Gravatar

Trey Teter

Software Engineer

March 2024 Newsletter

Q2 to Sunset Caliper API V1

To ensure the best possible security posture for our API integrations, the SDK team is sunsetting the Caliper API V1 interface on July 1st, 2024. At that time, no Caliper API V1 interface calls will be allowed and any attempts to access the API with V1 calls will fail.

We want to give our partners sufficient time to migrate from Caliper API V1 to the Caliper API V2 and we want to make the transition as seamless as possible. We have created a Migration Guide to help our partners through this process.

If you are currently using the Caliper API V1 interface and are concerned about meeting this timeline, please submit a support ticket. We will work closely with you to ensure this transition is seamless, however, we cannot guarantee any exception to the July 1st, 2024, sunset date.

SDK News Corner

Caliper API Custom Endpoint

The Caliper SDK team has launched a brand-new extension type. This extension allows for building your own API into the Q2 datacenter through a secure means by passing through the Caliper API authentication layer. To build one for your institution please visit the Custom Endpoint Tutorial.

Local Dev API Security Improvements

The Local Developer API is a tool that is used to allow developers to write and run their code locally by using a websocket to run the traffic between online banking and their machine. This works well, but has some potential security cautions around it. The links aren’t shared anywhere so someone would have to know the direct link to the service, but if someone did know the direct url then they could hit the server and even turn off the local server. To close this potential security vulnerability, pass the --hard-block parameter to the q2 run command. If enabled, only your originating IP address will be allowed to call back to your server.

Database connection improvements

Every developer with sandbox access now has unique database credentials for their sandbox environment, mitigating security risks. This measure was taken to close a security loophole, ensuring that access is restricted to individual sandbox environments. Previously, users had the ability to access any environment.

Additionally, developers now have the flexibility to utilize their preferred database viewing program for the various databases. For more information on setup, please visit our Connect To Sandbox Database Guide.

Additional SDK Improvements

In addition to the bigger changes detailed above, recent SDK releases also include the following improvements:

  • A new adapter type, CheckImage, with a corresponding tutorial
  • self.online_user now has a user_guid property for guaranteed uniqueness, useful in multitenant setups
  • New InitializeData lifecycle hook which can be used to run any operation before an entrypoint starts
  • Multitenant support added for adapter handlers.
  • caliper_admin local dev helper script adds a mechanism to quickly pull example repos and a switch_project entry for quick flipping between environments

Portal News

New look for the support ticket view. On the right-hand side of the window there is a new section called Entitled Companies that allows viewers to see which companies other than Q2 that have access to a particular ticket. Also, they can add other companies to be able to view a particular ticket there. The comments view has been adjusted such that each comment is in it's own card. If the viewer owns a particular comment, they also have the ability to edit it. Additionally, if the ticket is a part of an App Order the viewer can see that app order on the right hand side.

Entitle Companies

On App Orders, users now have the ability to click "Not Ready Yet" and instead request more information from the app owner or Q2. The App Order workflow is now fully visible to the Financial Institution and the App Owner. The workflow has received a number of configuration points to make things easier for both Q2 and the App Owner to turn a new Customer live.

Other notable features:

  • Log pulling for periodic jobs is now available.
  • Partner Program section now available for Marketplace, Accelerator, Reseller, and Certified Partners
  • Company admins can now organize users into Teams.
  • Company admins can now require all company users to have MFA
  • Company admins can now disable MFA for company users.
  • MFA is now required for all company admins
  • New Caliper API Usage Widget on the dashboard
  • Redesigned the Caliper API Application List and Edit view

Tecton News

Q2 Data Table Component

Q2-Data-Table Component The tecton team has launched a brand-new component, <q2-data-table>, to help manage and visualize large amounts of information. To build one for your institution, see q2-data-table guide.

Tecton Grid System

A large number of frontend tools have their own grid system. Tecton’s version is here! This will allow the developer to easily specify how their extension should wrap based on the size of the view window. More information can be found in the grid-system guide

Feature Release Notes

Certain tecton features are only available starting with specific versions of Tecton and some require the UUX platform to also be on particular versions for the features to work. This can be hard to track down, even for experienced developers which can lead to a guessing game. To resolve this for all developers, a release notes section can be found at the bottom of every component and available action, specifying when a particular feature is available.

Caliper API News

Policy Data Guides

New policy data endpoints, Get Policy Data and Update Policy Data, have been added to facilitate the management of policy information, allowing you to retrieve and modify relevant details for a given entity's policies. More information can be found in the Policy Data Guide.

Q2 to Sunset Caliper API V1

To ensure the best possible security posture for our API integrations, the SDK team is sunsetting the Caliper API V1 interface on July 1st, 2024. At that time, no Caliper API V1 interface calls will be allowed and any attempts to access the API with V1 calls will fail.

We want to give our partners sufficient time to migrate from Caliper API V1 to the Caliper API V2 and we want to make the transition as seamless as possible. We have created a Migration Guide to help our partners through this process.

If you are currently using the Caliper API V1 interface and are concerned about meeting this timeline, please submit a support ticket. We will work closely with you to ensure this transition is seamless, however, we cannot guarantee any exception to the July 1st, 2024, sunset date.

Latest Releases

Caliper SDK (Python) 2.210.0 - CHANGELOG

Tecton SDK (Javascript) 1.37.1 - CHANGELOG

Marketplace (Python) 0.8.8 - CHANGELOG

Caliper Api(Python) 1.29.0 – CHANGELOG

© 2024, Q2 Software, Inc. All rights reserved.
Status
Privacy Policy