appwrite · ChiragAgg5k · Jun 22, 2026 · Jun 22, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,19 @@
 # Change Log
 
+## 21.0.0
+
+* Added: `apps` service for managing apps and app secrets
+* Added: `oauth2` service for the OAuth2 authorization, device, and token flows
+* Added: device authorization grant parameters (`verificationUrl`, `userCodeLength`, `userCodeFormat`, `deviceCodeDuration`) to `updateOAuth2Server`
+* Added: `emailCanonical`, `emailIsFree`, `emailIsDisposable`, `emailIsCorporate`, and `emailIsCanonical` to the `User` model
+* Added: `userAccessedAt` to the `Membership` model
+* Added: `PolicyDenyCorporateEmail` and `deny-corporate-email` to `ProjectPolicyId`
+* Added: `dedicatedDatabases.execute` to `ProjectKeyScopes`
+* Breaking: `usage.listEvents` now takes a required `metrics` array with `resource`, `interval`, and `dimensions` instead of `queries` and `total`
+* Breaking: Replaced `UsageEvent` and `UsageGauge` models with `UsageDataPoint` and `UsageMetric`
+* Updated: Send an `Accept: application/json` header on all requests
+
+
 ## 20.1.0
 
 * Added: `createSesProvider` and `updateSesProvider` to `messaging`

diff --git a/appwrite/client.py b/appwrite/client.py
@@ -17,11 +17,11 @@ def __init__(self):
         self._endpoint = 'https://cloud.appwrite.io/v1'
         self._global_headers = {
             'content-type': '',
-            'user-agent' : f'AppwritePythonSDK/20.1.0 ({platform.uname().system}; {platform.uname().version}; {platform.uname().machine})',
+            'user-agent' : f'AppwritePythonSDK/21.0.0 ({platform.uname().system}; {platform.uname().version}; {platform.uname().machine})',
             'x-sdk-name': 'Python',
             'x-sdk-platform': 'server',
             'x-sdk-language': 'python',
-            'x-sdk-version': '20.1.0',
+            'x-sdk-version': '21.0.0',
             'X-Appwrite-Response-Format' : '1.9.5',
         }
         self._config = {}
@@ -101,21 +101,21 @@ def set_cookie(self, value):
         return self
 
     def set_impersonate_user_id(self, value):
-        """Impersonate a user by ID on an already user-authenticated request. Requires the current request to be authenticated as a user with impersonator capability; X-Appwrite-Key alone is not sufficient. Impersonator users are intentionally granted users.read so they can discover a target before impersonation begins. Internal audit logs still attribute actions to the original impersonator and record the impersonated target only in internal audit payload data."""
+        """Impersonate a user by ID"""
 
         self._global_headers['x-appwrite-impersonate-user-id'] = value
         self._config['impersonateuserid'] = value
         return self
 
     def set_impersonate_user_email(self, value):
-        """Impersonate a user by email on an already user-authenticated request. Requires the current request to be authenticated as a user with impersonator capability; X-Appwrite-Key alone is not sufficient. Impersonator users are intentionally granted users.read so they can discover a target before impersonation begins. Internal audit logs still attribute actions to the original impersonator and record the impersonated target only in internal audit payload data."""
+        """Impersonate a user by email"""
 
         self._global_headers['x-appwrite-impersonate-user-email'] = value
         self._config['impersonateuseremail'] = value
         return self
 
     def set_impersonate_user_phone(self, value):
-        """Impersonate a user by phone on an already user-authenticated request. Requires the current request to be authenticated as a user with impersonator capability; X-Appwrite-Key alone is not sufficient. Impersonator users are intentionally granted users.read so they can discover a target before impersonation begins. Internal audit logs still attribute actions to the original impersonator and record the impersonated target only in internal audit payload data."""
+        """Impersonate a user by phone"""
 
         self._global_headers['x-appwrite-impersonate-user-phone'] = value
         self._config['impersonateuserphone'] = value

diff --git a/appwrite/enums/project_key_scopes.py b/appwrite/enums/project_key_scopes.py
@@ -91,6 +91,7 @@ class ProjectKeyScopes(Enum):
     ARCHIVES_WRITE = "archives.write"
     RESTORATIONS_READ = "restorations.read"
     RESTORATIONS_WRITE = "restorations.write"
+    DEDICATEDDATABASES_EXECUTE = "dedicatedDatabases.execute"
     DOMAINS_READ = "domains.read"
     DOMAINS_WRITE = "domains.write"
     EVENTS_READ = "events.read"

diff --git a/appwrite/enums/project_policy_id.py b/appwrite/enums/project_policy_id.py
@@ -14,3 +14,4 @@ class ProjectPolicyId(Enum):
     DENY_ALIASED_EMAIL = "deny-aliased-email"
     DENY_DISPOSABLE_EMAIL = "deny-disposable-email"
     DENY_FREE_EMAIL = "deny-free-email"
+    DENY_CORPORATE_EMAIL = "deny-corporate-email"
diff --git a/appwrite/enums/project_service_id.py b/appwrite/enums/project_service_id.py
@@ -19,3 +19,4 @@ class ProjectServiceId(Enum):
     MIGRATIONS = "migrations"
     MESSAGING = "messaging"
     ADVISOR = "advisor"
+    OAUTH2 = "oauth2"
diff --git a/appwrite/models/__init__.py b/appwrite/models/__init__.py
@@ -222,15 +222,27 @@
 from .policy_deny_aliased_email import PolicyDenyAliasedEmail
 from .policy_deny_disposable_email import PolicyDenyDisposableEmail
 from .policy_deny_free_email import PolicyDenyFreeEmail
+from .policy_deny_corporate_email import PolicyDenyCorporateEmail
 from .backup_restoration import BackupRestoration
-from .usage_event import UsageEvent
-from .usage_gauge import UsageGauge
+from .usage_data_point import UsageDataPoint
+from .usage_event_list import UsageEventList
+from .usage_gauge_list import UsageGaugeList
+from .usage_metric import UsageMetric
+from .app import App
+from .app_secret import AppSecret
+from .app_secret_plaintext import AppSecretPlaintext
+from .oauth2_authorize import Oauth2Authorize
+from .oauth2_approve import Oauth2Approve
+from .oauth2_reject import Oauth2Reject
+from .oauth2_grant import Oauth2Grant
+from .oauth2_device_authorization import Oauth2DeviceAuthorization
+from .oauth2_token import Oauth2Token
 from .activity_event_list import ActivityEventList
 from .backup_archive_list import BackupArchiveList
 from .backup_policy_list import BackupPolicyList
 from .backup_restoration_list import BackupRestorationList
-from .usage_event_list import UsageEventList
-from .usage_gauge_list import UsageGaugeList
+from .apps_list import AppsList
+from .app_secret_list import AppSecretList
 
 __all__ = [
     'AppwriteModel',
@@ -457,13 +469,25 @@
     'PolicyDenyAliasedEmail',
     'PolicyDenyDisposableEmail',
     'PolicyDenyFreeEmail',
+    'PolicyDenyCorporateEmail',
     'BackupRestoration',
-    'UsageEvent',
-    'UsageGauge',
+    'UsageDataPoint',
+    'UsageEventList',
+    'UsageGaugeList',
+    'UsageMetric',
+    'App',
+    'AppSecret',
+    'AppSecretPlaintext',
+    'Oauth2Authorize',
+    'Oauth2Approve',
+    'Oauth2Reject',
+    'Oauth2Grant',
+    'Oauth2DeviceAuthorization',
+    'Oauth2Token',
     'ActivityEventList',
     'BackupArchiveList',
     'BackupPolicyList',
     'BackupRestorationList',
-    'UsageEventList',
-    'UsageGaugeList',
+    'AppsList',
+    'AppSecretList',
 ]
diff --git a/appwrite/models/activity_event.py b/appwrite/models/activity_event.py
@@ -45,30 +45,6 @@ class ActivityEvent(AppwriteModel):
         Team ID.
     hostname : str
         Hostname.
-    oscode : str
-        Operating system code name. View list of [available options](https://github.com/appwrite/appwrite/blob/master/docs/lists/os.json).
-    osname : str
-        Operating system name.
-    osversion : str
-        Operating system version.
-    clienttype : str
-        Client type.
-    clientcode : str
-        Client code name. View list of [available options](https://github.com/appwrite/appwrite/blob/master/docs/lists/clients.json).
-    clientname : str
-        Client name.
-    clientversion : str
-        Client version.
-    clientengine : str
-        Client engine name.
-    clientengineversion : str
-        Client engine name.
-    devicename : str
-        Device name.
-    devicebrand : str
-        Device brand name.
-    devicemodel : str
-        Device model name.
     countrycode : str
         Country two-character ISO 3166-1 alpha code.
     countryname : str
@@ -92,17 +68,5 @@ class ActivityEvent(AppwriteModel):
     projectid: str = Field(..., alias='projectId')
     teamid: str = Field(..., alias='teamId')
     hostname: str = Field(..., alias='hostname')
-    oscode: str = Field(..., alias='osCode')
-    osname: str = Field(..., alias='osName')
-    osversion: str = Field(..., alias='osVersion')
-    clienttype: str = Field(..., alias='clientType')
-    clientcode: str = Field(..., alias='clientCode')
-    clientname: str = Field(..., alias='clientName')
-    clientversion: str = Field(..., alias='clientVersion')
-    clientengine: str = Field(..., alias='clientEngine')
-    clientengineversion: str = Field(..., alias='clientEngineVersion')
-    devicename: str = Field(..., alias='deviceName')
-    devicebrand: str = Field(..., alias='deviceBrand')
-    devicemodel: str = Field(..., alias='deviceModel')
     countrycode: str = Field(..., alias='countryCode')
     countryname: str = Field(..., alias='countryName')
diff --git a/appwrite/models/app.py b/appwrite/models/app.py
@@ -0,0 +1,82 @@
+from typing import Any, Dict, List, Optional, Union, cast
+from pydantic import Field, PrivateAttr
+
+from .base_model import AppwriteModel
+from .app_secret import AppSecret
+
+class App(AppwriteModel):
+    """
+    App
+
+    Attributes
+    ----------
+    id : str
+        App ID.
+    createdat : str
+        App creation time in ISO 8601 format.
+    updatedat : str
+        App update date in ISO 8601 format.
+    name : str
+        Application name.
+    description : str
+        Application description shown to users during OAuth2 consent.
+    clienturi : str
+        Application homepage URL shown to users during OAuth2 consent.
+    logouri : str
+        Application logo URL shown to users during OAuth2 consent.
+    privacypolicyurl : str
+        Application privacy policy URL shown to users during OAuth2 consent.
+    termsurl : str
+        Application terms of service URL shown to users during OAuth2 consent.
+    contacts : List[Any]
+        Application support or security contact emails.
+    tagline : str
+        Application tagline shown to users during OAuth2 consent.
+    tags : List[Any]
+        Application tags shown to users during OAuth2 consent.
+    images : List[Any]
+        Application image URLs shown to users during OAuth2 consent.
+    supporturl : str
+        Application support URL shown to users during OAuth2 consent.
+    datadeletionurl : str
+        Application data deletion URL shown to users during OAuth2 consent.
+    redirecturis : List[Any]
+        List of authorized redirect URIs. These URIs can be used to redirect users after they authenticate.
+    postlogoutredirecturis : List[Any]
+        List of authorized post-logout redirect URIs for OpenID Connect RP-Initiated Logout. The logout endpoint only redirects users to URIs in this list after ending their session.
+    enabled : bool
+        Whether the app is enabled or not.
+    type : str
+        OAuth2 client type. `public` for SPAs, mobile, and native apps that cannot keep a client secret (PKCE required); `confidential` for server-side clients that authenticate with a client secret.
+    deviceflow : bool
+        Whether this client may use the OAuth2 Device Authorization Grant (RFC 8628).
+    teamid : str
+        ID of team that owns the application, if owned by team. Otherwise, user ID will be used.
+    userid : str
+        ID of user who owns the application, if owned by user. Otherwise, team ID will be used.
+    secrets : List[AppSecret]
+        List of application secrets.
+    """
+    id: str = Field(..., alias='$id')
+    createdat: str = Field(..., alias='$createdAt')
+    updatedat: str = Field(..., alias='$updatedAt')
+    name: str = Field(..., alias='name')
+    description: str = Field(..., alias='description')
+    clienturi: str = Field(..., alias='clientUri')
+    logouri: str = Field(..., alias='logoUri')
+    privacypolicyurl: str = Field(..., alias='privacyPolicyUrl')
+    termsurl: str = Field(..., alias='termsUrl')
+    contacts: List[Any] = Field(..., alias='contacts')
+    tagline: str = Field(..., alias='tagline')
+    tags: List[Any] = Field(..., alias='tags')
+    images: List[Any] = Field(..., alias='images')
+    supporturl: str = Field(..., alias='supportUrl')
+    datadeletionurl: str = Field(..., alias='dataDeletionUrl')
+    redirecturis: List[Any] = Field(..., alias='redirectUris')
+    postlogoutredirecturis: List[Any] = Field(..., alias='postLogoutRedirectUris')
+    enabled: bool = Field(..., alias='enabled')
+    type: str = Field(..., alias='type')
+    deviceflow: bool = Field(..., alias='deviceFlow')
+    teamid: str = Field(..., alias='teamId')
+    userid: str = Field(..., alias='userId')
+    secrets: List[AppSecret] = Field(..., alias='secrets')
diff --git a/appwrite/models/app_secret.py b/appwrite/models/app_secret.py
@@ -0,0 +1,39 @@
+from typing import Any, Dict, List, Optional, Union, cast
+from pydantic import Field, PrivateAttr
+
+from .base_model import AppwriteModel
+
+class AppSecret(AppwriteModel):
+    """
+    AppSecret
+
+    Attributes
+    ----------
+    id : str
+        Secret ID.
+    createdat : str
+        Secret creation time in ISO 8601 format.
+    updatedat : str
+        Secret update time in ISO 8601 format.
+    appid : str
+        Application ID this secret belongs to.
+    secret : str
+        Hashed application client secret.
+    hint : str
+        Last few characters of the client secret, used to help identify it.
+    createdbyid : str
+        ID of the user who created the secret.
+    createdbyname : str
+        Name of the user who created the secret.
+    lastaccessedat : Optional[str]
+        Time the secret was last used for authentication in ISO 8601 format. Null if never used.
+    """
+    id: str = Field(..., alias='$id')
+    createdat: str = Field(..., alias='$createdAt')
+    updatedat: str = Field(..., alias='$updatedAt')
+    appid: str = Field(..., alias='appId')
+    secret: str = Field(..., alias='secret')
+    hint: str = Field(..., alias='hint')
+    createdbyid: str = Field(..., alias='createdById')
+    createdbyname: str = Field(..., alias='createdByName')
+    lastaccessedat: Optional[str] = Field(default=None, alias='lastAccessedAt')
diff --git a/appwrite/models/app_secret_list.py b/appwrite/models/app_secret_list.py
@@ -0,0 +1,19 @@
+from typing import Any, Dict, List, Optional, Union, cast
+from pydantic import Field, PrivateAttr
+
+from .base_model import AppwriteModel
+from .app_secret import AppSecret
+
+class AppSecretList(AppwriteModel):
+    """
+    App secrets list
+
+    Attributes
+    ----------
+    total : float
+        Total number of secrets that matched your query.
+    secrets : List[AppSecret]
+        List of secrets.
+    """
+    total: float = Field(..., alias='total')
+    secrets: List[AppSecret] = Field(..., alias='secrets')
diff --git a/appwrite/models/app_secret_plaintext.py b/appwrite/models/app_secret_plaintext.py
@@ -0,0 +1,39 @@
+from typing import Any, Dict, List, Optional, Union, cast
+from pydantic import Field, PrivateAttr
+
+from .base_model import AppwriteModel
+
+class AppSecretPlaintext(AppwriteModel):
+    """
+    AppSecretPlaintext
+
+    Attributes
+    ----------
+    id : str
+        Secret ID.
+    createdat : str
+        Secret creation time in ISO 8601 format.
+    updatedat : str
+        Secret update time in ISO 8601 format.
+    appid : str
+        Application ID this secret belongs to.
+    secret : str
+        Application client secret. Returned in full only when the secret is created; subsequent reads return a masked value.
+    hint : str
+        Last few characters of the client secret, used to help identify it.
+    createdbyid : str
+        ID of the user who created the secret.
+    createdbyname : str
+        Name of the user who created the secret.
+    lastaccessedat : Optional[str]
+        Time the secret was last used for authentication in ISO 8601 format. Null if never used.
+    """
+    id: str = Field(..., alias='$id')
+    createdat: str = Field(..., alias='$createdAt')
+    updatedat: str = Field(..., alias='$updatedAt')
+    appid: str = Field(..., alias='appId')
+    secret: str = Field(..., alias='secret')
+    hint: str = Field(..., alias='hint')
+    createdbyid: str = Field(..., alias='createdById')
+    createdbyname: str = Field(..., alias='createdByName')
+    lastaccessedat: Optional[str] = Field(default=None, alias='lastAccessedAt')
diff --git a/appwrite/models/apps_list.py b/appwrite/models/apps_list.py
@@ -0,0 +1,19 @@
+from typing import Any, Dict, List, Optional, Union, cast
+from pydantic import Field, PrivateAttr
+
+from .base_model import AppwriteModel
+from .app import App
+
+class AppsList(AppwriteModel):
+    """
+    Apps list
+
+    Attributes
+    ----------
+    total : float
+        Total number of apps that matched your query.
+    apps : List[App]
+        List of apps.
+    """
+    total: float = Field(..., alias='total')
+    apps: List[App] = Field(..., alias='apps')