2026-06-05

We've tightened input validation on a few write endpoints. Requests that send unexpected fields, malformed identifiers, or oversized values now return a 422 instead of being silently accepted or coerced. If you only send the fields documented in the API reference with reasonable values, nothing changes for you.

Automations (create, update):

• name must be printable ASCII containing at least one letter or number. (The 100-character limit is unchanged.) Names with emoji or non-Latin characters are now rejected.
• timing.delay.value must be 1–16 characters.
• actions is capped at 25 entries.
• metadata is capped at 100 keys, each key at most 100 characters. Lone Unicode surrogates in metadata values are stripped before saving.

Survey responses (create, update):

• answer is capped at 500 characters.
• The source string is 1–100 characters; subscriber and survey IDs must be valid identifiers.

Notes:

• model_id and model_type are capped at 50 characters and must be valid identifiers.
• Note text must contain at least one non-whitespace character.

All of these endpoints now reject unknown top-level fields rather than ignoring them. See error codes for the shape of validation errors.

• Subscribers now expose a country field on retrieve and list — the ISO 3166-1 alpha-2 country code inferred from the subscriber's IP address at signup, if available.
• Surveys can now be embedded in transactional emails.
• Sending email instead of email_address on subscriber writes now returns an actionable field_renamed error rather than a generic "field required."