Skip to main content

Changelog

Track changes to the Zyphr API, SDKs, and platform.


June 2026

2026-06-20

Zyphr Muse (New) — Starter / Pro / Scale / Enterprise

  • Released Zyphr Muse — AI-powered authoring baked into the dashboard, grounded in your project's real data. Subject suggestions, template drafting, block rewriting, full workflow generation from a sentence, and pre-send broadcast analysis.
  • Five surfaces, three model tiers: Subject suggestions (Haiku 4.5) · Template drafts + Block rewrites (Sonnet 4.6) · Workflow generation + Broadcast analysis (Opus 4.7). Per-call cost is shown in the dashboard for transparency, but customers pay for calls, not Bedrock dollars — we absorb the model cost.
  • Per-action monthly quotas sized for ~90% margin at full utilization. Starter: 200 subjects / 25 drafts / 50 rewrites / 5 workflows / 4 analyses. Pro: 1,000 / 150 / 300 / 25 / 30. Scale: 5,000 / 750 / 1,500 / 100 / 150. Enterprise: unlimited (overage billed per-call at a negotiated rate).
  • Quotas reset on the first of each calendar month UTC. Running out of one action's quota does NOT stop the others. The dashboard's Usage tab shows real-time progress against every quota.
  • Per-project overrides (Pro+): project owners can lower the budget ceiling, restrict allowed roles, or block specific model tiers (e.g. disable Opus on staging projects).
  • Grounding is project-scoped. Subject suggestions read your project's open-rate history. Template drafts read your template library and Handlebars variables. Workflow generation reads your configured channels and event types. Broadcast analysis reads your reputation metrics, suppression list, and scheduled-overlap window. There is no cross-project leakage.
  • Privacy: AWS Bedrock as model gateway, runs Claude models in your AWS region. Anthropic does not retain prompts or completions submitted via Bedrock. Audit log records scrubbed request shapes (counts, sizes) but not raw content.
  • New endpoints under /v1/muse/* (entitlement, usage, subjects/suggest, draft, rewrite, workflows/generate, broadcasts/analyze). New dashboard tabs for Usage, Audit, and per-project Settings.
  • Plan packaging: Free sees the entry points with an upgrade prompt; Starter and above get progressively wider quotas; Enterprise is unlimited.
  • Docs: see Zyphr Muse for the full surface area, model tiers, grounding details, and privacy model.

MCP Server v0.2.0 — Auth Organizations tools

  • Released @zyphr-dev/mcp-server@0.2.0 — adds 9 Auth Organizations tools: list_organizations, get_organization, create_organization, update_organization, list_organization_members, add_organization_member, update_organization_member_role, remove_organization_member, list_organizations_for_user.
  • AI clients (Claude Code, Cursor, Cline, Claude Desktop, etc.) can now manage tenants inside an Auth-as-a-Service application directly from the chat surface — list orgs, add/remove members, update role labels, walk past the 50-org JWT cap.
  • Read-only and ALLOWED_TOOLS guards apply as before. No delete_organization tool by policy — destructive ops stay in the dashboard.
  • Full surface: SDKs → MCP Server

Auth Organizations (New) — Pro / Scale / Enterprise

  • Released Organizations — multi-tenant your auth. One end-user identity, many workspaces. The Slack model, built in.
  • Each Auth application now has organizations scoped to live + test environments; end users can belong to many organizations within an environment.
  • Tokens carry the active org_id plus an orgs[] list (capped at 50; call listOrganizationsForUser to enumerate beyond).
  • New POST /v1/auth/sessions/switch-organization mints a new token pair for the target org and rotates the refresh jti (membership verified at mint time — org_id is Zyphr-attested, no server-side re-check needed).
  • New SDK namespace: zyphr.auth.organizations.{create,list,get,update,delete,addMember,removeMember,listMembers,updateMemberRole,listForUser,isMember} plus zyphr.auth.switchOrganization(...).
  • Dashboard: new Organizations tab on every Auth application (env-scoped Test/Live toggle, full CRUD, member management).
  • Audit log: every org CRUD, member action, and switched event records a row queryable by org/user via the new dashboard endpoint.
  • Backward compatible: every existing environment gets a backfilled Default organization; existing flat-app integrators see no change. Tokens for environments that don't adopt orgs are byte-identical to today.
  • Plan packaging: Free / Starter see the Default org and can keep operating it; organizations.create returns 403 plan_upgrade_required. Pro / Scale / Enterprise get unlimited organizations and unlimited members per org. Free customers downgraded from Pro keep read access to existing orgs (frozen mode — no new writes).
  • Docs: see Auth Organizations for the full primitive, the JWT shape changes, and the switch-organization flow.

2026-06-16

MCP Server (New)

  • Released @zyphr-dev/mcp-server@0.1.2 — a Model Context Protocol server for AI coding clients (Claude Code, Cursor, Cline, Claude Desktop, etc.)
  • One-line install via npx -y @zyphr-dev/mcp-server plus a ZYPHR_API_KEY environment variable
  • 18 tools total: 16 runtime tools (send_email, send_push, send_sms, send_inbox_message, list/get/render/create templates, find/list/create/update subscribers + set_subscriber_preferences, list/create webhooks + get_webhook_deliveries) and 2 integration tools (get_sdk_install_for_language, get_quickstart_for_channel) that help an AI wire Zyphr into a new project from scratch
  • Safety guards: ZYPHR_READ_ONLY=true suppresses every mutating tool; ZYPHR_ALLOWED_TOOLS="a,b,c" is an explicit whitelist that overrides read-only
  • No delete_* tools shipped — destructive operations stay in the dashboard
  • Webhook handler snippets always include HMAC-SHA256 signature verification with a 5-minute replay window
  • Errors surface verbatim with HTTP status, error code, request ID, and structured details so the AI can act on them
  • Full guide: SDKs → MCP Server

API

  • Fixed GET /v1/templates/:id returning 500 instead of 404 when the ID is not a valid UUID (sc-5321)

March 2026

2026-03-19

Multi-Project Accounts

  • Renamed workspaces to accounts — accounts are now the top-level billing and organizational unit
  • Added projects as isolated resource environments within accounts
  • Each account can have multiple projects (plan-dependent: Free=1, Starter=3, Pro=10, Scale=50, Enterprise=Unlimited)
  • Two-level role system: account roles (Owner, Admin, Billing Admin, Member) + project roles (Admin, Developer, Viewer)
  • Role cascade: account Owners/Admins automatically get Admin access to all projects
  • Project-scoped API keys, domains, messages, subscribers, webhooks, and templates
  • Per-project usage tracking with account-level billing rollup
  • Account and project avatars with 24 built-in icons

Account Abuse Prevention

  • Added per-user free account limit: each user can own a maximum of 2 free accounts
  • Added cross-account usage aggregation: usage across all accounts a user owns is summed and enforced against free-tier limits
  • Prevents abuse where users create multiple free accounts to circumvent plan limits
  • Enforcement applied to all channels: email, push, SMS, in-app, and MAU
  • Dashboard shows upgrade prompt when free account limit is reached

API

  • Added POST /v1/accounts — create new accounts (with free account limit enforcement)
  • Added GET /v1/accounts/me — get current account with plan and limits
  • Added PATCH /v1/accounts/me, DELETE /v1/accounts/me — update/delete account
  • Added account member management: list, invite, update role, remove
  • Added account invitation management: list, resend, revoke
  • Added GET /v1/accounts/me/projects — list projects for account
  • Added GET /v1/accounts/me/project-breakdown — per-project usage and resource breakdown
  • Added GET /v1/accounts/me/resource-counts — account-wide resource counts
  • Added project CRUD: create, list, get, update, delete
  • Added project member management: list, add, update role, remove
  • Added GET /v1/usage/user-aggregate — cross-account usage aggregation
  • Added POST /v1/usage/reconcile — manual usage reconciliation
  • Removed legacy /v1/workspaces endpoints

Documentation

  • Updated Postman collection: replaced Workspaces with Accounts, added Projects and Usage folders
  • Added Accounts & Projects guide with free account limits documentation
  • Updated Usage & Analytics guide with cross-account usage aggregation

February 2026

2026-02-06

Documentation

  • Added auto-generated API reference from OpenAPI spec
  • Added Go and PHP integration guides
  • Added cURL examples for all API endpoints
  • Added Error Codes reference page
  • Added FAQ and troubleshooting guide
  • Fixed Python SDK docs (now a requests-based integration guide)
  • Added Postman collection documentation

January 2026

2026-01-31

Auth-as-a-Service

  • Launched Auth-as-a-Service feature set
  • Added auth applications management
  • Added end user management
  • Added magic link authentication
  • Added OAuth provider integration (Google, GitHub, Microsoft, Apple)
  • Added MFA support (TOTP, SMS, email, recovery codes)
  • Added security features (rate limiting, IP allowlists, session management)

API

  • Added 67 new auth endpoints under /v1/auth/
  • Added comprehensive webhook events for auth actions

Documentation

  • Added Auth-as-a-Service guide and feature documentation

2026-01-15

Platform Launch

  • Launched Zyphr v1 API
  • Email channel (AWS SES)
  • Push notification channel (APNs, FCM, Web Push)
  • SMS channel (Twilio)
  • In-App Inbox with real-time WebSocket support
  • Template engine with Handlebars
  • Subscriber management with preferences
  • Topic-based pub/sub notifications
  • Webhook delivery with signature verification
  • Node.js SDK (@zyphr-dev/node-sdk)
  • React Inbox component (@zyphr/inbox-react)
  • Dashboard for account and project management

Versioning Policy

The Zyphr API uses URL-based versioning (/v1/). We maintain backwards compatibility within a major version:

  • Additive changes (new endpoints, new optional fields) are made without version bumps
  • Breaking changes will be introduced in new versions (/v2/) with migration guides and a deprecation period
  • SDKs follow semantic versioning

Subscribe to the Status Page for uptime and incident notifications.