
 from typing_extensions import Required, TypedDict
 
+from .gateway_item_param import GatewayItemParam
+
 __all__ = ["ListUpdateParams"]
 
 
@@ -15,3 +18,6 @@ class ListUpdateParams(TypedDict, total=False):
 
     description: str
     """The description of the list."""
+
+    items: Iterable[GatewayItemParam]
+    """The items in the list."""
diff --git a/tests/api_resources/accounts/test_tokens.py b/tests/api_resources/accounts/test_tokens.py
index 85ce7872b40..8aabf18fb93 100644
--- a/tests/api_resources/accounts/test_tokens.py
+++ b/tests/api_resources/accounts/test_tokens.py
@@ -34,7 +34,10 @@ def test_method_create(self, client: Cloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
         )
@@ -64,8 +67,8 @@ def test_method_create_with_all_params(self, client: Cloudflare) -> None:
                         },
                     ],
                     "resources": {
-                        "resource": "resource",
-                        "scope": "scope",
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
                     },
                 }
             ],
@@ -90,7 +93,10 @@ def test_raw_response_create(self, client: Cloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
         )
@@ -110,7 +116,10 @@ def test_streaming_response_create(self, client: Cloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
         ) as response:
@@ -133,7 +142,10 @@ def test_path_params_create(self, client: Cloudflare) -> None:
                     {
                         "effect": "allow",
                         "permission_groups": [{}, {}],
-                        "resources": {},
+                        "resources": {
+                            "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                            "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                        },
                     }
                 ],
             )
@@ -149,7 +161,10 @@ def test_method_update(self, client: Cloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
             status="active",
@@ -181,8 +196,8 @@ def test_method_update_with_all_params(self, client: Cloudflare) -> None:
                         },
                     ],
                     "resources": {
-                        "resource": "resource",
-                        "scope": "scope",
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
                     },
                 }
             ],
@@ -209,7 +224,10 @@ def test_raw_response_update(self, client: Cloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
             status="active",
@@ -231,7 +249,10 @@ def test_streaming_response_update(self, client: Cloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
             status="active",
@@ -256,7 +277,10 @@ def test_path_params_update(self, client: Cloudflare) -> None:
                     {
                         "effect": "allow",
                         "permission_groups": [{}, {}],
-                        "resources": {},
+                        "resources": {
+                            "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                            "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                        },
                     }
                 ],
                 status="active",
@@ -271,7 +295,10 @@ def test_path_params_update(self, client: Cloudflare) -> None:
                     {
                         "effect": "allow",
                         "permission_groups": [{}, {}],
-                        "resources": {},
+                        "resources": {
+                            "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                            "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                        },
                     }
                 ],
                 status="active",
@@ -490,7 +517,10 @@ async def test_method_create(self, async_client: AsyncCloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
         )
@@ -520,8 +550,8 @@ async def test_method_create_with_all_params(self, async_client: AsyncCloudflare
                         },
                     ],
                     "resources": {
-                        "resource": "resource",
-                        "scope": "scope",
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
                     },
                 }
             ],
@@ -546,7 +576,10 @@ async def test_raw_response_create(self, async_client: AsyncCloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
         )
@@ -566,7 +599,10 @@ async def test_streaming_response_create(self, async_client: AsyncCloudflare) ->
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
         ) as response:
@@ -589,7 +625,10 @@ async def test_path_params_create(self, async_client: AsyncCloudflare) -> None:
                     {
                         "effect": "allow",
                         "permission_groups": [{}, {}],
-                        "resources": {},
+                        "resources": {
+                            "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                            "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                        },
                     }
                 ],
             )
@@ -605,7 +644,10 @@ async def test_method_update(self, async_client: AsyncCloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
             status="active",
@@ -637,8 +679,8 @@ async def test_method_update_with_all_params(self, async_client: AsyncCloudflare
                         },
                     ],
                     "resources": {
-                        "resource": "resource",
-                        "scope": "scope",
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
                     },
                 }
             ],
@@ -665,7 +707,10 @@ async def test_raw_response_update(self, async_client: AsyncCloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
             status="active",
@@ -687,7 +732,10 @@ async def test_streaming_response_update(self, async_client: AsyncCloudflare) ->
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
             status="active",
@@ -712,7 +760,10 @@ async def test_path_params_update(self, async_client: AsyncCloudflare) -> None:
                     {
                         "effect": "allow",
                         "permission_groups": [{}, {}],
-                        "resources": {},
+                        "resources": {
+                            "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                            "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                        },
                     }
                 ],
                 status="active",
@@ -727,7 +778,10 @@ async def test_path_params_update(self, async_client: AsyncCloudflare) -> None:
                     {
                         "effect": "allow",
                         "permission_groups": [{}, {}],
-                        "resources": {},
+                        "resources": {
+                            "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                            "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                        },
                     }
                 ],
                 status="active",
diff --git a/tests/api_resources/user/test_tokens.py b/tests/api_resources/user/test_tokens.py
index 46231cc756f..627cab2e845 100644
--- a/tests/api_resources/user/test_tokens.py
+++ b/tests/api_resources/user/test_tokens.py
@@ -33,7 +33,10 @@ def test_method_create(self, client: Cloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
         )
@@ -62,8 +65,8 @@ def test_method_create_with_all_params(self, client: Cloudflare) -> None:
                         },
                     ],
                     "resources": {
-                        "resource": "resource",
-                        "scope": "scope",
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
                     },
                 }
             ],
@@ -87,7 +90,10 @@ def test_raw_response_create(self, client: Cloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
         )
@@ -106,7 +112,10 @@ def test_streaming_response_create(self, client: Cloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
         ) as response:
@@ -128,7 +137,10 @@ def test_method_update(self, client: Cloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
             status="active",
@@ -159,8 +171,8 @@ def test_method_update_with_all_params(self, client: Cloudflare) -> None:
                         },
                     ],
                     "resources": {
-                        "resource": "resource",
-                        "scope": "scope",
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
                     },
                 }
             ],
@@ -186,7 +198,10 @@ def test_raw_response_update(self, client: Cloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
             status="active",
@@ -207,7 +222,10 @@ def test_streaming_response_update(self, client: Cloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
             status="active",
@@ -231,7 +249,10 @@ def test_path_params_update(self, client: Cloudflare) -> None:
                     {
                         "effect": "allow",
                         "permission_groups": [{}, {}],
-                        "resources": {},
+                        "resources": {
+                            "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                            "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                        },
                     }
                 ],
                 status="active",
@@ -400,7 +421,10 @@ async def test_method_create(self, async_client: AsyncCloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
         )
@@ -429,8 +453,8 @@ async def test_method_create_with_all_params(self, async_client: AsyncCloudflare
                         },
                     ],
                     "resources": {
-                        "resource": "resource",
-                        "scope": "scope",
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
                     },
                 }
             ],
@@ -454,7 +478,10 @@ async def test_raw_response_create(self, async_client: AsyncCloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
         )
@@ -473,7 +500,10 @@ async def test_streaming_response_create(self, async_client: AsyncCloudflare) ->
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
         ) as response:
@@ -495,7 +525,10 @@ async def test_method_update(self, async_client: AsyncCloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
             status="active",
@@ -526,8 +559,8 @@ async def test_method_update_with_all_params(self, async_client: AsyncCloudflare
                         },
                     ],
                     "resources": {
-                        "resource": "resource",
-                        "scope": "scope",
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
                     },
                 }
             ],
@@ -553,7 +586,10 @@ async def test_raw_response_update(self, async_client: AsyncCloudflare) -> None:
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
             status="active",
@@ -574,7 +610,10 @@ async def test_streaming_response_update(self, async_client: AsyncCloudflare) ->
                 {
                     "effect": "allow",
                     "permission_groups": [{}, {}],
-                    "resources": {},
+                    "resources": {
+                        "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                        "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                    },
                 }
             ],
             status="active",
@@ -598,7 +637,10 @@ async def test_path_params_update(self, async_client: AsyncCloudflare) -> None:
                     {
                         "effect": "allow",
                         "permission_groups": [{}, {}],
-                        "resources": {},
+                        "resources": {
+                            "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*",
+                            "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                        },
                     }
                 ],
                 status="active",
diff --git a/tests/api_resources/zero_trust/devices/test_fleet_status.py b/tests/api_resources/zero_trust/devices/test_fleet_status.py
deleted file mode 100644
index 308864477e0..00000000000
--- a/tests/api_resources/zero_trust/devices/test_fleet_status.py
+++ /dev/null
@@ -1,150 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from __future__ import annotations
-
-import os
-from typing import Any, cast
-
-import pytest
-
-from cloudflare import Cloudflare, AsyncCloudflare
-from tests.utils import assert_matches_type
-from cloudflare.types.zero_trust.devices import FleetStatusGetResponse
-
-base_url = os.environ.get("TEST_API_BASE_URL", "http://127.0.0.1:4010")
-
-
-class TestFleetStatus:
-    parametrize = pytest.mark.parametrize("client", [False, True], indirect=True, ids=["loose", "strict"])
-
-    @parametrize
-    def test_method_get(self, client: Cloudflare) -> None:
-        fleet_status = client.zero_trust.devices.fleet_status.get(
-            device_id="cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            since_minutes=10,
-        )
-        assert_matches_type(FleetStatusGetResponse, fleet_status, path=["response"])
-
-    @parametrize
-    def test_method_get_with_all_params(self, client: Cloudflare) -> None:
-        fleet_status = client.zero_trust.devices.fleet_status.get(
-            device_id="cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            since_minutes=10,
-            colo="SJC",
-            time_now="2023-10-11T00:00:00Z",
-        )
-        assert_matches_type(FleetStatusGetResponse, fleet_status, path=["response"])
-
-    @parametrize
-    def test_raw_response_get(self, client: Cloudflare) -> None:
-        response = client.zero_trust.devices.fleet_status.with_raw_response.get(
-            device_id="cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            since_minutes=10,
-        )
-
-        assert response.is_closed is True
-        assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-        fleet_status = response.parse()
-        assert_matches_type(FleetStatusGetResponse, fleet_status, path=["response"])
-
-    @parametrize
-    def test_streaming_response_get(self, client: Cloudflare) -> None:
-        with client.zero_trust.devices.fleet_status.with_streaming_response.get(
-            device_id="cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            since_minutes=10,
-        ) as response:
-            assert not response.is_closed
-            assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-
-            fleet_status = response.parse()
-            assert_matches_type(FleetStatusGetResponse, fleet_status, path=["response"])
-
-        assert cast(Any, response.is_closed) is True
-
-    @parametrize
-    def test_path_params_get(self, client: Cloudflare) -> None:
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `account_id` but received ''"):
-            client.zero_trust.devices.fleet_status.with_raw_response.get(
-                device_id="cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7",
-                account_id="",
-                since_minutes=10,
-            )
-
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `device_id` but received ''"):
-            client.zero_trust.devices.fleet_status.with_raw_response.get(
-                device_id="",
-                account_id="01a7362d577a6c3019a474fd6f485823",
-                since_minutes=10,
-            )
-
-
-class TestAsyncFleetStatus:
-    parametrize = pytest.mark.parametrize("async_client", [False, True], indirect=True, ids=["loose", "strict"])
-
-    @parametrize
-    async def test_method_get(self, async_client: AsyncCloudflare) -> None:
-        fleet_status = await async_client.zero_trust.devices.fleet_status.get(
-            device_id="cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            since_minutes=10,
-        )
-        assert_matches_type(FleetStatusGetResponse, fleet_status, path=["response"])
-
-    @parametrize
-    async def test_method_get_with_all_params(self, async_client: AsyncCloudflare) -> None:
-        fleet_status = await async_client.zero_trust.devices.fleet_status.get(
-            device_id="cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            since_minutes=10,
-            colo="SJC",
-            time_now="2023-10-11T00:00:00Z",
-        )
-        assert_matches_type(FleetStatusGetResponse, fleet_status, path=["response"])
-
-    @parametrize
-    async def test_raw_response_get(self, async_client: AsyncCloudflare) -> None:
-        response = await async_client.zero_trust.devices.fleet_status.with_raw_response.get(
-            device_id="cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            since_minutes=10,
-        )
-
-        assert response.is_closed is True
-        assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-        fleet_status = await response.parse()
-        assert_matches_type(FleetStatusGetResponse, fleet_status, path=["response"])
-
-    @parametrize
-    async def test_streaming_response_get(self, async_client: AsyncCloudflare) -> None:
-        async with async_client.zero_trust.devices.fleet_status.with_streaming_response.get(
-            device_id="cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            since_minutes=10,
-        ) as response:
-            assert not response.is_closed
-            assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-
-            fleet_status = await response.parse()
-            assert_matches_type(FleetStatusGetResponse, fleet_status, path=["response"])
-
-        assert cast(Any, response.is_closed) is True
-
-    @parametrize
-    async def test_path_params_get(self, async_client: AsyncCloudflare) -> None:
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `account_id` but received ''"):
-            await async_client.zero_trust.devices.fleet_status.with_raw_response.get(
-                device_id="cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7",
-                account_id="",
-                since_minutes=10,
-            )
-
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `device_id` but received ''"):
-            await async_client.zero_trust.devices.fleet_status.with_raw_response.get(
-                device_id="",
-                account_id="01a7362d577a6c3019a474fd6f485823",
-                since_minutes=10,
-            )
diff --git a/tests/api_resources/zero_trust/dex/commands/__init__.py b/tests/api_resources/zero_trust/dex/commands/__init__.py
deleted file mode 100644
index fd8019a9a1a..00000000000
--- a/tests/api_resources/zero_trust/dex/commands/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
diff --git a/tests/api_resources/zero_trust/dex/commands/test_downloads.py b/tests/api_resources/zero_trust/dex/commands/test_downloads.py
deleted file mode 100644
index b2a9133f988..00000000000
--- a/tests/api_resources/zero_trust/dex/commands/test_downloads.py
+++ /dev/null
@@ -1,184 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from __future__ import annotations
-
-import os
-from typing import Any, cast
-
-import httpx
-import pytest
-from respx import MockRouter
-
-from cloudflare import Cloudflare, AsyncCloudflare
-from cloudflare._response import (
-    BinaryAPIResponse,
-    AsyncBinaryAPIResponse,
-    StreamedBinaryAPIResponse,
-    AsyncStreamedBinaryAPIResponse,
-)
-
-base_url = os.environ.get("TEST_API_BASE_URL", "http://127.0.0.1:4010")
-
-
-class TestDownloads:
-    parametrize = pytest.mark.parametrize("client", [False, True], indirect=True, ids=["loose", "strict"])
-
-    @parametrize
-    @pytest.mark.respx(base_url=base_url)
-    def test_method_get(self, client: Cloudflare, respx_mock: MockRouter) -> None:
-        respx_mock.get(
-            "/accounts/01a7362d577a6c3019a474fd6f485823/commands/5758fefe-ae7e-4538-a39b-1fef6abcb909/downloads/filename"
-        ).mock(return_value=httpx.Response(200, json={"foo": "bar"}))
-        download = client.zero_trust.dex.commands.downloads.get(
-            filename="filename",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            command_id="5758fefe-ae7e-4538-a39b-1fef6abcb909",
-        )
-        assert download.is_closed
-        assert download.json() == {"foo": "bar"}
-        assert cast(Any, download.is_closed) is True
-        assert isinstance(download, BinaryAPIResponse)
-
-    @parametrize
-    @pytest.mark.respx(base_url=base_url)
-    def test_raw_response_get(self, client: Cloudflare, respx_mock: MockRouter) -> None:
-        respx_mock.get(
-            "/accounts/01a7362d577a6c3019a474fd6f485823/commands/5758fefe-ae7e-4538-a39b-1fef6abcb909/downloads/filename"
-        ).mock(return_value=httpx.Response(200, json={"foo": "bar"}))
-
-        download = client.zero_trust.dex.commands.downloads.with_raw_response.get(
-            filename="filename",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            command_id="5758fefe-ae7e-4538-a39b-1fef6abcb909",
-        )
-
-        assert download.is_closed is True
-        assert download.http_request.headers.get("X-Stainless-Lang") == "python"
-        assert download.json() == {"foo": "bar"}
-        assert isinstance(download, BinaryAPIResponse)
-
-    @parametrize
-    @pytest.mark.respx(base_url=base_url)
-    def test_streaming_response_get(self, client: Cloudflare, respx_mock: MockRouter) -> None:
-        respx_mock.get(
-            "/accounts/01a7362d577a6c3019a474fd6f485823/commands/5758fefe-ae7e-4538-a39b-1fef6abcb909/downloads/filename"
-        ).mock(return_value=httpx.Response(200, json={"foo": "bar"}))
-        with client.zero_trust.dex.commands.downloads.with_streaming_response.get(
-            filename="filename",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            command_id="5758fefe-ae7e-4538-a39b-1fef6abcb909",
-        ) as download:
-            assert not download.is_closed
-            assert download.http_request.headers.get("X-Stainless-Lang") == "python"
-
-            assert download.json() == {"foo": "bar"}
-            assert cast(Any, download.is_closed) is True
-            assert isinstance(download, StreamedBinaryAPIResponse)
-
-        assert cast(Any, download.is_closed) is True
-
-    @parametrize
-    @pytest.mark.respx(base_url=base_url)
-    def test_path_params_get(self, client: Cloudflare) -> None:
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `account_id` but received ''"):
-            client.zero_trust.dex.commands.downloads.with_raw_response.get(
-                filename="filename",
-                account_id="",
-                command_id="5758fefe-ae7e-4538-a39b-1fef6abcb909",
-            )
-
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `command_id` but received ''"):
-            client.zero_trust.dex.commands.downloads.with_raw_response.get(
-                filename="filename",
-                account_id="01a7362d577a6c3019a474fd6f485823",
-                command_id="",
-            )
-
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `filename` but received ''"):
-            client.zero_trust.dex.commands.downloads.with_raw_response.get(
-                filename="",
-                account_id="01a7362d577a6c3019a474fd6f485823",
-                command_id="5758fefe-ae7e-4538-a39b-1fef6abcb909",
-            )
-
-
-class TestAsyncDownloads:
-    parametrize = pytest.mark.parametrize("async_client", [False, True], indirect=True, ids=["loose", "strict"])
-
-    @parametrize
-    @pytest.mark.respx(base_url=base_url)
-    async def test_method_get(self, async_client: AsyncCloudflare, respx_mock: MockRouter) -> None:
-        respx_mock.get(
-            "/accounts/01a7362d577a6c3019a474fd6f485823/commands/5758fefe-ae7e-4538-a39b-1fef6abcb909/downloads/filename"
-        ).mock(return_value=httpx.Response(200, json={"foo": "bar"}))
-        download = await async_client.zero_trust.dex.commands.downloads.get(
-            filename="filename",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            command_id="5758fefe-ae7e-4538-a39b-1fef6abcb909",
-        )
-        assert download.is_closed
-        assert await download.json() == {"foo": "bar"}
-        assert cast(Any, download.is_closed) is True
-        assert isinstance(download, AsyncBinaryAPIResponse)
-
-    @parametrize
-    @pytest.mark.respx(base_url=base_url)
-    async def test_raw_response_get(self, async_client: AsyncCloudflare, respx_mock: MockRouter) -> None:
-        respx_mock.get(
-            "/accounts/01a7362d577a6c3019a474fd6f485823/commands/5758fefe-ae7e-4538-a39b-1fef6abcb909/downloads/filename"
-        ).mock(return_value=httpx.Response(200, json={"foo": "bar"}))
-
-        download = await async_client.zero_trust.dex.commands.downloads.with_raw_response.get(
-            filename="filename",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            command_id="5758fefe-ae7e-4538-a39b-1fef6abcb909",
-        )
-
-        assert download.is_closed is True
-        assert download.http_request.headers.get("X-Stainless-Lang") == "python"
-        assert await download.json() == {"foo": "bar"}
-        assert isinstance(download, AsyncBinaryAPIResponse)
-
-    @parametrize
-    @pytest.mark.respx(base_url=base_url)
-    async def test_streaming_response_get(self, async_client: AsyncCloudflare, respx_mock: MockRouter) -> None:
-        respx_mock.get(
-            "/accounts/01a7362d577a6c3019a474fd6f485823/commands/5758fefe-ae7e-4538-a39b-1fef6abcb909/downloads/filename"
-        ).mock(return_value=httpx.Response(200, json={"foo": "bar"}))
-        async with async_client.zero_trust.dex.commands.downloads.with_streaming_response.get(
-            filename="filename",
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            command_id="5758fefe-ae7e-4538-a39b-1fef6abcb909",
-        ) as download:
-            assert not download.is_closed
-            assert download.http_request.headers.get("X-Stainless-Lang") == "python"
-
-            assert await download.json() == {"foo": "bar"}
-            assert cast(Any, download.is_closed) is True
-            assert isinstance(download, AsyncStreamedBinaryAPIResponse)
-
-        assert cast(Any, download.is_closed) is True
-
-    @parametrize
-    @pytest.mark.respx(base_url=base_url)
-    async def test_path_params_get(self, async_client: AsyncCloudflare) -> None:
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `account_id` but received ''"):
-            await async_client.zero_trust.dex.commands.downloads.with_raw_response.get(
-                filename="filename",
-                account_id="",
-                command_id="5758fefe-ae7e-4538-a39b-1fef6abcb909",
-            )
-
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `command_id` but received ''"):
-            await async_client.zero_trust.dex.commands.downloads.with_raw_response.get(
-                filename="filename",
-                account_id="01a7362d577a6c3019a474fd6f485823",
-                command_id="",
-            )
-
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `filename` but received ''"):
-            await async_client.zero_trust.dex.commands.downloads.with_raw_response.get(
-                filename="",
-                account_id="01a7362d577a6c3019a474fd6f485823",
-                command_id="5758fefe-ae7e-4538-a39b-1fef6abcb909",
-            )
diff --git a/tests/api_resources/zero_trust/dex/commands/test_quota.py b/tests/api_resources/zero_trust/dex/commands/test_quota.py
deleted file mode 100644
index 5291e9d3113..00000000000
--- a/tests/api_resources/zero_trust/dex/commands/test_quota.py
+++ /dev/null
@@ -1,98 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from __future__ import annotations
-
-import os
-from typing import Any, Optional, cast
-
-import pytest
-
-from cloudflare import Cloudflare, AsyncCloudflare
-from tests.utils import assert_matches_type
-from cloudflare.types.zero_trust.dex.commands import QuotaGetResponse
-
-base_url = os.environ.get("TEST_API_BASE_URL", "http://127.0.0.1:4010")
-
-
-class TestQuota:
-    parametrize = pytest.mark.parametrize("client", [False, True], indirect=True, ids=["loose", "strict"])
-
-    @parametrize
-    def test_method_get(self, client: Cloudflare) -> None:
-        quota = client.zero_trust.dex.commands.quota.get(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-        )
-        assert_matches_type(Optional[QuotaGetResponse], quota, path=["response"])
-
-    @parametrize
-    def test_raw_response_get(self, client: Cloudflare) -> None:
-        response = client.zero_trust.dex.commands.quota.with_raw_response.get(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-        )
-
-        assert response.is_closed is True
-        assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-        quota = response.parse()
-        assert_matches_type(Optional[QuotaGetResponse], quota, path=["response"])
-
-    @parametrize
-    def test_streaming_response_get(self, client: Cloudflare) -> None:
-        with client.zero_trust.dex.commands.quota.with_streaming_response.get(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-        ) as response:
-            assert not response.is_closed
-            assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-
-            quota = response.parse()
-            assert_matches_type(Optional[QuotaGetResponse], quota, path=["response"])
-
-        assert cast(Any, response.is_closed) is True
-
-    @parametrize
-    def test_path_params_get(self, client: Cloudflare) -> None:
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `account_id` but received ''"):
-            client.zero_trust.dex.commands.quota.with_raw_response.get(
-                account_id="",
-            )
-
-
-class TestAsyncQuota:
-    parametrize = pytest.mark.parametrize("async_client", [False, True], indirect=True, ids=["loose", "strict"])
-
-    @parametrize
-    async def test_method_get(self, async_client: AsyncCloudflare) -> None:
-        quota = await async_client.zero_trust.dex.commands.quota.get(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-        )
-        assert_matches_type(Optional[QuotaGetResponse], quota, path=["response"])
-
-    @parametrize
-    async def test_raw_response_get(self, async_client: AsyncCloudflare) -> None:
-        response = await async_client.zero_trust.dex.commands.quota.with_raw_response.get(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-        )
-
-        assert response.is_closed is True
-        assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-        quota = await response.parse()
-        assert_matches_type(Optional[QuotaGetResponse], quota, path=["response"])
-
-    @parametrize
-    async def test_streaming_response_get(self, async_client: AsyncCloudflare) -> None:
-        async with async_client.zero_trust.dex.commands.quota.with_streaming_response.get(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-        ) as response:
-            assert not response.is_closed
-            assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-
-            quota = await response.parse()
-            assert_matches_type(Optional[QuotaGetResponse], quota, path=["response"])
-
-        assert cast(Any, response.is_closed) is True
-
-    @parametrize
-    async def test_path_params_get(self, async_client: AsyncCloudflare) -> None:
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `account_id` but received ''"):
-            await async_client.zero_trust.dex.commands.quota.with_raw_response.get(
-                account_id="",
-            )
diff --git a/tests/api_resources/zero_trust/dex/test_commands.py b/tests/api_resources/zero_trust/dex/test_commands.py
deleted file mode 100644
index 9692c4fde6c..00000000000
--- a/tests/api_resources/zero_trust/dex/test_commands.py
+++ /dev/null
@@ -1,281 +0,0 @@
-# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-from __future__ import annotations
-
-import os
-from typing import Any, Optional, cast
-
-import pytest
-
-from cloudflare import Cloudflare, AsyncCloudflare
-from tests.utils import assert_matches_type
-from cloudflare._utils import parse_datetime
-from cloudflare.pagination import SyncV4PagePagination, AsyncV4PagePagination
-from cloudflare.types.zero_trust.dex import (
-    CommandListResponse,
-    CommandCreateResponse,
-)
-
-base_url = os.environ.get("TEST_API_BASE_URL", "http://127.0.0.1:4010")
-
-
-class TestCommands:
-    parametrize = pytest.mark.parametrize("client", [False, True], indirect=True, ids=["loose", "strict"])
-
-    @parametrize
-    def test_method_create(self, client: Cloudflare) -> None:
-        command = client.zero_trust.dex.commands.create(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            commands=[
-                {
-                    "command_type": "pcap",
-                    "device_id": "device_id",
-                    "user_email": "user_email",
-                }
-            ],
-        )
-        assert_matches_type(Optional[CommandCreateResponse], command, path=["response"])
-
-    @parametrize
-    def test_raw_response_create(self, client: Cloudflare) -> None:
-        response = client.zero_trust.dex.commands.with_raw_response.create(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            commands=[
-                {
-                    "command_type": "pcap",
-                    "device_id": "device_id",
-                    "user_email": "user_email",
-                }
-            ],
-        )
-
-        assert response.is_closed is True
-        assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-        command = response.parse()
-        assert_matches_type(Optional[CommandCreateResponse], command, path=["response"])
-
-    @parametrize
-    def test_streaming_response_create(self, client: Cloudflare) -> None:
-        with client.zero_trust.dex.commands.with_streaming_response.create(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            commands=[
-                {
-                    "command_type": "pcap",
-                    "device_id": "device_id",
-                    "user_email": "user_email",
-                }
-            ],
-        ) as response:
-            assert not response.is_closed
-            assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-
-            command = response.parse()
-            assert_matches_type(Optional[CommandCreateResponse], command, path=["response"])
-
-        assert cast(Any, response.is_closed) is True
-
-    @parametrize
-    def test_path_params_create(self, client: Cloudflare) -> None:
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `account_id` but received ''"):
-            client.zero_trust.dex.commands.with_raw_response.create(
-                account_id="",
-                commands=[
-                    {
-                        "command_type": "pcap",
-                        "device_id": "device_id",
-                        "user_email": "user_email",
-                    }
-                ],
-            )
-
-    @parametrize
-    def test_method_list(self, client: Cloudflare) -> None:
-        command = client.zero_trust.dex.commands.list(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            page=1,
-            per_page=50,
-        )
-        assert_matches_type(SyncV4PagePagination[Optional[CommandListResponse]], command, path=["response"])
-
-    @parametrize
-    def test_method_list_with_all_params(self, client: Cloudflare) -> None:
-        command = client.zero_trust.dex.commands.list(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            page=1,
-            per_page=50,
-            command_type="command_type",
-            device_id="device_id",
-            from_=parse_datetime("2023-08-20T20:45:00Z"),
-            status="PENDING_EXEC",
-            to=parse_datetime("2023-08-24T20:45:00Z"),
-            user_email="user_email",
-        )
-        assert_matches_type(SyncV4PagePagination[Optional[CommandListResponse]], command, path=["response"])
-
-    @parametrize
-    def test_raw_response_list(self, client: Cloudflare) -> None:
-        response = client.zero_trust.dex.commands.with_raw_response.list(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            page=1,
-            per_page=50,
-        )
-
-        assert response.is_closed is True
-        assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-        command = response.parse()
-        assert_matches_type(SyncV4PagePagination[Optional[CommandListResponse]], command, path=["response"])
-
-    @parametrize
-    def test_streaming_response_list(self, client: Cloudflare) -> None:
-        with client.zero_trust.dex.commands.with_streaming_response.list(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            page=1,
-            per_page=50,
-        ) as response:
-            assert not response.is_closed
-            assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-
-            command = response.parse()
-            assert_matches_type(SyncV4PagePagination[Optional[CommandListResponse]], command, path=["response"])
-
-        assert cast(Any, response.is_closed) is True
-
-    @parametrize
-    def test_path_params_list(self, client: Cloudflare) -> None:
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `account_id` but received ''"):
-            client.zero_trust.dex.commands.with_raw_response.list(
-                account_id="",
-                page=1,
-                per_page=50,
-            )
-
-
-class TestAsyncCommands:
-    parametrize = pytest.mark.parametrize("async_client", [False, True], indirect=True, ids=["loose", "strict"])
-
-    @parametrize
-    async def test_method_create(self, async_client: AsyncCloudflare) -> None:
-        command = await async_client.zero_trust.dex.commands.create(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            commands=[
-                {
-                    "command_type": "pcap",
-                    "device_id": "device_id",
-                    "user_email": "user_email",
-                }
-            ],
-        )
-        assert_matches_type(Optional[CommandCreateResponse], command, path=["response"])
-
-    @parametrize
-    async def test_raw_response_create(self, async_client: AsyncCloudflare) -> None:
-        response = await async_client.zero_trust.dex.commands.with_raw_response.create(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            commands=[
-                {
-                    "command_type": "pcap",
-                    "device_id": "device_id",
-                    "user_email": "user_email",
-                }
-            ],
-        )
-
-        assert response.is_closed is True
-        assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-        command = await response.parse()
-        assert_matches_type(Optional[CommandCreateResponse], command, path=["response"])
-
-    @parametrize
-    async def test_streaming_response_create(self, async_client: AsyncCloudflare) -> None:
-        async with async_client.zero_trust.dex.commands.with_streaming_response.create(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            commands=[
-                {
-                    "command_type": "pcap",
-                    "device_id": "device_id",
-                    "user_email": "user_email",
-                }
-            ],
-        ) as response:
-            assert not response.is_closed
-            assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-
-            command = await response.parse()
-            assert_matches_type(Optional[CommandCreateResponse], command, path=["response"])
-
-        assert cast(Any, response.is_closed) is True
-
-    @parametrize
-    async def test_path_params_create(self, async_client: AsyncCloudflare) -> None:
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `account_id` but received ''"):
-            await async_client.zero_trust.dex.commands.with_raw_response.create(
-                account_id="",
-                commands=[
-                    {
-                        "command_type": "pcap",
-                        "device_id": "device_id",
-                        "user_email": "user_email",
-                    }
-                ],
-            )
-
-    @parametrize
-    async def test_method_list(self, async_client: AsyncCloudflare) -> None:
-        command = await async_client.zero_trust.dex.commands.list(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            page=1,
-            per_page=50,
-        )
-        assert_matches_type(AsyncV4PagePagination[Optional[CommandListResponse]], command, path=["response"])
-
-    @parametrize
-    async def test_method_list_with_all_params(self, async_client: AsyncCloudflare) -> None:
-        command = await async_client.zero_trust.dex.commands.list(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            page=1,
-            per_page=50,
-            command_type="command_type",
-            device_id="device_id",
-            from_=parse_datetime("2023-08-20T20:45:00Z"),
-            status="PENDING_EXEC",
-            to=parse_datetime("2023-08-24T20:45:00Z"),
-            user_email="user_email",
-        )
-        assert_matches_type(AsyncV4PagePagination[Optional[CommandListResponse]], command, path=["response"])
-
-    @parametrize
-    async def test_raw_response_list(self, async_client: AsyncCloudflare) -> None:
-        response = await async_client.zero_trust.dex.commands.with_raw_response.list(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            page=1,
-            per_page=50,
-        )
-
-        assert response.is_closed is True
-        assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-        command = await response.parse()
-        assert_matches_type(AsyncV4PagePagination[Optional[CommandListResponse]], command, path=["response"])
-
-    @parametrize
-    async def test_streaming_response_list(self, async_client: AsyncCloudflare) -> None:
-        async with async_client.zero_trust.dex.commands.with_streaming_response.list(
-            account_id="01a7362d577a6c3019a474fd6f485823",
-            page=1,
-            per_page=50,
-        ) as response:
-            assert not response.is_closed
-            assert response.http_request.headers.get("X-Stainless-Lang") == "python"
-
-            command = await response.parse()
-            assert_matches_type(AsyncV4PagePagination[Optional[CommandListResponse]], command, path=["response"])
-
-        assert cast(Any, response.is_closed) is True
-
-    @parametrize
-    async def test_path_params_list(self, async_client: AsyncCloudflare) -> None:
-        with pytest.raises(ValueError, match=r"Expected a non-empty value for `account_id` but received ''"):
-            await async_client.zero_trust.dex.commands.with_raw_response.list(
-                account_id="",
-                page=1,
-                per_page=50,
-            )
diff --git a/tests/api_resources/zero_trust/gateway/test_lists.py b/tests/api_resources/zero_trust/gateway/test_lists.py
index 5448c53e5b9..4c81584d3e3 100644
--- a/tests/api_resources/zero_trust/gateway/test_lists.py
+++ b/tests/api_resources/zero_trust/gateway/test_lists.py
@@ -99,6 +99,12 @@ def test_method_update_with_all_params(self, client: Cloudflare) -> None:
             account_id="699d98642c564d2e855e9661899b7252",
             name="Admin Serial Numbers",
             description="The serial numbers for administrators",
+            items=[
+                {
+                    "description": "Austin office IP",
+                    "value": "8GE8721REF",
+                }
+            ],
         )
         assert_matches_type(Optional[GatewayList], list_, path=["response"])
 
@@ -433,6 +439,12 @@ async def test_method_update_with_all_params(self, async_client: AsyncCloudflare
             account_id="699d98642c564d2e855e9661899b7252",
             name="Admin Serial Numbers",
             description="The serial numbers for administrators",
+            items=[
+                {
+                    "description": "Austin office IP",
+                    "value": "8GE8721REF",
+                }
+            ],
         )
         assert_matches_type(Optional[GatewayList], list_, path=["response"])
 
diff --git a/tests/api_resources/zones/test_holds.py b/tests/api_resources/zones/test_holds.py
index c49066aee53..bc033b8fdc7 100644
--- a/tests/api_resources/zones/test_holds.py
+++ b/tests/api_resources/zones/test_holds.py
@@ -3,7 +3,7 @@
 from __future__ import annotations
 
 import os
-from typing import Any, Optional, cast
+from typing import Any, cast
 
 import pytest
 
@@ -68,7 +68,7 @@ def test_method_delete(self, client: Cloudflare) -> None:
         hold = client.zones.holds.delete(
             zone_id="023e105f4ecef8ad9ca31a8372d0c353",
         )
-        assert_matches_type(Optional[ZoneHold], hold, path=["response"])
+        assert_matches_type(ZoneHold, hold, path=["response"])
 
     @parametrize
     def test_method_delete_with_all_params(self, client: Cloudflare) -> None:
@@ -76,7 +76,7 @@ def test_method_delete_with_all_params(self, client: Cloudflare) -> None:
             zone_id="023e105f4ecef8ad9ca31a8372d0c353",
             hold_after="hold_after",
         )
-        assert_matches_type(Optional[ZoneHold], hold, path=["response"])
+        assert_matches_type(ZoneHold, hold, path=["response"])
 
     @parametrize
     def test_raw_response_delete(self, client: Cloudflare) -> None:
@@ -87,7 +87,7 @@ def test_raw_response_delete(self, client: Cloudflare) -> None:
         assert response.is_closed is True
         assert response.http_request.headers.get("X-Stainless-Lang") == "python"
         hold = response.parse()
-        assert_matches_type(Optional[ZoneHold], hold, path=["response"])
+        assert_matches_type(ZoneHold, hold, path=["response"])
 
     @parametrize
     def test_streaming_response_delete(self, client: Cloudflare) -> None:
@@ -98,7 +98,7 @@ def test_streaming_response_delete(self, client: Cloudflare) -> None:
             assert response.http_request.headers.get("X-Stainless-Lang") == "python"
 
             hold = response.parse()
-            assert_matches_type(Optional[ZoneHold], hold, path=["response"])
+            assert_matches_type(ZoneHold, hold, path=["response"])
 
         assert cast(Any, response.is_closed) is True
 
@@ -202,7 +202,7 @@ async def test_method_delete(self, async_client: AsyncCloudflare) -> None:
         hold = await async_client.zones.holds.delete(
             zone_id="023e105f4ecef8ad9ca31a8372d0c353",
         )
-        assert_matches_type(Optional[ZoneHold], hold, path=["response"])
+        assert_matches_type(ZoneHold, hold, path=["response"])
 
     @parametrize
     async def test_method_delete_with_all_params(self, async_client: AsyncCloudflare) -> None:
@@ -210,7 +210,7 @@ async def test_method_delete_with_all_params(self, async_client: AsyncCloudflare
             zone_id="023e105f4ecef8ad9ca31a8372d0c353",
             hold_after="hold_after",
         )
-        assert_matches_type(Optional[ZoneHold], hold, path=["response"])
+        assert_matches_type(ZoneHold, hold, path=["response"])
 
     @parametrize
     async def test_raw_response_delete(self, async_client: AsyncCloudflare) -> None:
@@ -221,7 +221,7 @@ async def test_raw_response_delete(self, async_client: AsyncCloudflare) -> None:
         assert response.is_closed is True
         assert response.http_request.headers.get("X-Stainless-Lang") == "python"
         hold = await response.parse()
-        assert_matches_type(Optional[ZoneHold], hold, path=["response"])
+        assert_matches_type(ZoneHold, hold, path=["response"])
 
     @parametrize
     async def test_streaming_response_delete(self, async_client: AsyncCloudflare) -> None:
@@ -232,7 +232,7 @@ async def test_streaming_response_delete(self, async_client: AsyncCloudflare) ->
             assert response.http_request.headers.get("X-Stainless-Lang") == "python"
 
             hold = await response.parse()
-            assert_matches_type(Optional[ZoneHold], hold, path=["response"])
+            assert_matches_type(ZoneHold, hold, path=["response"])
 
         assert cast(Any, response.is_closed) is True