Behavior of application update via API changed (policies are removed)

Dear Cloudflare Support

Since yesterday we are observing a new behavior when working with Applications and Zone Level Application Policies.
Before yesterday it seems that the update of an application did not remove the attached policies of the app.
Now it seems that performing a PUT on an application to update non-policy related fields, removes the policy as well.

Example flow with dummy values:

  1. Create Application
    POST /client/v4/zones/xxxxxxxxxx/access/apps
  2. Create Application Level Policy
    POST /client/v4/zones/xxxxxxxxxx/access/apps/yyyyyyyyyyyy/policies
  3. Update Application
    PUT /client/v4/zones/xxxxxxxxxx/access/apps/yyyyyyyyyyyy
  4. Fetch Application Policies
    GET /client/v4/zones/xxxxxxxxxx/access/apps/yyyyyyyyyyyy/policies

After step 4, the policy is now empty.
It seems this behavior has changed? Has anybody else noticed this?

A sample call for update can be found here:
PUT /client/v4/zones/xxxxxxxxxx/access/apps/yyyyyyyyyyyy
“name”: “example/”,
“domain”: “example/”,
“app_launcher_visible”: true,
“allowed_idps”: [
“auto_redirect_to_identity”: true

Unforunately I cannot put the full links in the post, due to them not being allowed.

Best regards

To answer this for anybody else looking for the same, got a reply from the support:

There was a temporary issue with a change, but it’s now reverted to the before behavior.
So this should not happen again for now.