Introducing the CData Arc Q2 2026 Release: OAuth 2.0, AI Connector GA, and a Fully Refreshed Platform

The CData Arc Q2 2026 release is built for teams running integration at enterprise scale where security standards are non-negotiable, configuration changes need a full audit trail, and AI-powered workflows must be production ready before they touch real data.

This release introduces OAuth 2.0 authentication for public API endpoints, brings the AI Connector to general availability with expanded provider support, delivers targeted version control improvements that make configuration management faster and more auditable, expands shared connection support across key connectors, and completes the connector UI redesign across the entire platform.

OAuth 2.0 for public API endpoints

Enterprise security teams have a reasonable expectation: every API surface in your stack should authenticate using the same industry standard protocols. Until now, securing Arc's public endpoints required user generated tokens as a workable approach, but one that sits outside the OAuth 2.0 patterns most organizations already enforce across their infrastructure.

Arc now supports OAuth 2.0 authentication for public endpoints, including the Admin API, Webhook connector, API Connector, and Flow API. Client credentials are exportable and importable, and existing IP restrictions apply equally to OAuth token requests and resource access. Teams operating in regulated environments or managing Arc deployments at scale can now secure API integrations using the same credential governance model applied everywhere else in the organization without exception or workaround.

More powerful version control

Git-based configuration management came to Arc in v26. The Q2 2026 release sharpens that capability into something teams can rely on for precise, day-to-day configuration control, not just broad version history.

The most significant addition is the ability to restore individual files from a previous commit directly in the Arc interface. Previously, recovering from a bad configuration change meant   either manually undoing the change, or performing a full revert outside the application entirely. Now teams can surgically recover a single file without touching anything else, a meaningful difference when you're managing complex, multi connector workflows where a full revert carries real operational risk.

The Commit History table now surfaces a banner with a Pull button when remote changes are available, bringing the action to where your attention already is. And both Pull and Discard Changes operations are now written to Application and Audit logs giving administrators a complete, tamper-aware record of who changed what, and when. For teams subject to change management requirements or internal audit processes, this closes a gap that previously required external tooling to fill.

AI connector is now generally available

When the AI Connector launched in v26, it opened the door to a new class of integration workflows, where AI services participate directly in data processing, not just as a reporting layer on top of it. That capability is now production ready.

The Arc AI Connector exits beta and is fully supported for production workloads, backed by the same reliability standards as every other connector in the platform. This release also expands the provider list with the addition of Anthropic Claude and xAI Grok, joining the existing support for OpenAI, Gemini, Ollama, and DeepSeek. Your team can now choose the model that best fits the workload. Prefer a locally hosted instance for data privacy? Go for it. Need a managed cloud provider for scale? That works too. Every option is configured directly in the connector UI without leaving Arc.

For teams that have been running the AI Connector in beta, nothing changes. For teams that were waiting for production grade support before adopting AI-powered processing, v26.2 is that signal.

Expanded connectivity

Integration platforms live or die by the breadth and quality of their connectivity. This release extends both, bringing new ways to share credentials across connectors, expose Arc capabilities programmatically, and handle messages more cleanly inside complex flows.

The REST, Email Send, and Email Receive connectors now support shared connections, allowing a single OAuth credential to be reused across multiple connectors. In practice, this means less redundant configuration work upfront and simpler credential governance over time. When a token needs to be rotated, you update it once, not across every connector that depends on it.

The Flow API now supports passing message metadata via HTTP headers as an alternative to the query string. For teams where log data is subject to retention policies, security reviews, or compliance audits, keeping sensitive values out of server logs is a hard requirement. This change delivers exactly that.

The Admin API now exposes a Flow API endpoint, allowing teams to list and retrieve Flow APIs in a workspace programmatically. For organizations managing Arc through CI/CD pipelines or building operational tooling on top of Arc's API layer, this adds a meaningful surface area that wasn't accessible before.

A new dedicated Discard connector gives teams a purpose-built way to drop unwanted messages in branch flows. If your team has been using an empty Script connector as a workaround for this, that workaround now has a proper home. Your flows become easier to read, easier to maintain, and a lot less confusing for whoever inherits them next.

Greater workflow and file transfer control

Precision matters in file transfer. A workflow that pulls files without size constraints, handles timestamps inconsistently across time zones, or hammers a partner API without rate awareness creates operational problems that are slow to diagnose and painful to fix. This release addresses all three.

The SFTP and FTP connectors now expose a maximum file size setting for downloads, giving teams explicit control over what enters a workflow. Files that fall outside the defined size threshold whether too small to be valid, like incomplete transfers or empty payloads, or too large to process without disrupting downstream systems can now be filtered at the connector level before they become a problem.

The Schedule connector now supports a sliding window rate limit, letting teams set a maximum file count per time window. Honoring partner API rate limits becomes a configuration decision rather than an engineering problem. There is no custom throttling logic to write and no unnecessary delays to bake into the schedule itself. You set the limit, and Arc handles the rest.

Visibility, security, and platform improvements

For teams managing Arc in enterprise and regulated environments, capability alone is not enough. What matters just as much is what the platform lets you see, what it lets you control, and what it lets you prove.

On visibility: Tracked Header values are now searchable directly in the Transaction Tab, making it faster to locate specific transactions in high volume environments. The Delete All Transactions action is restored to the Transaction UI for fast bulk cleanup.

A fully refreshed connector UI

The UI redesign is complete and consistent across all pages in the app, including connector UIs.      

For teams onboarding new users or managing Arc across multiple operators, consistency in the interface reduces cognitive load and shortens the time it takes to configure, troubleshoot, and hand off workflows. The redesign goes well beyond aesthetics. Every interaction with the platform benefits from it, and those benefits compound the more your team grows and your workflows multiply.

Now available: Arc MFT Unlimited

Alongside this release, we recently introduced Arc MFT Unlimited, a new licensing option designed for organizations that need enterprise grade Managed File Transfer without the consumption based pricing or feature bundles that come standard with most traditional vendors.

Arc MFT Unlimited gives teams unlimited access to MFT, Database, and Application connectors at a flat annual rate. No per-partner fees, no transaction meters, no invoice surprises when your operations grow. If your organization needs secure, automated, and auditable file transfer and nothing beyond that, Arc MFT Unlimited was built with you in mind. Learn more and order online.

Getting started with the Q2 2026 release

On-premises customers can download the latest version from our builds page. Arc Cloud customers should contact support to schedule their upgrade.

For full details on everything in this release, visit our documentation or reach out to our support team.