August 2025 Newsletter

SDK News Corner

GitLab Repository Mirroring

As part of our migration from Bitbucket, we’ve introduced GitLab mirroring in the shared pipeline for partner repositories. This ensures that all FI and Partner repos are synced to Q2 GitLab, while still maintaining Bitbucket in the interim. This is a key step toward fully moving Partner and FI development to Q2's GitLab instance.

Ardent Extension Enhancements

You can now install Ardent extensions under a new name, even if the extension has already been installed. This provides more flexibility when reusing or reinstalling existing extensions without conflicts, giving greater control over managing multiple Ardent extensions.

Improved Developer Safeguards

The q2 check command now includes two major improvements to help developers catch issues early:

• Console Log Detection – warns if any lingering console.log statements are found in your code before deployment, encouraging the use of console.debug instead.

• Minimum Tecton Version Enforcement – validates your extension’s Tecton SDK version and warns if it falls below the recommended minimum, with an easy upgrade path (q2 upgrade -p tecton).

New CLI Commands & DBObjects

Several new DB Objects and CLI commands have been introduced this month. The SDK now supports the HqSessionCache and Q2_DataType DBObjects, along with extended search functionality for HostAccount. On the CLI side, new commands include q2 db get_hq_session_cache, q2 db update_system_property_data, and q2 sandbox treasury— providing easier access to session data, system properties, and treasury functionality for sandbox environments.

Mobile SDK News

Xcode Support

With version 25.9.0 and up (targeted for release on 9/3/25) the iOS Q2Mobility app will support Xcode 16.4. To ensure seamless compatibility with our Q2 build system, we kindly request that you review and update your module if it includes any of your SDK or other third-party dependencies built using an earlier versions of Xcode.

We planning on supporting Xcode 26 by the end of the year. Please stay tuned for additional information.

Portal News

Application Token caching

This has always been implied but never explicitly documented. When a request is made to https://q2developer.com/oauth2/token, the response will look something like:

{
    "access_token": jwt_token,
    "token_type": "Bearer",
    "expires_in": 3599,
    "scope": requested_scopes
}

The "expires_in" field indicates that the "access_token" is valid for 3599 seconds. After that duration, a new token should be requested. This implementation varies by language, but here's an example in C#:

private async Task<string> GetToken()
{
	await _tokenCacheLock.WaitAsync();
	try
	{
		return await _cache.GetOrCreateAsync(CacheKeys.CaliperApiToken, async entry =>
		{
				var request = new FormUrlEncodedContent(new Dictionary<string, string>()
				{
						{ "grant_type", "client_credentials"},
						{ "client_id", _options.ClientId },
						{ "client_secret", _options.ClientSecret},
						{ "scope", _options.Scopes)}
				});

			var response = await _client.PostAsync("https://q2developer.com/oauth2/token", request);
			response.EnsureSuccessStatusCode();
			var token await response.Content.ReadFromJsonAsync<OpenIddictResponse>();
			entry.AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(token.ExpiresIn.Value);
			return token.AccessToken;
		});
	}
	finally
	{
		_tokenCacheLock.Release();
	}
}

Self Service Environment Page Improvements

The Self-Service pages operate by calling the same endpoints used by internal Q2 tools. At Q2, we strive to ensure that the tools available externally are the same ones we use internally. This is mostly true in this case, though we do add a layer of authorization and permissions for external access.

Recently, the underlying tools powering the Environment page received performance improvements. However, these benefits could only be realized with changes to the frontend. As a result, you’ll now see a separation of form types—this mirrors how the backend tools are structured by default.

By separating the form types, each individual form type now loads significantly faster. This change was made to improve usability and performance. We've also added notes to each form type to help you quickly locate the one you need.

Tecton News

Tecton 1.58.0

Component Enhancements:

The Message component has received a visual refresh with updated styling and new CSS variables for improved customization capabilities. Elements that utilize a popover menu now implement the modern Popover API behind the scenes, and the Select element now restricts keyboard access in horizontal orientation on mobile devices. This solves the z-index and keyboard UI issues we've been experiencing with past implementations in our components that consume the popover (Select, Calendar, Dropdown, Pill, Tag). The Checkbox component's toggle variant is now fully themeable, allowing for greater design flexibility, and we've resolved an issue where the checked property wasn't properly updating visually when disabled.

Accessibility and Testing Improvements:

Our commitment to accessibility continues with expanded Axe test coverage for the Calendar component, ensuring comprehensive compliance testing across all interaction patterns. We've also enhanced the Calendar component's keyboard navigation by preventing disabled calendars from being inadvertently reopened through keyboard input. The File Picker documentation now includes simulated upload functionality, making it easier for developers to understand and implement file handling workflows.

Caliper API News

Add User Logon Endpoint

A new endpoint, Add User Logon, has been released. This endpoint allows for creating additional user logons under an existing user, providing more granular control. Previously, user logons were only created automatically through the Enrollment or Add User endpoints when provisioning a new user. Now, with the Add User Logon endpoint, you can explicitly define logons for an existing user, including properties like:

{
    "LogonName": "test_logon",
    "UserID": 1,
    "Password": "abc123",
    "RequirePasswordReset": true
}

This new flexibility makes it easier to manage scenarios where a single user may require multiple logons, such as in commercial banking hierarchies.

Feature Parity with Enrollment and Add User

We’ve also continued our effort to align functionality between the Add User and Enrollment endpoints. The AccountLinkingValue and SkipAccountLinking fields are now supported in Add User, matching what has been available in Enrollment. This streamlines user creation workflows and ensures both endpoints provide equal flexibility when linking accounts.

Latest Releases

Caliper SDK (Python) v2.284.0 - CHANGELOG

Tecton SDK (Javascript) v1.58.1 - CHANGELOG

Marketplace (Python) v0.8.9 - CHANGELOG

Mobile SDK - CHANGELOG

Caliper API (Python) v1.46.0-rc.2 – CHANGELOG