What's New in Administration
Discover the latest updates to Arc XP's Administration module, which includes the following apps:
Authors
Release dates
Sandbox - Monday, July 6, 2026
Production - Monday, July 13, 2026
Release summary
Fixed an issue where author form fields could become disabled after saving an author when an invalid URL service pattern caused Bio Page URL generation to fail. Author form fields now remain editable after a failed save, and URL generation errors are displayed without locking the form.
Users affected
Author users
Action required
None
Release dates
Sandbox - Tuesday, July 22, 2025
Production - Tuesday, August 5, 2025 (was previously July 29)
Release summary
This release fixes a bug in the Author application that prevented proper processing when regenerating an existing Author Bio URL.
Users affected
Administrators
Action required
None
Release dates
Sandbox - Wednesday, July 2, 2025
Production - Wednesday, July 9, 2025
Release summary
This release removes unnecessary logic when loading an Author’s image through the UI. There is no change to the existing features.
Users affected
Author users
Action required
None
Developer Center
Release dates
Sandbox - Tuesday, December 5, 2023
Production - Thursday, December 7, 2023
Release summary
Developer Center now supports Portuguese (Brazil) and defaults to Portuguese (Brazil) instead of Portuguese (Portugal) when the default language is set to Portuguese.
Users affected
All users
Action required
None
Roll-Out Dates
Sandbox: Thursday, August 18, 2022
Production:
Thursday, February 2, 2023 - Sydney, Tokyo, Frankfurt
Sydney: 8:00 AM to 11:00 AM Eastern
Tokyo: 11:00 AM to 2:00 PM Eastern
Frankfurt: 4:00 PM to 7:00 PM Eastern
Monday, February 6, 2023 - Washington, D.C.
Washington, D.C.: 2:00 PM to 5:00 PM Eastern
Note
This release was promoted to production in August 2022 but had to be rolled back.
Enhancements
Restricted Access Tokens
Developer Center now offers the ability to create restricted access tokens that are scoped to specific applications. This provides you with greater control and the means to improve your organization’s approach to security.
Previously, access tokens were exclusively global, meaning they could be used with any developer API in a given environment.
Now, you can create access tokens that work with specific applications’ APIs. When granting access to applications, you can now grant read access to one application while permitting read or write permission for another application.
No action is required following this release. All existing tokens will continue to work with the same level of access.
While not required, it is highly recommended to replace existing coarsely-grained tokens with more narrowly scoped access tokens.
Limiting the scope of your access tokens strengthens your organization’s security posture. It will also positively impact your compliance efforts because it allows you to demonstrate that protected data cannot be exposed to third-party integrations.
A developer working on an integration using a tightly scoped access token can generate significantly less damage (maliciously or accidentally) if they only have access to a subset of the APIs available within your organization’s environment.
Using tightly scoped access tokens also limits the blast radius if one of your tokens is leaked in the wild.
Example:
Let’s say you create a token to grant access to an editorial email newsletter integration and the access token is compromised when a developer accidentally checks the token into GitHub.
If you created an access token that only permits read access to the Content API, an attacker could not use the access token to gain access to your organization’s data within Arc Subscriptions. This safeguard dramatically limits the impact of said breach.
Once created, the scope of a token cannot be adjusted. If you’d like a token with a different scope, create a new token and swap it out.
How to create a restricted access token
Navigate to Developer Center
Click “New Access Token”
Select “Restricted Access” and click “Create Token”
Provide a token description and select the relevant access
Click “Generate Token” and securely store the provided token information.
Token Limit Counter
This release also adds a token counter so that you can see how many tokens you’ve created as well as how many have been created within your organization. You can also see how many more tokens can be created before the cap is reached. The cap is not new but was previously not listed in the UI.
Roll-Out Dates
Sandbox: Thursday, July 16, 2020 - 11am to 1pm ET
Production: Thursday, July 30, 2020 - 11am to 1pm ET
Enhancements
Content API Integration
The POST /Urls endpoint in Content API is now allowed for all read-only tokens and PageBuilder tokens. For a complete breakdown of the differences between token types, see Types Of Access Tokens.
Search on Token Description
The search box now searches against both the token description and owner email address.
Hotfixes
2020-08-24: Fixed an issue where read-only access tokens could not POST to /content/v4/urls if query parameters were included
Roll-Out Dates
Sandbox: Thursday, July 2, 2020 ET
Production: Thursday, July 16, 2020 ET
Enhancements
Design Refresh
Developer Center has a new look, with updated fonts, colors and spacing for better accessibility and consistency with Arc design patterns.
PageBuilder Local Development Setup
Developer Center now auto-generates the text needed for you to paste into your .env file when setting up development in PageBuilder Engine.
Token Pagination
You can now page through large numbers of access tokens.
Token Sorting
You can sort tokens by created date, last used date, token type, description or user.
Roll-Out Dates
Sandbox: Thursday, January 16, 2020 ET
Production: Thursday, January 23, 2020 ET
Enhancements
Developer Center is now available in Korean.
Fixes
Corrected minor text spacing issues.
Added English text as the default when the browser is using an unsupported language
Roll-Out Dates
Deploy to All Sandbox and Prod Environments: Thursday, Dec 12, 2018
Introducing Developer Center
Developer Center is a new entry point for developers to begin building integrations and new products on top of the Arc platform. In this initial release, we include a more secure form of access token for individual access to the Arc API.
You may access Developer Center by finding its tile in the Administration section of your Arc dashboard. The tile is currently available to all users who also have access to the Permissions tile, but it can be opened to all members of your organization upon request. Contact Arc XP Customer Support to request the tile be added for more users.
New Features
In developer center, users with appropriate access can provision and revoke their own API access tokens. Each user can have up to 20 tokens, and each organization can have up to 300 tokens.
Administrators with the appropriate permission can also see who created each access token and revoke them individually.
For more information on provisioning, revoking and using the new API access tokens, see Managing access tokens.
How are API Access Tokens Different from Basic Auth Credentials?
Until now, most organizations have accessed the Arc API using Basic Auth Credentials. The new access tokens are a big improvement over the old credentials in a couple of important ways:
Access tokens can be provisioned and revoked by users of an organization at will. Generating new basic auth credentials (or deprecating old ones) requires organizations to manually request them from Arc XP Customer Support.
Access tokens are tied to the specific user who provisioned them. When that user leaves the organization, another user can remove their old access tokens. Basic auth credentials are only associated with an organization.
Access Tokens use the HTTP Bearer Authentication mechanism instead of HTTP Basic Authentication.
Accessing the API using either access tokens or basic auth grants the user unlimited access to all API endpoints within Arc, so they should both be used and stored securely.
What’s Happening to the Basic Auth Credentials?
Basic Auth credentials for all organizations will continue to function as they always have for the immediate future. They will be deactivated sometime in 2019. Expect more details to come on the deprecation timeline in Q1 2019.
In the meantime, we encourage all API users to switch their applications to using the new access tokens as soon as possible to ensure a seamless transition.
Global Settings
Release dates
Sandbox - Wednesday, February 28, 2024
Production - Wednesday, March 6, 2024
Release summary
Now, when you select the Allow on all websites check box on a distributor, the system removes any underlying restriction and applies the distributor to all websites. Previously, the system defaulted to the restriction unless you manually removed it.
Note
The Allow on all websites check box overrides restrictions for distributors created after March 6, 2024. For distributors created before March 6, 2024, if restrictions are present, you must first manually remove the restrictions, and then select the Allow on all websites check box. Otherwise, the system defaults to the local restrictions you defined.
Users affected
All users
Action required
None
Global Settings - Arc Intelligence
Release dates
Sandbox - Tuesday, April 29, 2025
Production - Tuesday, May 6, 2025
Release summary
For customers using Arc Intelligence, Global Settings now offers a prompt testing area on the prompt configuration page. You can now enter story content you'd like to test the prompt against, and check the response without leaving the Settings page.
For step-by-step instructions, see Testing prompts.
Users affected
Arc Intelligence admin users
Action required
This prompt testing functionality is available for customers who license any Arc Intelligence package. To subscribe to our AI functionality, contact your Technical Account Manager.
Home
Release dates
Sandbox - Tuesday, December 5, 2023
Production - Thursday, December 7, 2023
Release summary
Arc XP Home now supports Portuguese (Brazil) and defaults to Portuguese (Brazil) instead of Portuguese (Portugal) when the default language is set to Portuguese.
Users affected
All users
Action required
None