- API Reference
- Authentication
- Budget v4
-
Callouts
- Callouts and Application Connectors
- Delete notification requests
- Event Notification Callout
- Fetch Attendee Version 2 Callout
- Fetch List Callout
- Get notifications by status
- Launch an external URL request v1
- Launch External URL Callout v1
- Launch External URL v4
- Post an event notification request
- Post an attendee search request
- Post a list search request
- Cash Advance v4
- Common
- Direct Connect - Ground Transportation v1
- Direct Connect - Hotel v2
- Direct Connect - Hotel Service v4
- Event Subscription Service v4
-
Expense
- Allocations v3
- Allocations v4
- Attendee Types v3
- Attendees v3
- Digital Tax Invoices v3
- Comments v4
- Company Card Transactions v1.1
- Exchange Rate v4
- Expense Delegators v1.1
- Entry Attendee Associations v3
- Entries v3
- Expenses v4
- Expense Form Field v1.1
- Expense Form v1.1
- Expense Group Configurations v3
- Itemizations v3
- Integration Status
- Create an exception to a report
- Submit an expense report
- Post an expense report workflow action
- Reports v3
- Reports v4
- Payment Batches v1.1
- Quick Expense v4
- Financial Integration Service v4
- Insights
- Invoice
- Receipts
- Receipt Image
- Request v4
- Travel Profile
- Travel
- User
- General
Scopes
Scope is a parameter as defined in the OAuth 2.0 standards (RFC6749) to enable a client to specify the scope of the access request. The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings although some implementations of scope uses a comma-delimited format. Scopes limit access for OAuth2 tokens and do not grant any additional permission beyond that which the client already has.
Scopes apply to applications only. Scopes play a crucial part in defining the ultimate access to a resource by a User.
User’s Roles / Permissions + Claims + Application Scopes
Naming Conventions
Concur services follow these standard naming conventions for scopes.
Template: {resource}.{optional subresource}.{action}
Examples: mileage.rate.read
receipts.read
List of v4 Actions
{actions}
are common authorizations across resources.
Action | Description | Examples |
---|---|---|
read |
Read only access (GET) | receipts.read , budgetitem.read |
write |
Read AND Write access (GET, POST, UPDATE etc) | company.write , travel.receipts.write |
writeonly |
Write only access | mileage.journey.writeonly , receipts.writeonly |
delete |
Delete access | N/A |
List of API Scopes
A list of the various scopes and the APIs that use them is available here.