Contents

Ongoing: Retirement and Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1)

Effective December 1, 2020, SAP Concur will be retiring the existing Concur Request APIs (v1.0, v3.0, and v3.1). These APIs are replaced by the Concur Request v4 API.

Business Purpose / Client Benefit

The Concur Request APIs v1.0, v3.0, and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 API.

In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 API (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 API.

Travel Profile Notification v1 API Deprecation

SAP Concur is deprecating the Travel Profile Notification v1 APIs due to low usage.

Business Purpose / Client Benefit

The Travel Profile Notification v1 APIs support older, less secure authentication methods.

Configuration / Feature Activation

The Travel Profile v1 APIs is being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

SSL Certificates for us.api.concursolutions.com and emea.api.concursolutions.com Expiring (Aug 21)

To ensure the ongoing security of our products and services, the current SSL certificates for us.api.concursolutions.com and emea.api.concursolutions.com are being renewed. The current certificates will expire on August 21, 2020.

Users who have not pinned the SSL certificates do not need to take any action as the certificates will be renewed automatically. Most users do not pin the certificates.

Users who have pinned the expiring certificates must renew the certificates before August 21, 2020. If the pinned certificates are not updated before August 21, 2020, connections to SAP Concur products through SAP integration with Concur Services (SAP ICS) and Web Services might be disrupted. Please consult with your IT department to confirm whether this applies to you.

NOTE: Because SSL certificates are renewed on a regular basis to ensure the security of our products, pinning them is not recommended.

Business Purpose / Client Benefit

This update provides ongoing security for our products and services.

Configuration / Feature Activation

For users who have not pinned the certificates, there are no configuration steps. The certificates are automatically renewed.

For users who have pinned the expiring certificate. The new SSL certificate can be accessed by clicking on following link: https://assets.concur.com/concurtraining/cte/en-us/api.concursolutions.pem

NOTE: The landing page contains two certificates, the server certificate and an intermediate certificate.