Contents

Ongoing: Retirement and Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1)

Effective December 1, 2020, SAP Concur will be retiring the existing Concur Request APIs (v1.0, v3.0, and v3.1). These APIs are replaced by the Concur Request v4 API.

Business Purpose / Client Benefit

The Concur Request APIs v1.0, v3.0, and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 API.

In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 API (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 API.

Planned Changes: Travel Profile Notification v1 API Deprecation

SAP Concur is deprecating the Travel Profile Notification v1 APIs due to low usage.

Business Purpose / Client Benefit

The Travel Profile Notification v1 APIs support older, less secure authentication methods.

Configuration / Feature Activation

The Travel Profile v1 APIs will be deprecated automatically in a future release, in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

Legacy OAuth Refresh Access Token

Previously, when an API customer using Legacy OAuth refreshed an access token, the same token would be updated with a new expiry date. With the July 2020 release, a new and fully unique access token will be returned with a new expiry date.

For more information, please refer to the Authentication guide.

Business Purpose / Client Benefit

Providing a new token allows for improved security.