May 2026 Newsletter

SDK News Corner

OAuth, Security & Developer Experience Improvements

This month’s SDK updates focus heavily on improving workflows around OAuth FDX (Financial Data Exchange) management. New methods and CLI tooling have been added to simplify retrieving, enabling, and disabling OAuth clients directly through the SDK. Additionally, several new Security Alert–related DbObjects were introduced to expand support for security event and alert management.

We’ve also continued investing in overall developer experience across the SDK. Improvements this month include better CLI hinting and usability, clearer HTTP proxy error messaging, expanded pipeline documentation, and additional automation around AccountDetails adapter setup.

Sandbox Updates

New Themes available 6/4

We’ve made updates to sandbox environments to help you better preview and validate how your integrations will appear across evolving customer experiences. Please check your email for more details.

Sandbox environments now include new theme options: Interlinked Light and Interlinked Dark. Interlinked Light is now the default theme, replacing the previous Thrive branding.

These theme options are intended to help you test your integration against different visual treatments and confirm that your UI responds as expected. To ensure your integration adapts properly to theme changes, we recommend using Tecton components and styling patterns wherever applicable.

Coming soon: Composable dashboard in sandboxes

By the end of June, we plan to make composable dashboard available in sandbox environments.

This will allow you to preview the composable dashboard experience and develop content blocks locally, giving you a clearer view of how your work will look and behave before it reaches production.

Together, these updates are designed to give you more realistic testing environments, reduce surprises, and help you build with greater confidence.

Mobile SDK News

mSDK Skills Marketplace

We have launched the mSDK Skills Marketplace, a Claude Code / Codex plugin marketplace designed to support mSDK native module development. The marketplace provides a shared set of skills across msdk-android, msdk-ios, and msdk-shared, enabling teams to work from a consistent development workflow rather than relying on custom prompts and ad hoc tooling. Current skills support common workflows including: • mSDK module release automation • Partner module merge request reviews aligned to security, privacy, and stability standards • On-demand access to Q2 Mobile SDK documentation through MCP integrations These capabilities are intended to streamline module development, improve consistency, and reduce repetitive setup and boilerplate work.

DevApp Updates

The InboundSSO Module has been added to DevApp. To enable InboundSSO authentication in your DevApp, add the following entry to the modules array in your settings.json configuration:

{
  "name": "InboundSSO"
}

iOS – Liquid Glass

We are currently investigating enabling Liquid Glass in a future iOS release. While exact timing has not yet been finalized, this change may introduce updates to UI rendering and visual behavior. We will provide additional details, including timelines as they become available. In the meantime, partners should begin reviewing their modules to ensure compatibility with potential UI and rendering changes.

iOS – Swift 6

We are currently planning an upgrade to Swift 6 in a future iOS release. While timing has not yet been finalized, this update may introduce language, compiler, and dependency compatibility changes. We will provide additional details and implementation timelines as they become available. Partners should begin reviewing their modules and any third-party dependencies to ensure readiness for Swift 6 compatibility requirements.

Android – Gradle 9.0

We are targeting an upgrade to Gradle 9.0 as part of the June (26.6.0) Android release, which is schedule for June 10th. This update may introduce changes to build configuration and dependency compatibility. Partners should begin preparing their modules by reviewing Gradle compatibility and updating any outdated configurations or dependencies.

Android – Kotlin 2.3.0

We are also planning to upgrade Kotlin to version 2.3.0 as part of the June (26.6.0) Android release, which is schedule for June 10th. This update may impact language features and dependency compatibility. We recommend that partners review their modules and ensure alignment with Kotlin 2.3.0 to avoid potential build or runtime issues.

Portal News

Notification Bridge Improvements

The sandbox online banking environments all use the same bridge. Previously, whenever sandboxes needed to be redeployed, updated, or when a new sandbox was added, the bridge would also be redeployed. If any notifications were sent during that time, they would fail to send successfully. The service has now been updated so the bridge no longer needs to be redeployed. As a result, sandbox environments should send notifications more consistently.

New Experience Builder Navigation Nodes

New navigation nodes are now available for Experience Builder, primarily intended for partners who have been granted access by financial institutions (FIs) to use Experience Builder. If an FI needs access for Staging or other environments, please open a support case.

API Template Updates

API Templates now support the Centrix Exact Transaction Management System (ETMS). ETMS has recently been opened for external developer access. API Templates provide targeted access, allowing partners to interact only with limited and approved resources.

Content Block Pages

Brand-new Content Block Catalog pages are now available on q2developer.com for all partner apps to advertise their content blocks. If you are an app owner with a content block, please update your app listing to advertise it there.

Core Provider

In a previous newsletter, we added useful environment details to self-service, including the UUX version and URL for online banking environments. We have recently added Core Provider information to that list as well.

Tecton News

Component Improvements

Several components received updates to improve flexibility, visual polish, and composition. q2-carousel includes a design update, and Tecton now includes a minimal aesthetic template for streamlined visual experiences.

Animation behavior is more adaptable across interactive components. q2-checkbox and q2-popover now support themeable animation, and q2-popover includes new animation support for a smoother interaction experience.

q2-item now supports font-style overrides, giving developers more control over item presentation. q2-tab-container also now allows tecton-tab-pane elements, making tab composition more flexible.

With custom icon support: Custom icon support was also added, expanding the available options for tailoring component visuals.

Platform & Developer Experience

Platform configuration is more flexible with support for providing a custom Pendo script URL through getPendoInfo.

Outlet integration also received an update: outlets now support an outletSelector attribute, and data-outlet-selector is set on the iframe body to support more targeted outlet behavior.

Bug Fixes & Stability Improvements

Popover behavior is more reliable across interaction and layout scenarios. Fixes address a race condition that could cause a popover to close immediately after opening and improve popover positioning in scrollable iframes.

q2-select includes several stability improvements. Updates address searchable select behavior on mobile, improve handling for q2-select in iOS 18 mobile app environments, and correct display behavior when text content contains tab sequences.

Caliper API News

New Endpoints

We’ve introduced a new Send External Event endpoint for forwarding events downstream. This endpoint will ultimately replace the existing Pinion endpoint while supporting the same in-session functionality, including alert routing and account refreshes when using the IN_SESSION destination type.

A new Sentinel Score endpoint is now available for scoring transactions using Q2 Sentinel fraud detection. Q2 Sentinel leverages behavioral analytics and real-time transaction monitoring to identify suspicious activity and place suspect transactions on hold for review before processing.

Additional security enhancements include a new Bind Auth Token endpoint for associating Symantec VIP authentication tokens with end users, adding another layer of transaction validation and fraud protection.

Additional Features

Alongside these additions, several existing endpoints have been enhanced. The Enrollment endpoint now supports isSMSTarget across all phone types (previously limited to Mobile phone types), Get Host Transaction Image now accepts account_number_internal, and Remove Account Association now supports unlinking accounts directly by CustomerID.

Latest Releases

Caliper SDK (Python) v2.321.0 - CHANGELOG

Mobile SDK (Python) v26.5.0 - CHANGELOG

Tecton SDK (Javascript) v1.67.2 - CHANGELOG

Marketplace (Python) v0.8.9 - CHANGELOG

Caliper API (Python) v1.51.0-rc.3 – CHANGELOG