Contents

Ongoing: Retirement and Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1)

Effective July 1, 2020, SAP Concur has retired the Concur Request APIs (v1.0, v3.0, and v3.1). These APIs are replaced by the Concur Request v4 API.

Business Purpose / Client Benefit

The Concur Request APIs v1.0, v3.0, and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 API.

In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 API (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 API.

Ongoing: Retirement of List v1 API

Effective July 15, 2021, SAP Concur will retire the List v1 API, so it will not be supported after that date. This API is replaced by the List v4 API.

Business Purpose / Client Benefit

This update removes an outdated API. The List v4 APIs use more secure and modern, fine-grained methods. These APIs use Universal Unique Identifiers (UUIDs) and use JSON instead of XML. Also, authentication to the List v4 APIs may be performed with a User JWT or a Company JWT, providing the opportunity to apply the principle of least privilege.

Configuration / Feature Activation

The List v1 API is being retired in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

If you currently use the List v1 API, please plan to migrate to the List Item v4 API as soon as possible.

Planned Changes: Deprecation of Travel Profile Notification v1 API

SAP Concur is deprecating the Travel Profile Notification v1 APIs due to low usage.

Business Purpose / Client Benefit

The Travel Profile Notification v1 APIs support older, less secure authentication methods.

Configuration / Feature Activation

The Travel Profile v1 APIs are being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

Planned Changes: Deprecation of List v3 API

Effective April 16, 2021, SAP Concur will deprecate the List v3 API. This API is replaced by the List v4 API. List v3 is planned to be retired in July 2021.

Business Purpose / Client Benefit

This update removes an outdated API. The List v4 APIs use more secure and modern, fine-grained methods. These APIs use Universal Unique Identifiers (UUIDs) and use JSON instead of XML. Also, authentication to the List v4 APIs may be performed with a User JWT or a Company JWT, providing the opportunity to apply the principle of least privilege.

Configuration / Feature Activation

The List v3 API is being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

If you currently use the List v3 API, please plan to migrate to the List v4 API as soon as possible.

Planned Changes: Deprecation of List Item v3 API

Effective April 16, 2021, SAP Concur will deprecate the List Item v3 API. This API is replaced by the List Item v4 API. List Item v3 is planned to be retired in July 2021.

Business Purpose / Client Benefit

This update removes an outdated API. The List Item v4 APIs use more secure and modern, fine-grained methods. These APIs use Universal Unique Identifiers (UUIDs) and use JSON instead of XML. Also, authentication to the List Item v4 APIs may be performed with a User JWT or a Company JWT, providing the opportunity to apply the principle of least privilege.

Configuration / Feature Activation

The List Item v3 API is being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

If you currently use the List Item v3 API, please plan to migrate to the List Item v4 API as soon as possible.

Planned Changes: Identity v4 API Available

The Identity v4 service will enable callers to create, read, update, and delete a user’s core/identity profile information.

Business Purpose / Client Benefit

With granular access control, this API can be used access to user’s profile information on a need-to-know basis.

Planned Changes: Exchange Rate v4 API Available

The Exchange Rate Broker API will provide the capability for users to load custom exchange rates for a company.

Business Purpose / Client Benefit

Clients who wish to keep exchange rates in sync with their internal exchange rates, or must populate certain exchange rates from specific sources can load these rates at their convenience via the API functionality. This precludes the need for batch jobs to be set up, scheduled, and executed at specific times. This functionality also supports capability to load a subset of rates and keep the externally sourced SAP Concur rates for the remainder of rates.

Planned Changes: Cash Advance v4 API Available

The Cash Advance API will empower an employee to request and receive cash in advance of a trip. Cash Advance will ensure that a user is not out of cash during a business trip. In markets where corporate cards are seldom issued, Cash Advance will provide a useful mechanism to ensure the employee is not out of pocket.

Business Purpose / Client Benefit

SAP Concur Cash Advance API will provide partners and customers the ability to manage cash advances. While using the API, customers can create, view, and issue a cash advance. The API will help customers to customize the usage of cash advances according to their needs.

Planned Changes: Comments v4 API Available

SAP Concur will be introducing a new API to provide comments data. Customers and partners will be able to read the data recorded in the comments at the report and expense level.

Business Purpose / Client Benefit

Employees and approvers use comments to record an exception with respect to a spend policy or reasons for approving an expense that would normally not be allowed. This data can be beneficial for audit and compliance partners who are flagging these expenses for review, thereby creating false positives for downstream approvers.

Planned Changes: Event Subscription Service API Available

The Event Subscription Service (ESS) is part of Event Driven Architecture in the SAP Concur platform. It will allow clients and partners to be notified through webhooks when certain actions take place in any business workflow. When the business or system event occurs, ESS will send that event to the configured endpoint with the relevant information.

Business Purpose / Client Benefit

Subscribing to a SAP Concur topic will be the best way to integrate business workflow with SAP Concur. If you already have an integration with SAP Concur, ESS will allow you to move from an API polling pattern to an Event Driven approach in order reduce reaction time on your user’s or customer’s actions within SAP Concur products.

Planned Changes: Expense v4 API Event Subscription Service Topic Available

Concur Expense will be introducing a Report Status Changed event using the Event Subscription Service API on the public.concur.expense.report topic. Customers and partners will be able to subscribe to events that will be published as the report traverses through the workflow.

Business Purpose / Client Benefit

Notification when a report is at a workflow step avoids the need for a client to keep polling via APIs at regular intervals to identify reports that are in a particular status. The event message bus is a reliable medium for receiving these notifications and will simplify the sequence of calls required to complete the use cases for clients and partners.

Planned Changes: Application Connector Setup Update

Beginning February 20, 2021, the application connector (used for callouts) registration process will require that usernames and passwords are at least 10 characters and less than 50 characters. Usernames and passwords length standards will be enforced for new application connectors or if updates are made to the username or password of an existing application connector.

Clients who already have application connectors registered need to update their usernames and passwords by May 31, 2021, if the new standards are not currently met.

Business Purpose / Client Benefit

Enforcing password and username length restrictions improves the security standards for the callouts.

Configuration / Feature Activation

Callouts are activated through the Application Connector Registration process through Web Services.

Usernames and passwords for application connectors are managed through the Manage Application Connector administration screen. Note: after usernames and passwords are updated, a successful Test Connection request is required to set the connector to Verified before it can be used for any of the callout services. For steps on how to access the screen where usernames and passwords are set, please refer to the Modifying an Application Connector Registration page.

Planned Changes: Submitted Report PATCH for Expenses v4 API Available

In order to delineate the modifications possible on an unsubmitted report and a submitted report, the Expenses v4 API will be releasing a new PATCH operation with the restricted attributes that can be modified on a submitted report.

Business Purpose / Client Benefit

The PATCH operation will provide the ability to take a different approach to update expenses by third party applications. You will now be able to send only the attributes that require updating in the request body without addressing other values that might exist on the expense. In addition, the restricted scope of attributes will allow modifications on an expense in a submitted report, which is not supported in prior versions.

New Client SSL Certificate for Event Subscription Service webhook.api.concursolutions.com

In an effort to ensure the ongoing security of our products and services, the Event Subscription Service will be issuing a new webhook.api.concursolutions.com SSL certificate. The current certificate will expire on January 27, 2021.

Any customer who has pinned this expiring certificate will need to update to the new certificate prior to the expiration date. If the pinned certificate is not updated prior, your organization and users will experience disruption to SAP Concur products and services. Customers who have not pinned the certificate do not need to take any action as the new certificate is updated automatically. Most customers do not pin the certificate.

Please be aware: As an enhancement to our Security and Compliance program, this certificate will be updated on an annual basis.

Business Purpose / Client Benefit

This update provides ongoing security for our products and services.

Configuration / Feature Activation

Please consult with your IT department to check if this applies to you.

Decommission of Receipts v3 API

Effective January 31st, 2021 SAP Concur has decommissioned the Receipts v3 API. This API is replaced by the Receipts v4 API.

Business Purpose / Client Benefit

This update removes an outdated API.

Configuration / Feature Activation

The Receipts v3 API has been decommissioned in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

Expense v4 APIs Available

The Report, Expense, and Allocation v4 APIs will enable the ability to read and modify data in an unsubmitted report. These APIs will handle data in a more fine-grained manner and are resource specific. They can be utilized for any use case that requires retrieving/updating a specific report, expense, or allocation.

Business Purpose / Client Benefit

The Allocations v4 API will provide new functionality to update an allocation and retain the sanctity of a group allocation. In addition, the GET endpoints will comprehensively cover the functionality provided in Allocations v3.

The Expense v4 API will enable additional access to product functionality from the API layer than previous versions. Drilling down from the summary of expenses on a report to the detail of every expense will provide the ability to hone in on specific data without carrying the entire payload of the expense report.

The Report v4 API will provide additional pieces of data that are required for third party applications and were not readily available in previous versions. These attributes will provide more information about the report and how it gets processed based on product functionality.

Configuration / Feature Activation

The Expense v4 APIs are available for users of Expense for Professional and Standard Editions.