release: 4.34.0

[stainless-app]

Automated Release PR

4.34.0 (2026-05-01)

Full Changelog: v4.33.0...v4.34.0

Features

• api: add fields to groups/projects/users, remove enums, update types (abda696)
• api: add support for Admin API Keys per endpoint (52840e8)
• api: admin API updates (ce01f2c)
• api: manual updates (4ce7800)
• api: manual updates (54bb616)
• support setting headers via env (f37acbd)

Bug Fixes

• api: allow admin api key credential auth (d0ea12d)
• auth: apply route-specific security options (4203865)
• ignore post-completion response stream events (65ea33e)
• types: correct createdAt and completedAt to Double in Response model (e591f78)
• types: correct timestamp precision in transcriptions/realtime, unix timestamps in responses (cc8d80f)

Chores

• internal: regenerate SDK with no functional changes (0a4327c)

Documentation

• api: update rate limit documentation for file upload endpoint (f4eb157)

---

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions

[apcha-oai]

@codex review pls

[chatgpt-codex-connector]

💡 Codex Review

openai-java/openai-java-core/src/main/kotlin/com/openai/services/blocking/beta/realtime/SessionServiceImpl.kt

Line 75 in 2df4554

.prepare(clientOptions, params)

Specify bearer auth for realtime session requests

These requests still call prepare(clientOptions, params) and therefore use SecurityOptions.all() by default. When both keys are configured, securityHeaders overwrites Authorization with the admin key, so realtime session calls may send the wrong credential instead of the standard API key.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Use admin auth for checkpoint permission requests

These endpoints are documented as requiring an admin API key, but request prep uses bearerAuth(true) only. If a client is configured with only adminApiKey, ClientOptions.securityHeaders throws before sending the request (requires apiKey or workloadIdentity). This prevents admin-key-only usage on admin-only routes.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Emit auth headers when bearer auth is marked satisfied

This branch treats any non-AdminApiKeyOnlyCredential credential as satisfying bearer auth but does not add an auth header. With AzureApiKeyCredential (or other custom credentials), bearer-protected requests can go out without Authorization or api-key, yielding unauthenticated failures.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Preserve last-set credential precedence in auth headers

securityHeaders always prefers the stored apiKey over credential. After fromEnv() or .apiKey(...), a later .credential(...) call does not take effect unless callers also clear apiKey, breaking normal builder “last setter wins” behavior and making credential overrides unexpectedly fail.

Useful? React with 👍 / 👎.

[stainless-app]

🤖 Release is at https://github.com/openai/openai-java/releases/tag/v4.34.0 🌻