HQ API

HQ is Q2’s business logic engine, featuring a set of endpoints used to interact with the database safely, without raw SQL.

The Caliper SDK’s HQ_API module wraps all these endpoints and parameters in an easy to use, objectified format. This is built with the user in mind, providing documentation strings, validated responses, and error handling. With an IDE, you will also get the benefit of autocompletion and type hinting.

These are not included in the base install of the Caliper SDK, rather generated in your environment against your specific instance of HQ. This means that whether you have the latest version of HQ, a legacy version, or one custom built for you by the Q2 team, you can be assured that the code in the resulting hq_api folder will work with your stack. Below are documented endpoints for the most recent version of HQ. Your implementation may vary, but this is a good reference and will be very close to the product in your environment.

It is possible to generate custom overrides to the builtin HQ API structure with the following command:

$ q2 generate_hq_api

Endpoints

The HQ API provides three distinct types of endpoints to cater to different operational needs within our system:

Q2 API

Authentication: require a CSR Username and Password

The Q2API endpoints serve as an interface for interacting with HQ. They require a CSR username and password, retrieved from the HQ credentials for a given stack stored in vault, our secret store solution. When invoked, they initiate a new session in HQ, isolating any operations made out of the user session.

Wedge Online Banking

Authentication: require a Q2 Online Session Token

The Wedge Online Banking endpoints serve as a primary interface for interacting with HQ. The main difference between Q2 API and Wedge Online Banking lies in their authentication methods and how they are incorporated into the request flow. Unlike Q2API, the Wedge Online Banking endpoints require a Q2 Online Session Token for authentication. HQ sends a request to your SDK extension, carrying vital information such as the HQ URL to send the request back to, along with a one-time online session token used for authentication.

Wedge Online Banking calls are the preferred approach when applicable, as opposed to Q2API because the one time tokens reference the user’s online session. This makes it easy to track requests and logs as the information lives within one session. It’s important to note, however, that this approach only works for cases when HQ initiates the request, thereby providing the necessary authentication details.

Entrypoints such as periodic jobs or extensions like the Caliper API Custom extensions behave differently. For Caliper API custom extensions for instance, the user initializes the request by calling AWS. The request is then forwarded to the API. Since HQ isn’t the originator, they are not supported by wedge online banking calls. Therefore, in many scenarios, Q2API will be used as opposed to Wedge Online Banking although Wedge Online Banking calls are the preferred method, when appropriate.

BackOffice

The Q2 BackOffice API endoints are primarily designed to support applications geared towards internal administrative tasks, such as the Q2 Central and Q2 Console products.

Common Calls

For your convenience, here are the most common calls to HQ by volume:

All calls

All possible HQ calls (including the common ones from the list above)