March 2026 Newsletter

SDK News Corner

SFTP Developer Experience Improvements

We have made improvements to facilitate your experience when working with SFTP. You can now use self.sftp_dir directly within handlers and entrypoints to access mounted SFTP directories without needing to manage paths manually. For local development, you can define your SFTP mount using:

export Q2SDK_SFTP_MOUNT_DIR=./test_sftp_dir

Additionally, the /admin endpoint now displays your configured SFTP directory and available paths, making it easier to validate your setup and avoid file-not-found issues during development.

These updates provide a more intuitive and reliable way to work with file-based integrations both locally and in deployed environments.

CI/CD Pipeline & Security Enhancements

We’ve strengthened our CI/CD pipeline to provide more reliable and enforceable code quality checks. Review Buddy, previously a non-blocking advisory tool, can now fail pipelines based on detected issues, ensuring security and best practices are enforced earlier in the development lifecycle. Overrides are still supported for authorized users when necessary, allowing flexibility without compromising standards. Alongside this, we’ve released new documentation covering:

• Pipeline stages and execution flow
• Security scanning (Bandit, Review Buddy)
• SQL scanning and validation
• License compliance checks

Together, these improvements give developers greater visibility into what’s being validated and why, while helping teams catch issues before deployment.

Additional Enhancements

This release also includes a number of developer experience improvements across the SDK. Highlights include new DbObjects such as AlertDefinition, expanded MFA and transaction-related methods, Vite-based hot module reloading for client-side extensions, and enhanced caching flexibility with timedelta support. We’ve also improved error messaging, CLI usability, and configuration options to make development workflows more predictable and easier to debug. For the full list of updates, visit the SDK changelog.

Mobile SDK News

Android MethodModule

MethodModule now supports an optional request function that allows modules to respond to typed requests from core and return structured JSON data:

suspend fun request(request: MethodRequest): JSONObject? = null

The default implementation returns null — existing MethodModule implementations require no changes. Additional details can be found in our Mobile SDK release notes.

Portal News

Q2 Genius

We’ve rolled out a new AI-powered assistant to help you search across our product documentation—including the SDK, Caliper API, and Tecton—all in one place. As a logged-in member of the Q2 Developer Portal, you can use it as a quick starting point to explore docs more efficiently. Access it today at chat.q2developer.com

Audit Partner Environment Access

With Application Templates now serving as the primary method for making API calls to the Caliper API, the recommended approach is for partners to use an application template. This will automatically provision the appropriate access for your application once it is signed.

As a result, direct access to FI Staging and Production environments for API usage is now deprecated. If you are currently using this method or are not yet using Application Templates, we recommend reviewing the documentation here: Multi Institution Integrations

Tecton News

Tecton 1.65.0 is now available with 1.65.0 scheduled for release by next Tuesday.

New Components:

This release introduces the Card Image component, a versatile new element designed for rendering card visuals with support for multiple image formats (PNG, JPEG, SVG), gradient backgrounds with customizable opacity and direction, blur effects, and corner masking. This component is built to be modular enough to support a variety of card variants across different platforms and account types.

Component Features and Improvements:

• The Input component now supports several new input types tailored for the banking and financial industry. Developers can now use built-in input masking for routing numbers, SWIFT/BIC codes, IBAN, and CLABE formats, making it easier to build forms that guide users through entering structured financial data correctly.
• The Area Chart component now allows developers to set minimum and maximum values for both the x and y axes. This gives teams greater control over how data is displayed, making charts more impactful by allowing the y-axis to start at values other than zero.
• The Detail component now supports a center alignment option in addition to the existing left and right alignments, providing more flexibility when laying out informational content.
• The Tooltip component gains a new property that keeps the tooltip visible when hovered. This ensures that users who need to interact with tooltip content, such as reading longer text or using assistive technologies, can do so without the tooltip disappearing unexpectedly.

Event Naming Updates:

This release introduces tct-prefixed event names across all components. Events like change and input now have corresponding tctChange and tctInput variants. This prefix prevents conflicts with native browser event names, and improves compatibility with React and Vue framework wrappers. The original event names continue to work, so no migration is required at this time.

Capability Updates:

Tecton widgets rendered on the Account Details page in UUX now receive the accountId as starting context. This means extensions built with the Tecton SDK can access the account identifier directly through the platform context, removing the need for workarounds when building account-specific functionality.

Caliper API News

Streamlined Account Linking During Enrollment

We’ve introduced support for linking external accounts directly during the Enrollment flow via the new DirectAccountLinking field.

This allows accounts to be associated with a user at the time of creation, removing the need for follow-up linking calls and simplifying onboarding workflows for adding external accounts. Each account can be configured with specific permissions such as CanView, CanDeposit, and CanWithdraw, providing more control over account access from the start.

This enhancement enables a more seamless and efficient enrollment experience, especially for integrations that require immediate account access.

Secure Access Code & Messaging Updates

New endpoints have been added to support Secure Access Code workflows and secure messaging:

• Create and validate Secure Access Codes (SAC)
• Retrieve available Secure Message Groups

These additions expand support for authentication flows and secure communication use cases within the platform.

Additional Enhancements

Several improvements have been made across existing endpoints to increase flexibility and usability. Account associations can now be linked using CustomerID, enabling more direct customer-level linking workflows. The Search User endpoint has been enhanced to support filtering by UserRoleID, while Lookup User responses now include dialing codes for phone numbers when available. Additionally, a new endpoint has been introduced to support removing existing account associations.

Latest Releases

Caliper SDK (Python) v2.312.0 - CHANGELOG

Mobile SDK (Python) v26.3.0 - CHANGELOG

Tecton SDK (Javascript) v1.65.0 - CHANGELOG

Marketplace (Python) v0.8.9 - CHANGELOG

Caliper API (Python) v1.50.0-rc.1 – CHANGELOG