Contents

Ongoing: Retirement and Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1)

Effective December 1, 2020, SAP Concur will be retiring the existing Concur Request APIs (v1.0, v3.0, and v3.1). These APIs are replaced by the Concur Request v4 APIs.

Business Purpose / Client Benefit

The Concur Request APIs v1.0, v3.0, and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 APIs.

In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 APIs (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 APIs.

Planned Changes: Travel Profile Notification v1 API Deprecation

SAP Concur is deprecating the Travel Profile Notification v1 APIs due to low usage.

Business Purpose / Client Benefit

The Travel Profile Notification v1 APIs support older, less secure authentication methods.

Configuration / Feature Activation

The Travel Profile v1 APIs will be deprecated automatically in a future release, in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

Some TLSv1.2 Ciphers No Longer Supported (Jun 22)

To ensure the ongoing security of our products and services, beginning on June 22, 2020, SAP Concur solutions will no longer support connections to * .concursolutions.com and * api.concursolutions.com that use the following TLSv1.2 ciphers:

  • AES256-GCM-SHA384
  • AES128-GCM-SHA256

Business Purpose / Client Benefit

This update provides ongoing security for our products and services.

Configuration / Feature Activation

In order to ensure that connections to * .concursolutions.com and * api.concursolutions.com are not disrupted, clients and partners who currently connect to * .concursolutions.com or * api.concursolutions.com through an application that uses an unsupported cipher must upgrade the application to a supported cipher before June 22, 2020.

The following ciphers are supported:

  • TLS-AES-256-GCM-SHA384
  • TLS-CHACHA20-POLY1305-SHA256
  • TLS-AES-128-GCM-SHA256
  • TLS-AES-128-CCM-8-SHA256
  • TLS-AES-128-CCM-SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-CHACHA20-POLY1305
  • ECDHE-RSA-CHACHA20-POLY1305
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-ECDSA-AES128-SHA256
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES256-SHA
  • ECDHE-RSA-AES128-SHA