Heads up
This is a pre-release list of features for Celigo platform version 2026.4.1 scheduled for incremental release April 13 – 16, 2026.
These release notes are still being updated, and the links below may lead to unpublished articles until they are finalized on the day of the release.
The Resources menu is now visible to users with Custom (integration-level access) and Monitor all roles. Previously, these users couldn’t see critical shared assets – connections, imports, exports, scripts, lookup caches, on-premise agents, iClients, stacks, APIs, and API tokens – under Resources. Now, their visibility is limited to the integration workspaces to which they have been granted access. Users with manage-level access get full capabilities (edit, debug, clone, delete, view audit logs), while monitor-level users get read-only access with the ability to view details, audit logs, and usage references. This change ensures that every team member can find and inspect the resources used in their integrations, properly scoped to their permissions.
Avoid rebuilding the same logic twice. You can now use a tool as an import step within APIs, making it easy to reuse the business logic you’ve already built with Tools.
Previously, tools were limited to agents and MCP servers. This enhancement brings that same logic into your APIs and keeps your integrations consistent across experiences.
Endpoints used within tools will count toward your supported endpoint limit.
You can now create and manage APIs directly inside an integration using the new APIs tab.
Note
Cloning or downloading an integration that contains APIs is not yet supported, but will be introduced in an upcoming release as part of Integration Lifecycle Management (ILM) support for APIs.
-
Manage access: Create, edit, delete, clone, move, group, and download APIs within an integration
-
Monitor access: View APIs, request logs, audit logs, and OpenAPI specs
-
Account admins & owners: No changes
-
Clone APIs within the same integration or across integrations
-
Move APIs between integrations (where you have access)
-
Create API groups to organize related APIs
-
Download a single API as a ZIP file
-
Upload a ZIP file to create an integration with an API
-
When creating an API outside an integration, you can now choose to create it within a new or existing integration
Flow builder and API builder now support direct URL navigation to views at the flow/API level and below:
-
Flow builder offers a reliable platform path with unique IDs for critical configurations, such as transformation editors, Advanced field editors (AFEs), filters, branching logic, hooks, import error handling, export schedule override, and result/response mapping.
-
API builder also has components at dedicated URLs for request and response nodes, including a specific URL for the response picker. When a dedicated URL is open in another tab, closing the open panel or editor returns you to API builder (instead of closing out of the experience entirely).
It’s now easier to bookmark or share an exact builder view and return to work faster without re-navigating through the platform. If a user opens a URL they don’t have access to, an error message is displayed, and the editor experience remains the same.
Mapper 2.0 and Transformation 2.0 now support an expanded Input context option, which lets you reference runtime metadata to access execution details using JSONPath, without relying on handlebars. When you set Input context to...
-
Record (default): mappings behave as they do today, where the record is the root (
$.field). -
Envelope: data is located under the top-level envelope
$.record.field, and you can also map runtime objects like$.job.*,$.settings.*,$.headers.*,$.queryParams.*, and$.pathParams.*, while keeping existing mappings fully backward compatible.
Mapper 2.0 and Transformation 2.0 now offer a faster, cleaner mapping experience that makes it easier to build, review, and maintain mappings. The mapping workspace is simpler to scan (clearer structure and nesting), quicker to edit (less clicking, easier reordering, smoother row-by-row mapping), and more comfortable for larger mappings and expressions (better use of space and less intrusive layout). Mapping settings have also been streamlined into a lightweight pop-up, and a new Date data type is available for date-specific mapping needs.
Mapper 2.0 now supports converting primitive arrays (string, number, Boolean) into object arrays, so you can turn raw lists into structured records without scripting. When converting, you can map each element into a single key (user-defined or a constant key `value`). Indexing continues to work with this capability, making it easier to reference array elements and complete downstream transformations where unique keys aren’t available.
We’ve added a new hook, preParse, that lets you modify incoming data before it’s parsed. It gives you more control to ensure cleaner, standardized inputs and reduces the need for external pre-processing. You can now convert formats, enrich records, add metadata, or restructure data in real time to handle complex or nonstandard inputs more efficiently.
Building and running flows is now simpler and more predictable. Flow builder introduces a cleaner, responsive header and a streamlined Run experience – so you can focus on building, not figuring out what to click next.
-
Cleaner, responsive header – Instantly understand your flow state (Test, Enabled, Running) and access only the actions that matter – without clutter
-
Unified Run experience – Test and Enabled modes now follow a consistent, drawer-based experience – replacing multiple pop-ups with a clearer, more predictable flow
-
Select a source for preview – Choose any export as the preview source in both Test and Enabled modes, and see downstream preview data update accordingly
-
Run multiple sources in enabled flows – Select one, several, or all eligible sources when running a flow on demand
-
Parallel execution flexibility – When your flow is configured for parallel execution, you can run other sources even while one source is already in progress
-
Control downstream execution – Choose whether a run launched in Flow build should trigger other integration flows, giving you more flexibility when testing or orchestrating complex integrations
Multifactor authentication (MFA) and single sign-on (SSO) can now coexist on a single user profile with destination-driven enforcement. Previously, enabling SSO effectively overrode MFA settings, creating gaps for users who belong to multiple accounts with different security policies. Now, MFA evaluation is always based on the destination account's policy — not the SSO account’s settings. If you sign in via SSO and the destination account requires MFA, you'll be prompted for MFA after SSO completes; if the destination doesn't require it, you won't be. Trusted-device rules, trust periods, and Do not allow trusted devices settings are all evaluated per destination. When switching between accounts after sign-in, MFA is re-evaluated against the new destination’s policy. The combination ensures consistent, predictable security enforcement no matter how many accounts you work in.
HTTP header name-value pairs now display a handlebars button: {}, making it easier to discover and use dynamic expressions in your header configurations. Click to open the Handlebars expression editor directly from the header row, so you can insert tokens, environment variables, or runtime data into header values without memorizing syntax. This addition standardizes the header configuration experience and encourages safer configurations by making it easier to use dynamic values instead of hard-coded secrets.
Pop-up and panel (sliding overlay) dialogs throughout the Celigo platform now respond consistently to keyboard shortcuts. Press Esc to close any drawer or modal, and press Enter to trigger the primary action, such as Save and Confirm. These shortcuts are context-aware: they won’t interfere when you’re typing in input fields, code editors, list boxes, or other interactive controls. This functionality restores expected keyboard behavior that had regressed during a recent design system update, speeds up common workflows for power users, and brings the platform closer to accessibility standards.
Flow builder just got a major speed boost. Large, complex flows that previously took a while to load now open in under 5 seconds, so you can jump straight into building and editing without the wait. Under the hood, we’ve overhauled Flow builder's rendering architecture — optimizing how steps, connections, and layout are loaded and drawn — so even your most ambitious flows feel snappy and responsive from the moment you open them.
Webhook listeners now let you override the media type for incoming requests. Some third-party systems send webhook payloads with nonstandard Content-Type headers that Celigo auto-detection couldn’t interpret, causing webhook failures even though the payload was perfectly valid JSON. It’s a common source of webhook setup failures when integrating with systems that use vendor-specific or spec-specific content types, for example:
-
SurveyMonkey –
application/vnd.surveymonkey.survey.v1+json -
CloudEvents –
application/cloudevents+json
A new Override media type setting in the Nonstandard request pattern section of the webhook lets you tell Celigo to treat the payload explicitly as JSON, CSV, XML, plain text, or URL-encoded – regardless of what the sender declares. When no override is set, auto-detection applies.
The CSV parser that was already available for HTTP- and file-based providers now extends to webhook listeners. A new CSV parser helper setting in the Nonstandard request pattern section of a webhook configuration lets you parse incoming CSV and TSV payloads into structured JSON records — no more external middleware or custom scripts. The parser supports configurable column delimiters (with auto-detection for TSV); row delimiters; header rows; key columns; encoding options (UTF-8, Win-1252, UTF-16LE, and more); row skipping; and quote handling. When a webhook arrives with a CSV content type (text/csv, application/csv, or text/tab-separated-values) and the parser is configured, data is automatically converted before downstream processing. If no parser is configured, CSV payloads fall back to plain text handling.
The XML parser that was already available for HTTP- and file-based providers now extends to webhook listeners. A new XML parser helper setting in the Nonstandard request pattern section of a webhook configuration automatically converts incoming XML payloads to JSON — preserving attributes, namespaces, and nested elements — so your flows can process the data immediately without external transformation. When configured, XML parsing runs before path-to-records and page size logic, and malformed XML is caught with clear error messages. If no XML parser is configured, XML payloads are passed as raw text. This feature is especially valuable for integrations with enterprise systems and legacy APIs that deliver webhook events in XML format.
The HMAC webhook verification setting, Header (containing HMAC), now supports handlebars expressions for flexible signature extraction. Many SaaS providers, such as GitHub, prepend algorithm identifiers (sha1=, sha256=) to their signature headers, which previously made HMAC validation fail unless you had built custom workarounds. Now you can write a handlebars expression to strip prefixes, extract substrings, or combine header values before Celigo compares the signature. The expression editor has access to the request headers and connection/flow settings, giving you full flexibility. If you don’t provide a handlebars expression, the setting continues to work exactly as before, with just a header name. This enhancement unlocks out-of-the-box HMAC verification for vendors like GitHub and Shopify that decorate their signature headers.
Webhook listeners now support configurable challenge detection rules for flexible webhook verification. Previously, Celigo recognized only GET-based challenge requests, which left many providers unsupported. The new Configure challenge requests section introduces a rules engine that can match the request method, headers, query parameters, or body fields to determine when an incoming request is a verification challenge rather than real data. Common verification patterns covered include:
-
Slack –
record.type=url_verification -
Zoom –
record.event=endpoint.url_validation -
Microsoft Teams –
queryParams.validationTokenis not empty -
Meta/Facebook –
method=GET+queryParams.hub.mode=subscribe -
Monday.com –
record.challengeis not empty
Challenge requests bypass authentication validation, and when rules don’t match, requests are handled normally. This flexibility dramatically expands the set of SaaS applications you can connect via webhooks without custom middleware.
Webhook token verification is no longer limited to the request body. You can now verify authentication tokens wherever your vendor sends them — in request headers (with support for Bearer, custom, or no auth scheme), query parameters, or the body like before. A new Path to token field in webhook request selector puts you in control of exactly where to look, making it simple to connect with services like Google Calendar, Slack, and other platforms that pass tokens outside the body. No migration needed — your existing webhooks continue working as-is, and the new options are ready whenever you are.
-
Allegro– Integrate with the Allegro marketplace for product, inventory, and order synchronization
-
Attentive– Provides a robust connection to Attentive’s SMS marketing platform for automated mobile messaging and customer engagement
-
Google Merchant (UCP)– Sync product feed data, pricing, and availability for Google shopping and listing use cases
-
Google Pub/Sub– Support event-driven integrations through asynchronous messaging and real-time processing.
-
Ironclad– Automate contract lifecycle workflows, including contract creation, approvals, and metadata synchronization
-
Manhattan– Facilitates seamless integration with Manhattan Active Solutions to streamline supply chain and inventory metadata management
-
Productsup– Manage and syndicate product catalog data across commerce and marketing channels
-
Swish– Enables secure Swedish mobile payments, supporting payment processing, QR code generation, and recurring billing via the Swish API
-
xAI– Integrates the xAI "Grok" large language models into your workflows for advanced AI inference and natural language processing
-
ApparelMagic– Moved the connector from Beta to Standard with the help of a customer's credentials and fixed the pagination issue
-
Concur Expense– Added Expense Tax v4 endpoints
-
Docebo– Expanded API coverage across core learning resources and updated connector metadata to align with current platform APIs
-
Dotdigital– Expanded API coverage across core marketing resources and newer platform capabilities, including Contacts, Campaigns, SMS, Ecommerce, Webhooks, Events, Omnichannel, and regional endpoint support
-
Easyship– Updated connector coverage to support current Easyship APIs, including shipments, rates and taxes, pickups, labels, tracking, and multi-API migration readiness
-
Google Analytics– Added Property endpoints
-
Harvest– Expanded coverage across key business resources, including Clients, Projects, Tasks, Invoices, Expenses, Timesheets, Reports, and incremental sync support for updated records
-
Procore– Expanded version coverage and updated connector support to align with current Procore REST APIs
-
SAP S/4HANA– Added support for On-Premise and Public/Private Edition APIs
-
Shippo– Expanded API coverage across core shipping workflows, including addresses, parcels, shipments, rates, labels, tracking, customs, refunds, manifests, carrier accounts, and orders