Contents

Ongoing: Retirement and Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1)

Effective July 1, 2020, SAP Concur will be retiring the existing Concur Request APIs (v1.0, v3.0, and v3.1). These APIs are replaced by the Concur Request v4 API.

Business Purpose / Client Benefit

The Concur Request APIs v1.0, v3.0, and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 API.

In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 API (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 API.

Planned Changes: Travel Profile Notification v1 API Deprecation

SAP Concur is deprecating the Travel Profile Notification v1 APIs due to low usage.

Business Purpose / Client Benefit

The Travel Profile Notification v1 APIs support older, less secure authentication methods.

Configuration / Feature Activation

The Travel Profile v1 APIs is being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

Planned Changes: End of Support for Insecure Protocols and Ciphers in F5 Client SSL Profiles for VIPs

On November 12 (US) and November 13 (France), the F5 internal and external client SSL profiles for VIPs will be updated to remove support for the following protocols and ciphers:

  • SSL v2
  • SSL v3
  • TLS v1.0
  • TLS v1.1
  • 3DES cipher suite

Clients, TMCs, and internal SAP Concur employees who use or develop applications that rely on an F5 SSL client profile must test the ability of their applications to connect to SAP Concur entities using the new, more secure profile.

Business Purpose / Client Benefit

This update provides ongoing security for our products and services.

Configuration / Feature Activation

When this change is initially implemented, SAP Concur will make the following profiles available:

  • star_concursolutions.com_secure: A secure client profile that does not support SSL v2, SSL v3, TLS v1.0, TLS v1.1, or the 3DES cipher suite. This profile supports TLS v1.2 only.
  • star_concursolutions.com_weak: A copy of the current (legacy) client profile that supports legacy SSL ciphers and protocols.

Clients, TMCs, and internal SAP Concur employees will be able to temporarily revert to the less secure profile to address any issues they encounter with the more secure profile before the less secure profile is permanently removed.

Hotel Service Rate Details API Documentation

Previously, when the Travel Profile API was used to update cell phone numbers, parenthesis () and alphanumeric characters were allowed, including dashes and spaces. However, this sometimes resulted in duplicate phone number entries. With this change, SAP Concur solutions has reduced the allowed characters to dashes (-), spaces, and digits. This change reduces the likelihood of duplicate entries and makes the API behavior consistent with the User Profile Page behavior in the user interface.

Business Purpose / Client Benefit

This change provides a more consistent user experience and results in fewer bugs within the cell phone number entries process.

Cell Phone Number Validation in Travel Profile 2.0 API

With this update, we have released API documentation for Rate Details for content providers to reference during development.

Business Purpose / Client Benefit

Content providers now have access to the documentation regarding details on how to retrieve rate data available through the Hotel Service API when serving content to customers on the SAP Concur Travel.