API Release Notes, February 2023
New This Month
Planned Change: New Itinerary v4 API Endpoint for List of Trips with Travel Dates in a Specified Date Range
We will be introducing a new endpoint for the Itinerary v4 API to provide a list of company trips with travel dates in a specified date range. The response will provide the href to retrieve trip details for a given trip using an existing API endpoint, and the href for the next pages(s), as per the paged response.
The parameters available for the new /trips endpoint will include: schema, endDateFrom, endDateTo, and startAfter.
This additional functionality will provide customers and partners with a scalable, performant, and self-serve way to retrieve a list of trips with travel dates in a specified range as they onboard companies.
Planned Change: Document Compliance Gateway v4 API
The Document Compliance Gateway v4 API will manage the transmission of an XML receipt file to a validating vendor. Vendors will be able to implement the API to read the XML file sent to SAP Concur’s systems by the end user from an approved email. They will also be able to validate the XMLs against government records and return the validation result. In addition, the vendor will be able to read and parse the XML file to provide tax relevant data for creating an expense entry.
These APIs will support an improved and efficient process for XML validation. The end user will receive an XML validation result prior to the expense creation, as well as return and resubmission of the expense reports. The API will also use the data from XML file to initiate the expense line item, eliminating the need for manual input.
Currently, the API supports validating XML documents for Mexico called Comprobantes Fiscal Digital por Internet (CFDi).
Planned Change: Document Compliance Gateway Event Available
With the release of the Document Compliance Gateway v4 API, we will also be releasing a Document Tax Compliance event to be used with our Event Subscription Service.
Planned Change: Financial Integration Services (FIS) v4 added fields to the Invoice Document Schema
FIS v4 will now include additional fields that can be used to not only better troubleshoot issues, but also adds compliance value. The API was changed to include following fields:
policyName- the name of the policy for the invoice which can now be found on therequestHeaderblock.externalPolicyId- the ID associated with the Invoice policy to which an invoice belongs which can now be found on therequestHeaderblock.vendorTaxID- the Vendor Tax ID field required for some countries to provide government compliance with valid vendor invoices, which can now be found on therequestHeaderblock.
Ongoing
New SSL Certificate for *.concursolutions.com and *.api.concursolutions.com
As part of our weak cipher removal project, we have issued new *.concursolutions.com and *.api.concursolutions.com certificates. We will change the certificate by Feb 16, 2023 5PM PST. Know that most customers do not pin the certificate, and we are reaching out proactively only as a precaution.
Any customer who has pinned the current certificate will need to update to the new certificate prior to Feb 16, 2023 5PM PST. If you have pinned the certificate and it is not updated, your organization and users would experience disruption to SAP Concur solutions.
Clients who have not pinned the certificate do not need to take any action as the new certificate will automatically be updated when it becomes available.
Clients who pin their security certificates can obtain the new certificates from the following locations:
New Intermediate certificate and Root certificate for both (*.concursolutions.com and *.api.concursolutions.com) are
NOTE: Certificate pinning is not recommended. However, if there is a need to pin the certificate, please pin the Root certificate instead of End certificate as End certificate expires every year.
If you need the whole chain (End, Intermediate, Root) you can access it at:.
- *.api.concursolutions.com
- *.concursolutions.com
Note: If you are pinning the End certificate you need to pin both ECDSA and RSA certificates.
For more information please see Release notes - Addition of ECDSA Encryption and Cipher Retirement.
Move from the Travel Request External Validation Callout v1 to the Event Subscription Service (ESS)
With the decommission of the Concur Request v1 API on May 31st, 2023, calling the Travel Request External Validation Callout v1 will no longer be possible. Please use the Event Subscription Services (ESS) to subscribe to the Request events.
New Client SSL Certificate for ESS webhook.api.concursolutions.com
In an effort to ensure the ongoing security of our products and services, ESS will be issuing a new webhook.api.concursolutions.com SSL certificate.
Any customer who has pinned this expiring certificate will need to update to the new certificate prior to the expiration date. If the pinned certificate is not updated prior, your organization and users will experience disruption to SAP Concur products and services. Customers who have not pinned the certificate do not need to take any action as the new certificate is updated automatically. Most customers do not pin the certificate.
NOTE: As an enhancement to our Security and Compliance program, this certificate will be updated on an annual basis.
Deprecations
APIs are being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
| Date | API | Details |
|---|---|---|
| 12/2022 | Deprecation of Request APIs (v1.0, v3.0 and v3.1) | Effective March 1st, 2020, the Request APIs (v1.0, v3.0 and v3.1) have been deprecated. They have been replaced by Request v4. Decommission will follow on May 31st, 2023. |
| 12/2022 | Deprecation and Decommission of Vendor v3 | Vendor v3 is being deprecated and decommissioned, users will have until November 30, 2023 to migrate to the latest version of the API. |
| 11/2022 | Deprecation of User v1 | Effective November 10th, 2022, the User v1 API has been deprecated. This has been replaced by User Provisioning Service v4. Decommission will follow on November 10th, 2023. |
| 11/2022 | Deprecation of User v3 | Effective November 10th, 2022, the User v1 API has been deprecated. This has been replaced by User Provisioning Service v4. Decommission will follow on November 10th, 2023. |
| 10/2022 | Deprecation of Cash Advance v4 | Effective October 1st, 2022, the Cash Advance v4 API is deprecated. This has been replaced by the release of Cash Advance v4.1. Decommission will follow on October 2, 2023. |
| 10/2022 | Deprecation of Hotel Service v2 | Effective October 14th, 2022, the Hotel Service v2 API is deprecated. This has been replaced by the release of Hotel Service v4. Decommission will follow on October 16, 2023. |
| 04/2021 | Bulk User v3.1 API | We have deprecated the Bulk User v3.1 API for the US and EMEA data centers. This API is replaced by Identity v4. Decommission will follow. Bulk User v3.1 will remain available for China data centers. |
| 01/2021 | List v3 API | Effective April 16, 2021, we have deprecated the List v3 API. This API is replaced by the List v4 API. List v3 is planned to be retired in a future release. |
| 01/2021 | List Item v3 API | Effective April 16, 2021, we have deprecated the List Item v3 API. This API is replaced by the List Item v4 API. List Item v3 is planned to be retired in a future release. Please migrate to the List Item v4 API as soon as possible. |
| 06/2020 | Travel Profile Notification v1 API | We are deprecating the Travel Profile Notification v1 APIs due to low usage. |
| 01/2020 | List v1 API | We will be retiring the List v1 API in a future release. This API is replaced by the List v4 API. |
Planned Changes
| Date | API | Planned Change |
|---|---|---|
| 05/2022 | Filters for Identity v4 API | We will be releasing SCIM formatted search filters for the Identity v4 API based on user attributes to help refine search results. This functionality will allow users to use attributes, logical operators, and grouping operators to improve search results to their specific requirements. |