Changelog

So far, the user_data property for cloud-init was only available during Server creation. Now, it is possible to override that field during the Server rebuild process.

The new, optional user_data property is:

• Available for the endpoint: POST /servers/{id}/actions/rebuild
• Functionally identical to the already existing user_data property available for the endpoint: POST /servers

We have introduced a new optional name property to the Storage Box Subaccount resource. This property allows you to optionally specify a unique name for each Subaccount during creation.

• The name property is optional but must be unique among all other Subaccount resources if specified.
• If not specified during creation, the name property will default to the username property.
• It can be updated using the PUT /storage_boxes/{id}/subaccounts/{subaccount_id} endpoint.

To ensure a seamless transition, existing Subaccounts have been migrated to use their unique username property as the name property.

This change aims to provide more flexibility when managing Storage Box Subaccount resources.

Two new Rapid Deploy Images are now available. The openSUSE 16 Leap image can be used as opensuse-16 (IDs 342262088 for x86 and 342262097 for arm). Also the latest Fedora release with version 43 can be deployed to all Cloud servers as fedora-43 (IDs 342035601 (x86) & 342035605 (arm)).

We added a new location property to the request body and response of Servers and Primary IPs. The same data was previously present under datacenter.location.

We deprecated the datacenter property in the request body and response of Servers and Primary IPs. The removal will happen after 1 July 2026.

From 9 March 2026, Load Balancers will no longer support ephemeral finite-field Diffie–Hellman (DHE) key exchange methods. Elliptic-curve Diffie–Hellman (ECDHE) key exchange methods will continue to be supported. TCP services are not impacted.

The following TLS cipher suites will be removed:

This change is necessary to enable modernization of the TLS stack of our Load Balancers, which will enable us to offer post-quantum-secure key exchange methods.

We will conduct multiple brownouts to allow you to check whether your services are impacted. It is extremely unlikely that this change will impact you. The brownouts will take place on the following dates (all times UTC):

We have limited the supported public key sizes of certificates.

You can only use:

This change does not impact any customers, as all existing certificates already comply with the new requirements.

This change allows us to ensure that all certificates you upload are compatible with all of our services.

Timestamps returned by the API are now formatted using the RFC3339 representation.

RFC3339 timestamps can be parsed with ISO-8601 parsers, therefore no changes are required from your side.

Timestamps sent to the API should be formatted using the RFC3339 representation, but ISO-8601 formatted timestamps are still supported for backward compatibility.

From 1 December 2025, Hetzner Console will display all Servers matching a Firewall label selector, rather than displaying one label selector for each resource. This was the case previously, but was accidentally changed. We are now reverting to the original behavior.

The following API endpoints will return all matching servers for the label selectors as well:

• GET /v1/firewalls
• GET /v1/firewalls/$ID

We added a new action endpoint to the API:

POST /v1/zones/$ID_OR_NAME/rrsets/$RR_NAME/$RR_TYPE/actions/update_records

The new endpoint allows updating comments of existing records.

Starting on 10 December 2025, CIDRs specified as destination_ips or source_ips for Firewall rules will no longer allow for the host bits to be set.

This affects the following endpoints:

• POST /v1/firewalls
• POST /v1/firewalls/$ID/actions/set_rules

It will still be possible to add single hosts like 192.0.2.2/32 or 2001:db8:ff00:42::8329/128 and subnets in CIDR notation like 10.0.1.0/24 or 2001:db8:ff00:42::/64 as long as the host bits are not set.

We advise to remove the host bits from existing CIDRs with host bits set. E.g. 10.0.1.42/24 must be changed to 10.0.1.0/24.

DNS in Hetzner Console & the DNS API are now generally available. Creating zones under dns.hetzner.com is now no longer possible.

See the DNS Migration FAQ for more details on how to migrate existing zones to the Hetzner Console.

The image fedora-41 (IDs 199030328 (x86) & 199030407 (arm)) is deprecated and will no longer be available when creating new servers after 28 January 2026.

The Storage Box API endpoints are being updated to more closely match the patterns established by the existing Cloud API. This includes one breaking change effective immediately, and two deprecations that will be removed on 21 April 2026.

Breaking Change: Snapshot Plans must specify the hour and minute

The fields hour and minute in "Enable Snapshot Plan" were previously optional, and the default meant "every hour"/"every minute".

This made it possible to have snapshot plans with unexpected behavior. For example, you could set it up to take a snapshot every minute for a single day in the month, and no snapshots at all for the rest of the month. This was only possible through the API, the Hetzner Console did not permit this. No active snapshot plan is configured like this.

To avoid misconfigurations, the two fields are required to be set effective immediately.

Breaking Change: New Action for "Change Subaccount Home Directory"

In the initial version of the API this was possible through the "Update Access Settings" action. This was a bug, as the Home Directory is not considered part of the "Access Settings" object.

There is now a new action endpoint "Change Home Directory" to update the Home Directory of a Subaccount.

Deprecation: The request property home_directory of the endpoint "Update Access Settings" is now deprecated and will be removed on 21 April 2026.

Breaking Change: "Rollback Snapshot" accepts snapshot name or ID

"Rollback Snapshot" previously accepted a property snapshot_id. This was changed, and it now accepts a property snapshot that may be the Snapshot name or ID.

Deprecation: The request property snapshot_id of the endpoint "Rollback Snapshot" is now deprecated and will be removed on 21 April 2026.

Return references to created objects

The endpoints to create new Storage Boxes, Subaccounts and Snapshots now return the ID of the created resource in the response.

• "Create a Storage Box"
• "Create a Subaccount"
• "Create a Snapshot"

Sort Parameters for list endpoints

The endpoints to list Storage Boxes, Subaccounts and Snapshots now support the sort query parameter. The full list of available sort options is available in the linked documentation.

• "List Storage Boxes"
• "List Subaccounts"
• "List Snapshots"

Filter Subaccounts

The "List Subaccounts" endpoint now accepts the query parameter username. When set, only the subaccount with the matching name is returned.

Filter Snapshots

The "List Snapshots" endpoint now accepts the query parameter is_automatic. When specified, only automatic or manual snapshots are returned.

Add labels when creating a new snapshot

The "Create a Snapshot" endpoint now accepts an additional field labels to directly specify the labels of the label. This was previously only possible in the "Update a Snapshot" endpoint.

Request fields in update endpoints made optional

The following endpoints previously required all properties in the request to be set. This was changed to allow for partial updates.

• "Update a Storage Box"
• "Update Subaccount"
• "Update Snapshot"

Storage Box stats returned during initialization

The property storage_box.stats was previously set to null while the Storage Box was in status initializing. This was changed to return an object with all stats set to 0: {"size": 0, "size_data": 0, "size_snapshots": 0}.

Specify location ID when creating a Storage Box

The "Create a Storage Box" endpoint now also accepts the ID of a location in the location field. Previously only the name was accepted.

Nullable and required fields

The API specification was inconsistent in its usage of nullable and required for object properties. The documentation was updated, so that now all response fields are always returned but may be null. Request fields on the other hand are not nullable, but in many cases not required.

Starting on 1 January 2026, the old server plans with shared Intel® vCPUs will no longer be available for order. Existing servers are not affected by this deprecation and they will continue to work. If you want to migrate an existing server to one of the new server plans with Intel® vCPUs, you can use the rescale option.

These server types will not be available through the API List endpoint after the announced date. This also affects any usage "by name".

Applies to server types:

• cx22 (ID 104)
• cx32 (ID 105)
• cx42 (ID 106)
• cx52 (ID 107)

Starting on 1 January 2026, the old server plans with shared AMD vCPUs will no longer be available for order in FSN, NBG, HEL and SIN. Existing servers are not affected by this deprecation and they will continue to work. If you want to migrate an existing server to one of the new server plans, you can use the rescale option.

Applies to server types:

• cpx11 (ID 22)
• cpx21 (ID 23)
• cpx31 (ID 24)
• cpx41 (ID 25)
• cpx51 (ID 26)

Four new cost optimized server types are now available:

• cx23 (ID 114)
• cx33 (ID 115)
• cx43 (ID 116)
• cx53 (ID 117)

Six new regular purpose server types are now available:

• cpx12 (ID 108)
• cpx22 (ID 109)
• cpx32 (ID 110)
• cpx42 (ID 111)
• cpx52 (ID 112)
• cpx62 (ID 113)

Learn more about these instances in this news article

The ISO Talos Linux 1.11.2 (IDs 122630 (x86) & 122629 (arm)) is now available as ISO for all Cloud Servers.

Talos Linux ISOs with customizations applied are called "models". To differentiate them, each model has a unique schematic ID. We provide the model with the schematic ID ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515 (Hetzner metadata support + qemu-guest-agent).

For more information about the schematic ID, please see the Talos image factory documentation.

When changing the rDNS name of an IP address, a trailing dot in the dns_ptr parameter now results in an error with code invalid_input. Previously, providing a trailing dot was accepted by the API, however, asynchronously resulted in a failing action.

This affects the following endpoints:

• Change reverse DNS entry for a Server
• Change reverse DNS entry for a Load Balancer
• Change reverse DNS records for a Primary IP
• Change reverse DNS records for a Floating IP

A new DNS API is now available in beta.

The DNS API beta will likely end on 10 November 2025.

See the DNS beta FAQ for more details.

Server Types now depend on Locations.

• We added a new locations property to the Server Types resource. The new property defines a list of supported Locations and additional per Locations details such as deprecations information.

• We deprecated the deprecation property from the Server Types resource. The property will gradually be phased out as per Locations deprecations are being announced. Please use the new per Locations deprecation information instead.

The request bodies of the endpoints POST /v1/servers/$ID/actions/attach_to_network and POST /v1/load_balancers/$ID/actions/attach_to_network now support an optional ip_range attribute. The ip_range can be used to specify a subnet to which the resource should be attached. If ip_range is given but ip is not, auto assignment will pick an IP of the given subnet ip_range. If ip_range and ip are given, the ip has to be in ip_range.

We added the new string field category to all endpoints that return "Server Types". The new field groups server plans into categories (e.g. shared vCPU), allowing API users to more clearly distinguish between different plans. This information was formerly only visible in Hetzner Console and on the homepage. Learn more about the new field in our API docs.

Following the reworking of the validation, the POST /load_balancers/{id}/actions/update_service endpoint no longer accepted partial updates where http.cookie_name or http.cookie_lifetime were missing. This was caused by improper default values. To temporary resolve this issue, we implemented the default values of http.cookie_name=HCLBSTICKY and http.cookie_lifetime=300 in cases where the sticky sessions feature was disabled. This ensured consistency and prevents the use of unvalidated input.

However, since this approach resets the configuration for http.cookie_name and http.cookie_lifetime when sticky sessions are disabled, which is unexpected behaviour for a user, we adapted the validation and the default values to restore the documented behaviour.

Starting on 17 September 2025, the following endpoints will enforce a stricter password policy:

• POST /storage_boxes
• POST /storage_boxes/{id}/actions/reset_password
• POST /storage_boxes/{id}/subaccounts
• POST /storage_boxes/{id}/subaccounts/{subaccount_id}/actions/reset_subaccount_password

The minimum length of passwords will be increased to 12 characters. In addition, passwords that do not contain at least one special character will be rejected.

For more details, please consult the official API documentation: https://docs.hetzner.cloud/reference/hetzner#tag/storage-boxes

Due to some changes and updates in the backend of the Firewall product, there will be multiple smaller behavior changes in regards to the API during the upcoming weeks.

The changes will be gradually introduced to increasing amounts of projects. The process will begin in early September and it is estimated that it will take several weeks to complete.

We will

• introduce some minor changes to the error messages used by Firewall-related endpoints,
• remove an error code,
• rework error codes, messages and progress tracking for actions
• and remind you about delays and array orderings.

All official Hetzner integrations will continue to work. You should check and prepare any third-party integrations and scripts that use our API for the changes listed below.

If you have any issues or questions, please don't hesitate to reach out to our support team.

Creating Firewalls

• The rules attribute of the POST /firewalls endpoint response body does not guarantee a fixed order of elements. The order of elements can change at any time.
• The applied_to attribute of the POST /firewalls endpoint response body will now contain exactly the resources the Firewall is applied to. This was not the case previously.

Removing Firewall resources

• The error code firewall_already_removed in the POST /firewalls/{id}/actions/remove_from_resources endpoint response body is no longer in use.

Label Changes

• There may be a slight delay of up to a few seconds when (un)matching label selectors to the labels of a resource.
• Servers matching multiple label selectors of a Firewall will only be shown to match a single one of them. (added on 2025-09-18)

Actions

The following changes relate to all actions available from endpoints within the /firewalls path prefix. Furthermore, Firewall-related actions available at the /actions path prefix are affected as well.

• Progress of actions is tracked differently now. The tracking is tied closer to the process' progress.
• The error codes and error messages of actions have been reworked. They might be used differently now.
• Some actions will now succeed immediately, whereas previously they would still be in the 'running' state.
• Actions with the command apply_firewall and a related label selector will contain the label selector as a resource as well now.
• If there are no changes to the Firewall rules, no more apply_firewall actions will be returned. (added on 2025-09-18)

Activities

• Activities of the type firewall.apply and a related label selector will contain the additional entry label_selector in the affected_properties attribute from now on.
• There are additional firewall.update activities in some cases, like changing the Firewall rules. (added on 2025-09-18)

Error Handling

The following changes relate to all endpoints within the /firewalls path prefix. The error codes and messages in the response body of error responses have been revised:

• Some error messages no longer contain the resource type and/or ID.
• Some error messages no longer contain the array index of invalid entities.
• Some error messages reference the proper array index of invalid entities now.
• Some error messages got rephrased. The error codes stay the same.

The image ubuntu-20.04 (IDs 15512617 (x86) & 103908070 (arm)) is no longer available when creating new servers.

To protect data from getting deleted by accident, Hetzner Console now requires that Object Storage Buckets need to be empty before a project containing such Buckets can be deleted.

• A Bucket is empty if it contains no visible or invisible data

To empty a large Bucket, we recommend deleting the data via lifecycle policies rather than using an S3 compatible tool.

For the endpoints

• POST /v1/firewalls,
• POST /v1/firewalls/$ID/actions/apply_to_resources and
• POST /v1/firewalls/$ID/actions/remove_from_resources

the error code used in the response body in case a resource got requested to be applied or removed but does not exist changed from not_found to firewall_resource_not_found.

The error code not_found is continued to be used in case the Firewall does not exist.

When you attempt to add a public network target while the Load Balancer's public interface is disabled, the API endpoint POST /v1/load_balancers/{id}/actions/add_target now returns the call-specific error code load_balancer_public_interface_disabled instead of a generic error code.

Further, we fixed a bug where it was possible to add a public network label selector target, even though the Load Balancer's public interface is disabled.

We also fixed a bug where it was possible to disable the Load Balancer's public interface, despite it having at least one public network label selector target.

The HTTP status code returned by the endpoints POST /v1/primary_ips and POST /v1/floating_ips when IPs are not currently available with the desired properties has changed from 503 (Service Unavailable) to the more appropriate 412 (Precondition Failed). The error code unavailable in the response body remains unchanged.

Storage Boxes are now available through a new API at api.hetzner.com.

This new API follows the same patterns as the Hetzner Cloud API api.hetzner.cloud. You can find the documentation here.

Migration

Existing Storage Boxes were moved from the administration interface Robot to the new Hetzner Console (formerly Cloud Console).

The existing API endpoints for Storage Boxes in the Robot Webservice API are deprecated and will be removed on 30 July 2025.

The image fedora-40 (IDs 161489943 (x86) & 161490993 (arm)) is no longer available when creating new servers.

The newest AlmaLinux and Rocky Linux release with version 10 is now available as alma-10 (IDs 245249013 (x86) & 245249165 (arm)) and rocky-10 (IDs 245249370 (x86) & 245249744 (arm)) to all Cloud Servers as a Rapid Deploy Image.

On 11 August 2025, we will deploy a change to the DHCP server used to configure a server's private network interfaces. Before this change, the DHCP server has been sending a Router Option (code 3) as well as a Classless Static Route Option (code 121). After the change, the DHCP server will cease sending the Router Option.

This might impact your server's routing configuration.

To check if your systems are affected, potential mitigations, and further information about this change, please refer to the documentation.

Update: We initially planned to release this fix on 15 July 2025, but decided to postpone it.

A change implemented by AWS on 15 January 2025 resulted in failed uploads to Object Storage Buckets across all regions when using any AWS CLI or AWS SDK version released on or after that date.

This incompatibility has been resolved. Uploads can now be performed as intended using the AWS CLI/AWS SDKs (including the latest versions).

To protect data from getting deleted by accident, Cloud Console now matches the behavior of the S3 API and prohibits the deletion of Buckets, unless:

• The Bucket is empty (no visible or invisible data)

To empty a large Bucket, we recommend deleting the data via lifecycle policies rather than using an S3 compatible tool. You can find two example lifecycle policies here.

The image ubuntu-20.04 (IDs 15512617 (x86) & 103908070 (arm)) is deprecated and will no longer be available when creating new servers after 31 July 2025.

The ISO openSUSE MicroOS Snapshot 2025-04-22 (IDs 119712 (x86) & 119713 (arm)) is now available as ISO for all Cloud Servers.

The newest Fedora release with version 42 is now available as fedora-42 (IDs 232895138 (x86) & 232895264 (arm)) to all Cloud Servers as a Rapid Deploy Image.

The ISO Talos Linux 1.9.5 (IDs 119702 (x86) & 119703 (arm)) is now available as ISO for all Cloud Servers.

Talos Linux ISOs with customizations applied are called "models". To differentiate them, each model has a unique schematic ID. We provide the model with the schematic ID ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515 (Hetzner metadata support + qemu-guest-agent).

For more information about the schematic ID, please see the Talos image factory documentation.

The ISO IPFire 2.29-core192 (IDs 119405 (x86) & 119404 (arm)) is now available as ISO for all Cloud Servers.

The image fedora-40 (IDs 161489943 (x86) & 161490993 (arm)) is deprecated and will no longer be available when creating new servers after 19 June 2025.

Background

We have previously announced the actions list endpoint deprecation in July 2023. We have now changed our decision in parts.

The endpoint GET /v1/actions implements two different functions:

• Listing all actions (GET /v1/actions)
• Get multiple actions by their IDs (GET /v1/actions?id=)

The previous announcement mentioned that the whole endpoint would be removed. We have now decided to keep the GET /v1/actions?id= functionality available.

Changes

We have removed the possibility to list all actions (GET /v1/actions). All query parameters related to this have been removed from the API. The API now returns a 410 Gone status code and links to this announcement.

If you need to list actions without knowing their IDs, please use the "Resource Action endpoints" instead.

The following app(s) were updated to newer versions:

• gitlab (IDs 40093435 (x86) & 105888988 (arm)) to v17.8.0
• nextcloud (IDs 40093190 (x86) & 105888089 (arm)) to v30.0.5
• wordpress (IDs 40093134 (x86) & 105888096 (arm)) to v6.7.1

The image fedora-39 (IDs 135075974 (x86) & 135076024 (arm)) is no longer available when creating new servers.

From now on, after deleting a Bucket, the same Bucket name can be reused immediately when it is created in a project of the same owner. Please see our documentation for more details.

The newest CentOS Stream Release with Version 10 is now available as centos-stream-10 (IDs 210163277 (x86) & 210163284 (arm)) to all Cloud Servers as a Rapid Deploy Image.

Due to problems with moving Object Storage Buckets between projects, the functionality has been disabled for the time being.

openSUSE Leap 15.6 is now available as a Rapid Deploy Image for all Cloud Servers The image has the name opensuse-15 in the API.

A new App is available for your servers:

• Coolify.io (Name coolify, IDs 197238872 (x86) & 197238880 (arm))

The API no longer returns for the following fields:

• Response field included_traffic of a server_type
• Response field traffic in the GET /v1/pricing endpoint response

Learn more about this change.

The image fedora-39 (IDs 135075974 (x86) & 135076024 (arm)) is deprecated and will no longer be available when creating new servers after 25 January 2025.

Note: To give customers more time to make the necessary changes on their end, we have extended the deadline for this deprecation.

Starting on 30 October 2024, it will no longer be possible to use custom MAC addresses for IPv4 connectivity on the public network interface. Instead, servers will have to use the MAC address that was assigned to their public network interface to send and receive IPv4 packets. Packets sent with a different source MAC address will be dropped.

For public IPv6 connectivity as well as private network interfaces, this was already enforced.

If you have changed the MAC address on the public network interface of your cloud server, please change it back to the MAC address assigned to the interface. If your server is configured so that the public network interface is part of a bridge with other interfaces, please consider switching to a routed setup.

Customers affected by this change were notified via email.

The old server plans with shared Intel vCPUs (CX11, CX21, CX31, CX41, CX51) are no longer available for order. Existing servers are not affected by this deprecation and they will continue to work. If you want to migrate an existing server to one of the new server plans with Intel vCPUs, you can use the rescale option.

These server types are not available through the API List endpoint. This also affects any usage "by name".

Applies to server types:

• cx11 (ID 1)
• cx21 (ID 3)
• cx31 (ID 5)
• cx41 (ID 7)
• cx51 (ID 9)

The image centos-stream-8 (IDs 45778012 (x86) & 103907195 (arm)) is no longer available when creating new servers.

The Hetzner provider in current versions of cluster-autoscaler has a bug and relies on the CX11 server type, which we will remove from our ordering options on 6 September 2024.

If you try to use the cluster-autoscaler provider after that date, you will see the following error messages:

mixed_nodeinfos_processor.go:160] Unable to build proper template node for draining-node-pool: failed to create resource list for node group draining-node-pool error: failed to get machine type cx11 info error: server type not found
static_autoscaler.go:387] Failed to get node infos for groups: failed to create resource list for node group draining-node-pool error: failed to get machine type cx11 info error: server type not found

The following versions of cluster-autoscaler are affected:

• ≤1.28.6 (including 1.27 and older)
• ≤1.29.4
• ≤1.30.2
• ≤1.31.0

We depend on the Kubernetes community and the maintainers of cluster-autoscaler to release new versions. We expect that new official versions are released at the end of September.

To bridge the gap until the Kubernetes community releases the new versions, we published alternative container images of cluster-autoscaler that include a patch for the bug. You can use these in your deployment, but we will remove them one month after new official cluster-autoscaler versions become available. We will not provide any other patch releases on this container image repository. Please switch back to the official images as soon as possible.

• docker.io/hetznercloud/cluster-autoscaler:v1.28.6-hcloud1 (Build Commit)
• docker.io/hetznercloud/cluster-autoscaler:v1.29.4-hcloud1 (Build Commit)
• docker.io/hetznercloud/cluster-autoscaler:v1.30.2-hcloud1 (Build Commit)
• docker.io/hetznercloud/cluster-autoscaler:v1.31.0-hcloud1 (Build Commit)

Existing Users

To prevent disruptions for existing users of the provider, we will keep the CX11 server type available for these accounts. We will remove that prolonged access to the CX11 server type two weeks after the Kubernetes community releases new versions of cluster-autoscaler.

Links

• GitHub Issue autoscaler#7210
• Changelog: Old Server Types with shared Intel vCPUs are deprecated
• cluster-autoscaler Hetzner provider

The response field floating_ip (.pricing.floating_ip) of the GET /v1/pricing endpoint is deprecated.

Please use the floating_ips (.pricing.floating_ips) field instead.

Starting on 30 September 2024, it will no longer be possible to use custom MAC addresses for IPv4 connectivity on the public interface. Instead, servers will have to use the MAC address that was assigned to their public network interface to send and receive IPv4 packets. Packets sent with a different source MAC address will be dropped.

For public IPv6 connectivity as well as private network interfaces, this was already enforced.

If you have changed the MAC address on the public network interface of your cloud server, please change it back to the MAC address assigned to the interface. If your server is configured so that the public network interface is part of a bridge with other interfaces, please consider switching to a routed setup.

We will also contact customers affected by this change via email.

Update 27 September 2024: We have extended the deadline. You can find the updated entry here.

The new location Singapore (sin) is now available for all products. The following server types are available:

• CPX: cpx11, cpx21, cpx31, cpx41, cpx51
• CCX: ccx13, ccx23, ccx33, ccx43, ccx53, ccx63

The datacenter sin-dc1 was also added to the API and belongs to the sin location.

The network zone ap-southeast was also added to the API. It currently includes the sin location.

The API now returns null for the following fields instead of their previous values:

• Response field included_traffic of a server_type
• Response field traffic in the GET /v1/pricing endpoint response

These fields will be fully removed from the API on 2024-11-05.

Please refer to the API documentation for more details.

Learn more about this change.

The image fedora-38 (IDs 107768015 (x86) & 107768016 (arm)) is no longer available when creating new servers.

The Cloud API has been updated to provide a better insight and more flexibility for displaying the pricing of traffic for servers and load balancers.

These API changes will be performed in three steps:

New fields added

The pricing arrays in the responses of our GET /v1/server_types and GET /v1/load_balancer_types endpoints have been extended:

• we added a field included_traffic representing how much of free outgoing traffic is included for a tariff in a certain location in bytes
• we added a field price_per_tb_traffic, representing the cost per TB of traffic after the included traffic has been used up

The matching values in responses to the following endpoints are updated accordingly:

• GET /v1/pricing
• GET /v1/servers
• GET /v1/servers/{id}
• GET /v1/load_balancers
• GET /v1/load_balancers/{id}

Deprecating and removing previous fields

In addition to these new properties, we will deprecate existing properties currently representing these values. These will be set to return null on 2024-08-05:

• Response field included_traffic of a server_type
• Response field traffic in the GET /v1/pricing endpoint response

These fields will be fully removed from the API three months later on 2024-11-05.

Please refer to the API documentation for more details. Review and update any scripts or tools that make use of these API endpoints and fields.

Integrations

We have updated our integrations for these new fields. The changes are available in the following versions:

• hcloud CLI: v1.46.0
• terraform-provider-hcloud: v1.48.0
• Ansible Collection hetzner.hcloud: v4.1.0
• hcloud-go v1: v1.58.0
• hcloud-go v2: v2.12.0
• hcloud-python: v2.1.0

The following app(s) now use Ubuntu 24.04 as base-image (previously 22.04):

• gitlab (IDs 40093435 (x86) & 105888988 (arm))
• jitsi (IDs 40093140 (x86) & 105887536 (arm))

We developed a new system for managing private networks in the recent months and are now in the rollout phase. Starting today, private networks in newly created projects will use the new system. With this new system, private network actions related to progress and status information will behave more accurately.

If you encounter any issues, please let us know by submitting a support ticket.

In the upcoming days, existing private networks will be migrated to the new system. We do not expect any downtime or disturbances for customers.

In order to save bandwidth, we now allow for gzip and brotli compression to be requested by sending an Accept-Encoding header with your API request.

We don't expect any complications, but this change could lead to unexpected behaviour if your client requests compression whilst not handling the decompression of the response as expected. Our official integrations will continue to work with this, but we can not ensure full compatibility for third-party clients and integrations.

We will roll out this change in increasingly longer time periods so you can observe if all your implementations can handle the new behaviour or if you have to make changes:

• 2024-07-30T08:30Z -> 2024-07-30T09:30Z (1h)
• 2024-08-01T07:30Z -> 2024-08-01T11:30Z (4h)
• 2024-08-20T06:30Z -> 2024-08-20T14:30Z (8h)
• 2024-08-22T08:00Z -> 2024-08-23T08:00Z (1d)

The change will be permanently effective from 26th August 2024 08:00 UTC.

The following apps are no longer available when creating new servers:

• collab-tools (IDs 73924728 (x86) & 105888341 (arm))
• go (IDs 71127447 (x86) & 105888088 (arm))
• ruby (IDs 71127104 (x86) & 105888086 (arm))

The image debian-10 (IDs 5924233 (x86) & 103905968 (arm)) is no longer available when creating new servers.

Starting on 06 September 2024, the old server plans with shared Intel vCPUs will no longer be available for order. Existing servers are not affected by this deprecation and they will continue to work. If you want to migrate an existing server to one of the new server plans with Intel vCPUs, you can use the rescale option.

These server types will not be available through the API List endpoint after the announced date. This also affects any usage "by name".

Applies to server types:

• cx11 (ID 1)
• cx21 (ID 3)
• cx31 (ID 5)
• cx41 (ID 7)
• cx51 (ID 9)

Four new server types with shared Intel vCPUs are now available:

• cx22 (ID 104)
• cx32 (ID 105)
• cx42 (ID 106)
• cx52 (ID 107)

Learn more about these instances in this news article

The following app(s) now use Ubuntu 24.04 as base-image (previously 22.04):

• photoprism (IDs 101588775 (x86) & 105888330 (arm))
• prometheus-grafana (IDs 73721460 (x86) & 105888142 (arm))
• owncast (IDs 101588646 (x86) & 105888084 (arm))
• rustdesk (IDs 102456737 (x86) & 105888087 (arm))
• wireguard (IDs 80379320 (x86) & 105888135 (arm))

The following apps are deprecated and will no longer be available when creating new servers after 5 July 2024:

• collab-tools (IDs 73924728 (x86) & 105888341 (arm))
• go (IDs 71127447 (x86) & 105888088 (arm))
• ruby (IDs 71127104 (x86) & 105888086 (arm))

The image centos-stream-8 (IDs 45778012 (x86) & 103907195 (arm)) is deprecated and will no longer be available when creating new servers after 31. August 2024.

The following app(s) now use Ubuntu 24.04 as base-image (previously 22.04):

• docker-ce (IDs 40093247 (x86) & 105888141 (arm))
• lamp (IDs 40093059 (x86) & 105888091 (arm))
• nextcloud (IDs 40093190 (x86) & 105888089 (arm))
• wordpress (IDs 40093134 (x86) & 105888096 (arm))

The following app(s) now use Ubuntu 22.04 as base-image (previously 20.04):

• jitsi (IDs 40093140 (x86) & 105887536 (arm))

The images fedora-40 (IDs 161489943 (x86) & 161490993 (arm)) and ubuntu-24.04 (IDs 161547269 (x86) & 161547270 (arm)) have been added.

The image fedora-38 (IDs 107768015 (x86) & 107768016 (arm)) is deprecated and will no longer be available when creating new servers after 25 July 2024.

The image debian-10 (IDs 5924233 (x86) & 103905968 (arm)) is deprecated and will no longer be available when creating new servers after 30 June 2024.

The response field deprecated of all endpoints that return "ISOs" is removed as announced. Please use the new field deprecation instead.

The request field type of the POST /servers/{id}/actions/enable_rescue endpoint no longer accepts the value linux32.

The image centos-7 (IDs 3 (x86) & 103907007 (Arm)) is no longer available when creating new servers.

For security reasons, the Hetzner Cloud Firewall no longer inspects protocols like FTP, SIP and PPTP to implicitly open other, related ports.

If your server has a Cloud Firewall attached and you use these protocols in a way that requires additional related ports to be accepted, then you should add a Firewall rule for the required port ranges.

See the Firewalls FAQ for details.

The Hetzner Cloud packer plugin moved from github.com/hashicorp/packer-plugin-hcloud to github.com/hetznercloud/packer-plugin-hcloud.

Make sure to update the plugin source in your Packer configuration:

 packer {
   required_plugins {
     hcloud = {
-      source  = "github.com/hashicorp/hcloud"
+      source  = "github.com/hetznercloud/hcloud"
       version = ">= 1.2.0"
     }
   }
 }

See the plugin documentation for more details.

The Windows Server 2012 R2 ISO files are no longer available for cloud servers because of the End of Life announcement from Microsoft.

The Network feature to expose routes of a cloud network to a vSwitch now supports the default route (0.0.0.0/0 as destination).

The response field deprecated of all endpoints that return "ISOs" is deprecated. Please use the new field deprecation instead.

To better communicate deprecations to API Users, we added the new response field deprecation to all endpoints that return "ISOs". The field describes if, when, and how the resource was deprecated. If this field is set to null, the resource is not deprecated. If it has a value, it is considered deprecated. Learn more about the field in our API docs. This new field replaces the old deprecated field.

Network subnets with type "vswitch" now have a new limitation to prevent users from producing setups that don't work.

You now need to have a subnet that is smaller than the overall ip_range of the parent Network.

Example:

The image centos-7 (IDs 3 (x86) & 103907007 (Arm)) is deprecated and will no longer be available when creating new servers after 02 January 2024.

The old server plans with dedicated AMD vCPUs (CCX12, CCX22, CCX32, CCX42, CCX52, CCX62) are no longer available for order. Existing servers are not affected by this deprecation and they will continue to work. If you want to migrate an existing server to one of the new server plans with AMD vCPUs, you can use the rescale option.

These server types are not available through the API List endpoint. This also affects any usage "by name".

Applies to server types:

• ccx12 (ID 33)
• ccx22 (ID 34)
• ccx32 (ID 35)
• ccx42 (ID 36)
• ccx52 (ID 37)
• ccx62 (ID 38)

The image ubuntu-18.04 (IDs 168855 (x86) & 103908017 (Arm)) is no longer available when creating new servers.

Our API reference documentation previously stated that the action list endpoints GET /v1/actions and GET /v1/<resource>/actions accept the values progress, progress:asc and progress:desc for the query parameter sort.

If used in a request, this caused the request to fail. We have removed the values for the sort parameter from our API docs.

Starting on 27 September 2023, the old server plans with dedicated AMD vCPUs will no longer be available for order. Existing servers are not affected by this deprecation and they will continue to work. If you want to migrate an existing server to one of the new server plans with AMD vCPUs, you can use the rescale option.

These server types will not be available through the API List endpoint after the announced date. This also affects any usage "by name".

Applies to server types:

• ccx12 (ID 33)
• ccx22 (ID 34)
• ccx32 (ID 35)
• ccx42 (ID 36)
• ccx52 (ID 37)
• ccx62 (ID 38)

Six new server types with dedicated AMD vCPUs are now available:

• ccx13
• ccx23
• ccx33
• ccx43
• ccx53
• ccx63

Learn more about these instances in this news article

Please note that these and new upcoming server types will use UEFI by default. If a server gets created from a snapshot, please make sure that the snapshot has an ESP / is UEFI-compatible.

Update 2025-01-30: The Actions List endpoint is not fully deprecated anymore.

GET /actions is deprecated. Starting 1 October 2023, it will no longer be available. For more information about alternatives, please refer to the previous announcement "Resource Action endpoints" from 29 June 2023.

Also starting on 1 October 2023, all action endpoints will only return actions from the past 90 days.

All server plans with Intel® vCPUs (CCX11, CCX21, CCX31, CCX41, CCX51) are no longer available for order. Existing servers are not affected by this deprecation and they will continue to work. If you want to migrate an existing server with Intel® vCPUs to a server plan with AMD vCPUs, you can use the rescale option.

These server types are not available through the API List endpoint. This also affects any usage "by name".

Applies to server types:

• ccx11 (ID 11)
• ccx21 (ID 12)
• ccx31 (ID 13)
• ccx41 (ID 14)
• ccx51 (ID 15)

We added the new endpoints /v1/<resource>/actions and /v1/<resource>/actions/{action_id} to all resources that use actions.

The new endpoints can be used instead of the global /v1/actions endpoint, to get actions of a specific product.

You can now expose routes from a Network to the vSwitch connection.

API Changes:

• New response field expose_routes_to_vswitch was added to all endpoints that return "Networks".
• New request field expose_routes_to_vswitch was added to the POST /networks endpoint.
• New request field expose_routes_to_vswitch was added to the PUT /networks/{id} endpoint.

Starting on 18 July 2023, all server plans with Intel® vCPUs will no longer be available for order. Existing servers are not affected by this deprecation and they will continue to work. If you want to migrate an existing server with Intel® vCPUs to a server plan with AMD vCPUs, you can use the rescale option.

These server types will not be available through the API List endpoint after the announced date. This also affects any usage "by name".

Applies to server types:

• ccx11 (ID 11)
• ccx21 (ID 12)
• ccx31 (ID 13)
• ccx41 (ID 14)
• ccx51 (ID 15)

The response field deprecated of all endpoints that return "Server Types" is deprecated. Please use the new field deprecation instead.

To better communicate deprecations to API Users, we added the new response field deprecation to all endpoints that return "Server Types". The field describes if, when, and how the resource was deprecated. If this field is set to null, the resource is not deprecated. If it has a value, it is considered deprecated. Learn more about the field in our API docs. This new field replaces the old deprecated field, which contained a boolean.

The image ubuntu-18.04 (IDs 168855 (x86) & 103908017 (Arm)) is deprecated and will no longer be available when creating new servers after 31 August 2023.

Please note that there will be a change regarding the id fields in our API. At the moment, the id fields are only 32 bit wide. However, this is no longer sufficient. As a result, we will use larger IDs in future. This change will not affect IDs of existing resources.

Starting on 1 September 2023, the first IDs will use 52-bit integers.

We added the new response field included_traffic to all endpoints that return "Server Types".

The field describes the amount of included free traffic bytes that servers of this Server Type have.

Four new server types with Arm64 architecture are now available:

• cax11
• cax21
• cax31
• cax41

Learn more about these instances in this news article

Our API had an inherent assumption that all servers, images, and ISOs used the same x86 architecture. To support the launch of our Arm64 Server Types, we added new APIs to differentiate between the architectures.

The architecture fields currently support two values: x86 and arm.

Server Types

• New response field architecture was added to all endpoints that return "Server Types".

Images

Previously, the image name uniquely identified the image. This is no longer true. Instead, the image is now uniquely identified through the combination of name & architecture. This means that we now have (as an example) two images named ubuntu-22.04, one with architecture x86 and one arm. If you create servers from images (or snapshots) by passing the ID, you need to take care that you pass an image with a compatible architecture. If you create servers by passing the image name, our API will select the correct image for you.

• New response field architecture was added to all endpoints that return "Images".
• New query parameter architecture was added to the GET /images endpoint.

ISOs

• New response field architecture was added to all endpoints that return "ISOs". This field can be null if the ISO is not restricted to a single architecture. We do not set the architecture for ISOs uploaded on user request.
• New query parameter architecture was added to the GET /isos endpoint.
• New query parameter include_architecture_wildcard was added to the GET /isos endpoint.

AlmaLinux 8 and 9 are now available as images for your servers. They have the image names alma-8 & alma-9.

Three new Apps are available for your servers:

• Owncast (owncast)
• PhotoPrism® (photoprism)
• RustDesk (rustdesk)

The new location Hillsboro, Oregon (hil) is now available for all products. Some server types might not be available in the new location.

The datacenter hil-dc1 was also added to the API and belongs to the hil location.

The network zone us-west was also added to the API. It currently includes the hil location.

The app BigBlueButton (big-blue-button) is no longer available for new servers.

Four new Apps are available for your servers:

• Go (go)
• Ruby (ruby)
• Prometheus Grafana (prometheus-grafana)
• Collaboration Tools: HedgeDoc, transfer.sh, whiteboard (collab-tools)

Freebsd64 is no longer available as a Rescue OS.

When you create a cloud server, it will no longer automatically include public IP addresses (IPv4, IPv6). Instead, you can now decide for yourself which types of IPs the server should include or not. And even after creating the server, you can still change your network option by adding, removing, or swapping the server’s Primary IPs. Learn more in this news article.

Primary IPs

All endpoints under the "Primary IPs" & "Primary IP Actions" sections were added.

• New endpoint GET /primary_ips was added.
• New endpoint POST /primary_ips was added.
• New endpoint DELETE /primary_ips/{id} was added.
• New endpoint GET /primary_ips/{id} was added.
• New endpoint PUT /primary_ips/{id} was added.
• New endpoint POST /primary_ips/{id}/actions/assign was added.
• New endpoint POST /primary_ips/{id}/actions/change_dns_ptr was added.
• New endpoint POST /primary_ips/{id}/actions/change_protection was added.
• New endpoint POST /primary_ips/{id}/actions/unassign was added.

Server

• The response fields server.public_net.ipv4 and server.public_net.ipv6 are now nullable in all endpoints that return "Servers".
• New request field public_net was added to the POST /servers endpoint.

You can now mark SSH keys as "default". These keys will be pre-selected when you create new servers in the Cloud Console.