HomeGuidesAPI ReferenceChangelog
Log In
Guides

Plug to UDS Bridge

What is the Plug to UDS (P2U) Bridge?

When a utility provider institutes multi-factor authentication (MFA), accounts managed through Utility Data Service (Arcadia's legacy product UDS) lose access to data, and UDS has no interface for customers to complete an MFA challenge like a one-time password (OTP) or code. Without a solution, affected credentials simply fail and data deliveries stop.

The P2U Bridge solves this by connecting your UDS account to Arcadia's Plug platform, which supports MFA natively. When MFA is required, Plug handles the authentication challenge and delivers the retrieved data back to UDS for standard processing and delivery.

You'll complete MFA through the Arcadia Dashboard by selecting your preferred delivery method, such as email or text, and entering the code you receive. Plug stores and re-uses the resulting token to minimize MFA refresh on your behalf. For many providers, the token never expires and no further action is ever needed. For others, the token expires after a set period. When that happens, the credential will appear under Action Required in the Arcadia Dashboard.

What Changes for You

Before the P2U Bridge:

When a utility institutes MFA requirements, your UDS credentials fail and data deliveries stop, and there is no way to complete an MFA challenge from within UDS.

After the P2U Bridge:

Your UDS account is connected to Arcadia's Plug platform. You'll complete, and if required maintain, the MFA authentication through the Arcadia Dashboard - please see the Supported Providers table below for the maintenance and re-auth frequency. Your UDS data deliveries continue without impact.

What stays the same:

Your UDS / Portal data delivery format, schedule, and account structure are unchanged. Charge IDs continue to be managed independently in UDS. Customer Non-Bill Data (CNBD) continues to flow through UDS delivery correctly — see CNBD & Account State Sync Are Now Live below for what's changed in how you manage it.

Supported Providers

The P2U Bridge launched with support for 14 utility providers, with more being added on an ongoing basis. All require credential-based access. Email ingestion and SFTP/FTP ingestion are not supported today.

ProviderMFA TypeRe-Auth FrequencyNotes
Public Service Enterprise Group - New Jersey (PSE&G)Token StorageEvery ~30 daysAuthenticate once via Arcadia Dashboard at setup; re-authenticate when credential appears under Action Required
Atlantic City ElectricToken StorageEvery ~90 daysAuthenticate once via Arcadia Dashboard at setup; re-authenticate when credential appears under Action Required
Pacific Gas & Electric (PG&E)Token StorageEvery ~180 daysAuthenticate once via Arcadia Dashboard at setup; re-authenticate when credential appears under Action Required
San Diego Gas & Electric (SDGE)Automated MFAOne-time setup onlyAuthenticate once via Arcadia Dashboard at initial setup; no re-auth ever needed after that
PepcoToken StorageEvery ~90 daysAuthenticate once via Arcadia Dashboard at setup; re-authenticate when credential appears under Action Required
Commonwealth Edison (ComEd)Token StorageEvery ~90 daysAuthenticate once via Arcadia Dashboard at setup; re-authenticate when credential appears under Action Required
EversourceAutomated MFAOne-time setup onlyAuthenticate once via Arcadia Dashboard at initial setup; no re-auth ever needed after that
Delmarva PowerToken StorageEvery ~90 daysAuthenticate once via Arcadia Dashboard at setup; re-authenticate when credential appears under Action Required
Baltimore Gas & Electric (BGE)Token StorageEvery ~90 daysAuthenticate once via Arcadia Dashboard at setup; re-authenticate when credential appears under Action Required
Philadelphia Electric Company (PECO)Token StorageEvery ~90 daysAuthenticate once via Arcadia Dashboard at setup; re-authenticate when credential appears under Action Required
EnbridgeAutomated MFAOne-time setup onlyAuthenticate once via Arcadia Dashboard at initial setup; no re-auth ever needed after that
Dominion Energy South CarolinaToken StorageEvery ~30 daysAuthenticate once via Arcadia Dashboard at setup; re-authenticate when credential appears under Action Required
EvergyAutomated MFAOne-time setup onlyAuthenticate once via Arcadia Dashboard at initial setup; no re-auth ever needed after that
Versant PowerAutomated MFAOne-time setup onlyAuthenticate once via Arcadia Dashboard at initial setup; no re-auth ever needed after that

Additional provider coverage beyond this list is in active testing and will be rolling out soon. Contact your Arcadia CSM for the latest on a specific provider.

Getting Started

Your Arcadia account team will guide you through setup. Here's what to expect:

  1. Your Arcadia CSM confirms eligibility — they verify your inventory has MFA-supported providers with credential-based access.
  2. Migration planning — your CSM works with you to take stock of all eligible credentials across your supported providers, understand your team's capacity for migrating credentials, and agree on a batch or provider schedule and timing that fits your operations. We recommend migrating MFA credentials on a provider-by-provider basis rather than all at once, as this keeps the number of simultaneous MFA prompts manageable and gives your team time to confirm each provider is working correctly before moving on to the next. If Arcadia is already managing MFA for some of your providers like Duke and PG&E, those will be migrated seamlessly by Arcadia as part of this process. This means no additional action is needed from you for those providers.
  3. Arcadia configures the P2U Bridge and migrates credentials — backend setup and credential migration is completed per the agreed schedule, typically within 2–4 business days per batch after your request is submitted.
  4. Batch confirmation — after each batch is authenticated, your CSM confirms that Plug has discovered the expected accounts and that data delivery has resumed before proceeding to the next batch.
  5. Ongoing — for some providers, the initial authentication step is all that's ever needed. If your provider has a token expiry period, the credential will appear under Action Required in the Arcadia Dashboard when re-authentication is needed, and it typically takes just a few minutes to complete.

Where to Manage Your Credentials

For P2U Bridge providers, always add or update credentials in the Arcadia Dashboard once the provider has been migrated, and not in the UDS Portal. The P2U Bridge automatically syncs credentials from the Arcadia Dashboard to UDS.

Why this matters: If you add a credential directly in UDS for an MFA provider, the P2U Bridge will sync it to the Arcadia Dashboard and immediately encounter an MFA challenge, requiring you to complete authentication in the Dashboard anyway. Save the extra step and start in the Arcadia Dashboard.

Monitoring Your Account

Your UDS / Portal monitoring and delivery records remain your primary view of data delivery status. Check credential health in the Arcadia Dashboard.

What to checkWhere to lookHealthy state
Credential authentication statusArcadia DashboardNo credentials under Action Required
Data delivery recordsUDS / PortalNormal delivery history
Latest Source TypeUDS / PortalDAQ_PDF_DEFAULT

If credentials appear under Action Required in the Arcadia Dashboard, re-authentication is needed. Log into the Dashboard to complete it, or contact your Arcadia CSM. If you use the Plug API, you can make a request to the Retrieve Credential endpoint, or subscribe to webhook events to be notified of these kinds of changes.

CNBD & Account State Sync Are Now Live

Previously, any changes to Customer Non-Bill Data (CNBD) or account activation/deactivation had to be made separately in both Plug and UDS. That's no longer the case:

  • CNBD Auto-SyncCustom Data changes you make in Plug now sync automatically to the matching CNBD field in UDS. Plug is now the source of truth for CNBD.
  • Account State Syncaccount activations, deactivations, and voids made in Plug now sync automatically to the corresponding UDS account. Plug is now the source of truth for account state.
  • If your organization manages accounts across multiple UDS projects, this sync uses two account-level fields to route changes to the correct project. Your Arcadia CSM will confirm whether this applies to your setup and help ensure those fields are populated correctly.

Going forward:

  • Make Custom Data / CNBD updates in Plug — they'll sync to UDS automatically.
  • Make account activation, deactivation, and void updates in Plug — they'll sync to UDS automatically.
  • If your UDS instance has any CNBD fields marked Required, make sure the corresponding values are entered in Plug for new accounts so the sync completes correctly and the account is properly enrolled in UDS.

What is NOT Yet Supported

Expanded provider coverage

Coverage beyond the current supported provider list is in active testing and will be rolling out soon — see the Supported Providers table above.

Email ingestion and SFTP/FTP ingestion

The P2U Bridge supports credential-based access only. Email ingestion and SFTP/FTP ingestion accounts continue to operate through the standard UDS pipeline for now. Arcadia is working to fold these into Plug's Bill Uploader feature — check with your CSM for the latest timeline.

Frequently Asked Questions

Will my Charge ID configuration change?

No. Charge ID is managed independently in UDS and is not affected by the P2U Bridge. The Plug platform does not use Charge IDs in the same manner as UDS.

Will my CNBD data still come through the UDS delivery correctly?

Yes. Now that CNBD Auto-Sync is live, changes you make to Custom Data in Plug propagate automatically to the matching CNBD field in UDS — Plug is the source of truth. Just make sure any UDS fields marked Required have corresponding values entered in Plug.

Do I still need to update CNBD and account status in both systems?

No, not for Bridge-enrolled accounts. Now that CNBD Auto-Sync and Account State Sync are live, updates made in Plug propagate to UDS automatically. Make these updates in Plug going forward.

How will I know when re-authentication is needed?

The credential will appear under Action Required in the Arcadia Dashboard — this is how most users monitor for this. If you use the Plug API, you can also detect it by polling the Credentials endpoint or by subscribing to webhook events.

Do I need to do anything on a recurring basis?

All providers require a one-time MFA authentication at initial setup. After that, it depends on your provider: many use tokens that never expire, while others have tokens that expire after a set period. Automated MFA providers never require re-authentication after initial setup. See the provider table above for your specific provider's re-auth frequency.

Why does Arcadia migrate credentials per provider rather than all at once?

When credentials are migrated, they each require your team to submit an MFA code in the Arcadia Dashboard. Migrating everything simultaneously would flood your team with prompts at once. Migrating provider-by-provider gives you time to handle each set cleanly and confirm that accounts are discovered correctly before moving on. Your CSM will work with you during the planning stage to agree on a provider schedule that suits your team.

I have accounts at a provider not on the list above. Are they affected?

No. Only supported P2U Bridge providers are included in the program. More are being added over time, with expanded coverage currently in active testing. Contact your CSM to ask about a specific provider.

Can I still manage accounts in UDS / Portal as I do today?

Account management, enrollment, monitoring, and data delivery records in UDS remain available. However, since Plug is now the source of truth for CNBD and account state, Arcadia recommends moving account management processes to Plug where possible. Any MFA accounts will still need to be authenticated through Arcadia's Dashboard, so net-new accounts should be submitted and enrolled through Plug.

What happens if MFA fails?

For token-storage providers with expiring tokens, the credential will appear under Action Required in the Arcadia Dashboard. Log in and complete re-authentication. For automated MFA providers, if anything fails after initial setup, Arcadia handles it with no action required from you.

My organization has accounts with multiple Arcadia orgs. Are we supported?

Multi-org scenarios are not yet supported. Please contact your CSM for guidance on your specific situation and roadmap. (Note: this is different from having multiple UDS projects within a single org, which is supported — see CNBD & Account State Sync above.)

I use email ingestion or SFTP/FTP for some accounts. Does the P2U Bridge support those?

Not yet. The P2U Bridge supports credential-based access only. Email ingestion and SFTP/FTP ingestion accounts continue to operate through the standard UDS pipeline. This is in active development as part of Plug's Bill Uploader feature. Note: when accessing via credentials, utilities may return data as PDFs or HTML, but both are supported.

Will my data arrive faster with the P2U Bridge?

No. The P2U Bridge does not change data delivery frequency or scheduling, only how authentication is handled.

How long does setup take?

Your CSM will work with you during the planning stage to agree on a provider schedule. Each provider typically takes 2–4 business days for Engineering to configure and migrate credentials. The initial MFA authentication step itself takes just a few minutes per provider in the Arcadia Dashboard.

Why do my credentials show an error right after migration?

This is expected. When Arcadia migrates your credentials, authentication needs to be re-established, and the credentials will show a connection error until you submit a fresh MFA code. Your CSM will coordinate the exact timing for when to do this. Do not submit a code until your CSM gives the signal, as submitting too soon may result in the code being rejected.

For UDS API-Integrated Customers

This section applies only if you access UDS data programmatically via the API. If you use the Urjanet Portal only, you can skip this section.

What Changed for API Integrations

For P2U Bridge-enrolled accounts, Arcadia's Plug platform now handles credential navigation and MFA resolution. UDS no longer manages this directly for these accounts. Your UDS data delivery continues normally, but the way you detect credential health must change: several UDS credential status fields no longer update to reflect failures that occur on the P2U Bridge side. See table below.

This affects accounts at Phase 1 providers using credential-based access. Accounts using email ingestion or SFTP/FTP ingestion are unaffected.

UDS Fields No Longer Reliable for P2U Bridge Accounts

⚠️ Do not use these fields to assess credential health for P2U Bridge-enrolled credentials.

enrollmentStatus Once enrollmentStatus reaches SUCCESSFUL_DELIVERED, it never moves backward, even if the P2U Bridge later fails. Do not use this field to assess ongoing credential health. You may still use it to confirm initial successful enrollment.

extractionStatus (MULTI_FACTOR_AUTH_FAILURE etc.)
MULTI_FACTOR_AUTH_FAILURE will not be set for P2U Bridge accounts because UDS navigation is disabled. MFA failures occur in Plug and are not propagated to this field.

UDS Fields That Remain Reliable

The following UDS fields are unaffected by the P2U Bridge and continue to behave normally:

FieldStill Reliable?Notes
Delivery records / data payloads✅ YesData arriving in UDS is correct. The P2U Bridge changes delivery timing, not data quality.
latestSourceType (DAQ_PDF_DEFAULT)✅ YesShould be DAQ_PDF_DEFAULT for all P2U Bridge-enabled accounts. If not, contact Arcadia support.
Delivery timestamps✅ YesArrival timing may shift by up to 3 hours vs. previous behavior.

The Authoritative Health Signal: Plug API

For P2U Bridge-enrolled accounts, Plug credential status is the single source of truth for credential health. The Plug API uses a status / statusDetail pair on each credential, along with isCustomerActionRequired and isAccessible boolean fields.

statusstatusDetailisCustomerActionRequiredisAccessibleMeaning
CONNECTION_SUCCESSLOGIN_AND_DATA_DISCOVERY_SUCCESSfalsetrueP2U Bridge healthy; last navigation succeeded.
CONNECTION_IN_PROGRESSvariesfalsevariesNavigation in progress or a transient issue is being resolved. No customer action needed.
CONNECTION_FAILUREMULTI_FACTOR_AUTHENTICATION_REFRESH_REQUIREDtruefalseMFA session expired; customer must submit a new OTP via the Arcadia Dashboard. Applies to token-storage providers upon token expiry. Data access is blocked.
CONNECTION_FAILUREMULTI_FACTOR_AUTHENTICATION_FAILUREtruefalseMFA OTP was invalid. For automated MFA providers: system-level issue at Arcadia; do not prompt the end-user. For token-storage providers: end-user may need to retry.
CONNECTION_FAILUREMULTI_FACTOR_AUTHENTICATION_TIMEOUTtruefalseOTP was not submitted in time or the request was abandoned.
CONNECTION_FAILUREUNSUPPORTED_MULTI_FACTOR_AUTHENTICATIONtruefalseArcadia does not support this MFA type. The customer may be able to disable MFA at the utility account level. Contact Arcadia support if this appears on a P2U Bridge account.
CONNECTION_FAILUREINVALID_CREDENTIALStruefalseUsername/password incorrect; customer must update credentials.
CONNECTION_DEACTIVATEDDATA_EXTRACTION_NOT_REQUESTEDfalsefalseCredential has been deactivated. Reactivate to re-enable access.

📝 These are Plug API values. Credential states are not synced back to UDS credential fields. Plug is the only place these statuses are visible.

The isCustomerActionRequired and isAccessible Flags

  • isAccessible: false on any CONNECTION_FAILURE status means data via credential access is currently blocked. Do not expect UDS delivery while this flag is set to false.
  • CONNECTION_FAILURE / MULTI_FACTOR_AUTHENTICATION_REFRESH_REQUIRED + isCustomerActionRequired: true — Token-storage provider token expired. The customer must log into the Arcadia Dashboard to submit a new OTP. Your application should surface a re-authentication prompt.
  • CONNECTION_FAILURE / MULTI_FACTOR_AUTHENTICATION_FAILURE + isCustomerActionRequired: true on an automated MFA provider — Although the flag is true, no customer action is possible or appropriate. This is a system-level issue at Arcadia. Do not prompt the end-user. Contact Arcadia support.

Handling MFA Re-authentication in Your Integration

Token Storage providers — tokens that expire have durations vary from 30 to 180 days.

Integration guidance for expiring tokens:

  • Monitor for CONNECTION_FAILURE / MULTI_FACTOR_AUTHENTICATION_REFRESH_REQUIRED via Plug API polling or webhook subscription.
  • Surface a re-authentication prompt to your end user when this state is detected.
  • Build tolerance for UDS delivery gaps of up to 24–48 hours during the re-auth window.

Delivery Timing

After a successful MFA authentication for P2U Bridge-enrolled accounts, expect data to be processed and stored for UDS delivery pickup within 3 hours. Your data will then most likely appear within the next UDS delivery. Build tolerance for this window in any SLA-sensitive integrations, since deliveries will not arrive faster than this for P2U Bridge accounts.

Recommended Integration Pattern

Step 1 — Detect P2U Bridge enrollment. Check whether the account is at a Phase 1 provider with credential-based access. If yes, apply P2U Bridge-aware logic around credential monitoring and delivery timing.

Step 2 — Poll Plug for credential health. Replace any UDS credentialStatus / extractionStatus polling for P2U Bridge accounts with Plug API polling. Healthy state = CONNECTION_SUCCESS/LOGIN_AND_DATA_DISCOVERY_SUCCESS(isAccessible: true).

Step 3 — Handle token expiry. If Plug returns CONNECTION_FAILURE / MULTI_FACTOR_AUTHENTICATION_REFRESH_REQUIRED for a token-storage provider, surface a re-authentication prompt to the end-user.

Step 4 — Handle automated provider failures. If Plug returns CONNECTION_FAILURE / MULTI_FACTOR_AUTHENTICATION_FAILURE for an automated MFA provider, do not prompt the user. Open a support ticket with Arcadia instead.

Step 5 — Use UDS for delivery data only. Continue reading UDS for all delivery-related fields like bill data, intervals, and timestamps. These remain reliable.

Common Scenarios

ScenarioUDS credentialStatusUDS extractionStatusPlug status / statusDetailisAccessibleAction
P2U Bridge healthy, data delivering normallyOK (may be stale)No changeCONNECTION_SUCCESS / LOGIN_AND_DATA_DISCOVERY_SUCCESStrueNone
PSE&G or Dominion Energy SC token expired (~30 days)OK (unreliable)Not setCONNECTION_FAILURE / MULTI_FACTOR_AUTHENTICATION_REFRESH_REQUIREDfalsePrompt end-user to re-auth via Arcadia Dashboard
PG&E token expired (~180 days)OK (unreliableNot setCONNECTION_FAILURE / MULTI_FACTOR_AUTHENTICATION_REFRESH_REQUIREDfalsePrompt end-user to re-auth via Arcadia Dashboard
Customer re-authed; data delivery pendingOKNo changeCONNECTION_SUCCESS / LOGIN_AND_DATA_DISCOVERY_SUCCESStrueNone
Automated MFA provider system failureOK (unreliableNot setCONNECTION_FAILURE / MULTI_FACTOR_AUTHENTICATION_FAILUREfalseContact Arcadia support; do not prompt end-user
Account not P2U Bridge-enrolled (standard UDS)NormalNormalN/AN/ANo change to existing behavior

Migrating Existing UDS Logic

If your integration uses UDS credentialStatus, enrollmentStatus, or extractionStatus to detect MFA failures or drive re-auth workflows, update that logic for P2U Bridge-enrolled accounts:

  1. Identify which accounts are at Phase 1 providers.
  2. Add a P2U Bridge-aware flag or segment to those accounts in your integration.
  3. Route health checks for flagged accounts to the Plug API instead of UDS credential status fields.
  4. Update alerting that triggers on extractionStatus = MULTI_FACTOR_AUTH_FAILURE, since this will never fire for P2U Bridge accounts. Use Plug CONNECTION_FAILURE / MULTI_FACTOR_AUTHENTICATION_REFRESH_REQUIRED instead.
  5. Update SLA logic to tolerate up to 3-hour storage gaps for P2U Bridge accounts. This could bleed into the following delivery, depending on timing of events.
  6. For token-storage providers with expiring tokens, add logic to handle CONNECTION_FAILURE / MULTI_FACTOR_AUTHENTICATION_REFRESH_REQUIRED and surface a re-auth prompt to the owner.
  7. Test against a P2U Bridge-enrolled account in a staging environment before deploying.

API FAQ

Will I still receive UDS delivery events for P2U Bridge accounts? Yes. The delivery pipeline is unchanged. What changes is only the credential health signaling.

How do I know if a specific account is P2U Bridge-enrolled? Contact Arcadia support to confirm whether a specific account is P2U Bridge-enrolled. You can also infer it by checking whether the account is available within Plug and for a Phase 1 provider with credential-based access.

What if I'm not calling the Plug API today? If your integration depends on UDS health signals for P2U Bridge accounts, you will need to integrate with the Plug API. Contact your Arcadia account manager to request Plug API access and documentation.

Can I use UDS delivery gaps as a proxy for P2U Bridge health? With caution. A delivery gap of more than 3 days combined with CONNECTION_SUCCESS in Plug suggests a data pipeline issue; contact Arcadia support. A gap combined with CONNECTION_FAILURE / MULTI_FACTOR_AUTHENTICATION_REFRESH_REQUIRED indicates token expiry; prompt an MFA challenge again.

What happens to SLAs during the re-auth window? Arcadia does not apply standard UDS delivery SLAs during the period when CONNECTION_FAILURE / MULTI_FACTOR_AUTHENTICATION_REFRESH_REQUIRED is active. Build your SLA notifications to suppress during this window to avoid false positives.

Who do I contact for P2U Bridge-related API issues? Contact Arcadia support or your CSM with the account ID, provider, and the Plug and UDS status values you are seeing. For issues affecting multiple accounts simultaneously, escalate to your CSM immediately.