Travel Request Validation

This API has been deprecated.

Partners and customers using a deprecated API should contact SAP Concur and discuss moving to the latest versions.

Learn more in the API Lifecycle & Deprecation Policy.

Requests in the SAP Concur platform can be validated in an external system by using a combination of callouts and web services.

This guide provides a step by step overview of how to set up and use the external validation functionality for Requests. This guide does not provide instruction on the process of programming the application connector, but provides an overview of the required functionality.

Create an Application Connector

The application connector is a custom web application that is installed on your company’s web server. This application needs to be accessible from outside your company’s network, so that we can send information to it, and it needs to have access to the system that you are using for validation. The application connector must be configured to accept the event notification requests from us. In later steps, you will expand the functionality of the application connector to perform additional tasks. The required connector configuration for this step is:

You must have a current security certificate installed on the server that hosts the application connector.
You must expose an endpoint on your web server that the SAP Concur platform can connect to. This endpoint can have any name or location. The default endpoint is: /concur/v1.0/notify
You must be able to accept an HTTP POST from us with the event notification data. Refer to the Event Notification information for details of the information format. You just need to store the data that we send for this step.
You must have a username and password configured for the host web server, which we will use when sending the HTTP POST request. This username and password is sent using HTTP Basic Auth.

Once you have the basic application connector functionality set up, you’re ready to move to the next step.

Configure Event Notification and Request

In this step, you will enable the Event Notification functionality in your SAP Concur company in order to receive information about submitted Requests. Then, you will enable the Request API in order to request Request details from the SAP Concur platform.

Before you begin:

You must have a user login with administrative privileges in the SAP Concur platform.
You must know which Request workflows require the Event Notification functionality.

Create the Event Notification Application Connector

Log in to the SAP Concur platform as an administrative user.
Select Administration > Web Services.
Click Manage Application Connectors.
Click New.

Fill out the fields:

Field	Description
Name	Enter the name that should appear in the list of connectors.
Description	Enter the description of the function of the connector, such as what back-end system it connects to.
Host Name	Enter the hostname for the connector. Example: `https://{servername}`
User Name	Enter the user name required to authenticate with the host. This must be the same as the user name specified in the configuration file for the application connector, using HTTP Basic Auth.
Password	Enter the password required to authenticate with the host. This must be the same as the password specified in the configuration file for the application connector, using HTTP Basic Auth.

In the Services section, select External Report Validation.
Click Configure. The Configure Service window appears.
Enter the endpoint that the we will connect to on your server. Example: /concur/v1.0/notify
Select the Enabled check box.
In the Workflows section, select the Submit check box for each Request workflow that requires notifications.
Click OK.
Click Test Connection. we will attempt to access the configured endpoint with the provided user credentials.
Click Save. The application connector is now registered with us and enabled.

Create the Request Partner Application

On the Web Services page, click Register Partner Application. The Application Registration page appears.
Click New. The New Partner Application page appears.

Complete all of the required fields:

Field	Description
Name	Enter the name that should appear in the list of applications.
Description	Enter the description of the function of the application.
Visibility	This field is only editable by the SAP Concur platform Internal users.
Active	Select Active.
APIs Used	Select the Request API.

The Application Authorization section displays your company domain and automatically creates a Key and Secret to use with this application.
NOTE: The key and secret allow access to any company that enables this application. You MUST keep this information secret (as specified in the the SAP Concur platform Legal Agreement) to maintain security.
Record the key and secret to use later.
Click OK. The application will automatically be enabled for your company.

You should now begin receiving notifications from us when your users submit Requests. In the next step, you’ll use the notification data that we send to get the Request information.

Gather the Request Details

In this step, you will expand the application connector functionality to use the data sent by us in the event notification to get details about the Request. You’ll use the Request details to validate the Request in a later step. The application connector must be updated to perform the following steps, using the SAP Concur web services:

Get OAuth Access Token

All requests to SAP Concur web services must be authenticated using OAuth 2.0.

After receiving an event notification, the application connector should send an HTTP GET request to the Get Access Token using Native Flow function. This function requires the login credentials of an administrative SAP Concur user and the Consumer Key that was generated when you created the partner application in the previous step. Refer to the Get Access Token using Native Flow documentation for the format of the request. We will respond to the request with the access token required for the next web service request.

Get Request Details

After you receive the OAuth access token, you are ready to request the Request data. The event notification information that we send includes an element named ObjectURI. The connector can send a GET request to the URI specified in this element, supplying the OAuth access token in the request header in the following format:

GET api/travelrequest/v1.0/requests/nxxKgLlnROz3zHJBCRksaas23dsfs HTTPS/1.1
Host: www.concursolutions.com
Authorization: OAuth {access token}
...

Validate the Request Information

In this step, the connector will perform the required validation on the Request information. This step will vary by client. The application connector must be able to access the system(s) used in the validation.

The Request data is validated by the application connector. The validation can produce one of the following results:

The Request passed validation and can be approved.
The Request did not pass validation and must be returned to the employee with an informational message explaining the problem.

In the next step, the application connector will update the Request with the validation results.

Update the Request Workflow

Once the Request has been validated, the application connector is ready to update its workflow. If the Request passed validation, it should be approved, and will then travel forward in its workflow. If the Request did not pass validation, it should be sent back to the employee, which moves it to the beginning of the workflow.

The full Request details include an element named WorkflowStepURL. The application connector posts the workflow action (Approve or Send Back to Employee) to this url, using the same OAuth access token in the header.

We respond with a success or failure status, and provides additional information for failures.

The application connector has now completed the process of validating a Request, from the initial notification that a Request was submitted, to the request updating the Request workflow in the SAP Concur platform with the validation results.