SAP Concur will release the Budget v4 API for partner and client use in a future release. Budget v4 provides the following features:
This new Budget API enables clients and partners to integrate Budget with their ERP and HR systems to automate budget configuration and maintenance as well as importing external transactions not captured via SAP Concur through budget adjustments.
The Budget v4 API will be available to SAP Concur clients who have purchased Web Services, or partners who have contracted with SAP Concur.
SAP Concur will soon be releasing Concur Request v4 APIs for clients and partners. We are targeting to release v4 in January 2020.
With v4, SAP Concur has made great enhancements to the existing Request endpoints, and is now offering the ability for a client and/or a partner to interact with Concur Request to do the following:
SAP is continuing to invest heavily in APIs and tools to simplify end-to-end integration.
At SAP Concur, we strongly believe that an open ecosystem expands your view. An open ecosystem dynamically connects your internal systems, spend, and partner data to reveal powerful insights that empower you to run your business better.
Explore the capabilities listed in the Overview section and consider how the APIs could help you simplify some of your existing processes, such as:
In addition to the existing user-level permissions, the Concur Request v4 APIs are based on the most recent secured Authentication service and SAP Concur’s new Oauth2 framework, which manages the authorization for company-level permissions. Clients and/or partners can now use a single token/permission to interact with Request on behalf of all company users.
These enhancements will provide more options and abilities for developers using SAP Concur’s platform with Request.
Depending on your product, some APIs may not be available to your company.
Clients should contact the group responsible for their web services, which may be inside their company, or a third-party developer, to inform them of the upcoming changes.
SAP Concur will be deprecating the existing Concur Request APIs (v1.0, v3.0, and v3.1) in a future release. Those APIs will be replaced by the Concur Request v4 APIs.
The Concur Request APIs v1.0, v3.0 and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 APIs.
In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 APIs (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 APIs.
SAP Concur is announcing an end-of-support cycle for version 1.1 of the Transport Layer Security (TLS) encryption protocol, while continuing support for the more secure version 1.2 of TLS. As background, the TLS protocol allows secure back and forth communications between a phone or computer and a cloud-based service.
This change is currently planned for the first quarter of 2020.
SAP Concur is taking this step after careful consideration of our customers’ security and ease of upgrade to the newer, more secure version 1.2 of TLS. This end-of-support plan for TLS v1.1 ensures our clients are communicating with SAP Concur solutions in a safer and more secure manner using TLS v1.2.
If the customer or user ensures they are using a TLS v1.2-compliant browser, there will be no change in the way users interact with SAP Concur. If the browser is not compliant, users may not be able to sign in to SAP Concur.
In general, the use of less-secure TLS connections can lead to exposed data, resulting in compromised sessions across any TLS channel of communication (for example, SAP Concur services). For this reason, SAP Concur is alerting clients now to ensure they may anticipate this change and begin assessment in order to comply with this change at their companies.
In general, browsers using TLS to establish inbound / outbound communication channels with SAP Concur services are affected, for example connections across:
The ability of a browser to comply by upgrade to TLS v1.2 will depend on the company’s support for the specific browser, for example Microsoft (Edge), Google (Chrome), and others.
A banner will display when a user attempts to log in using a browser that does not support TLS v1.2 and later and thus cannot negotiate a connection. The intent is to alert the user to this upcoming change using an informational-only message.
Transitioning to support for TLS v1.2 and later may simply require updating security settings of your browser. In most instances, the company already has the support in place and need only identify non-compliant browsers and upgrade these user’s browsers to newer versions.
Please check with the department in your company that is responsible for browser compliance and ensure they are aware of this upcoming change.
Clients that use or plan to use SAP Concur callouts (for example, Send Notification, Launch External URL, Fetch List, and Fetch Attendee) need to ensure they meet the SAP Concur security standards. To reduce security risk for our clients and SAP Concur, we are giving companies until the end of 2019 to make the required update for callouts. If clients have security protocols below our standard after December 31, 2019, their callouts will stop working in January 2020. To use callouts, clients need to ensure that the TLS version 1.1 or greater is used for the encryption protocols of the client’s endpoint. Also, clients using callouts need to ensure their callout host endpoint uses and prioritizes one or more ECDHE cipher suites with an equivalent key length greater than or equal to 2,048 bits, such as one of the ciphers listed below.
EXAMPLES OF CIPHERS TO USE:
Reduce security risk for the clients that use callouts and SAP Concur.
Existing customers will need to update their protocols if they are not compliant with the stated security standards. New companies configuring callouts will need to ensure they use security protocols and authentication methods that meet these standards. For more information about SAP Concur callouts, refer to Callouts and Application Connectors.
Effective March 31, 2020, the Quick Expense v1 and Quick Expense v3 APIs will be retired and decommissioned. We encourage all current users to migrate to Quick Expense v4 as soon as possible.
Please refer to the deprecation policy for definitions and additional information.
This update removes two outdated APIs.