You would need to do this in the shortcode function for [api_request].
Here’s a potential answer with a ternary that would check if the $_POST value exists, if so, sanitize and use it, otherwise use the value passed in the shortcode:
$q = ( isset( $_POST['q'] ) ) ? sanitize_text_field( $_POST['q'] ) ? $atts['q'];
This is simply a guess, since you didn’t include the actual shortcode function in your question, which you would need to do in order to be able to give a practical answer. I would amend this answer accordingly with additional info.