API Release Notes, March 2021

Contents

Ongoing: Retirement and Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1)

Effective July 1, 2020, SAP Concur has retired the Concur Request APIs (v1.0, v3.0, and v3.1). These APIs are replaced by the Concur Request v4 API.

Business Purpose / Client Benefit

The Concur Request APIs v1.0, v3.0, and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 API.

In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 API (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 API.

Ongoing: Retirement of List v1 API

Effective July 15, 2021, SAP Concur will retire the List v1 API, so it will not be supported after that date. This API is replaced by the List v4 API.

Business Purpose / Client Benefit

This update removes an outdated API. The List v4 APIs use more secure and modern, fine-grained methods. These APIs use Universal Unique Identifiers (UUIDs) and use JSON instead of XML. Also, authentication to the List v4 APIs may be performed with a User JWT or a Company JWT, providing the opportunity to apply the principle of least privilege.

Configuration / Feature Activation

The List v1 API is being retired in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

If you currently use the List v1 API, please plan to migrate to the List Item v4 API as soon as possible.

Planned Changes: Deprecation of Travel Profile Notification v1 API

SAP Concur is deprecating the Travel Profile Notification v1 APIs due to low usage.

Business Purpose / Client Benefit

The Travel Profile Notification v1 APIs support older, less secure authentication methods.

Configuration / Feature Activation

The Travel Profile v1 APIs are being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

Planned Changes: Deprecation of List v3 API

Effective April 16, 2021, SAP Concur will deprecate the List v3 API. This API is replaced by the List v4 API. List v3 is planned to be retired in July 2021.

Business Purpose / Client Benefit

This update removes an outdated API. The List v4 APIs use more secure and modern, fine-grained methods. These APIs use Universal Unique Identifiers (UUIDs) and use JSON instead of XML. Also, authentication to the List v4 APIs may be performed with a User JWT or a Company JWT, providing the opportunity to apply the principle of least privilege.

Configuration / Feature Activation

The List v3 API is being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

If you currently use the List v3 API, please plan to migrate to the List v4 API as soon as possible.

Planned Changes: Deprecation of List Item v3 API

Effective April 16, 2021, SAP Concur will deprecate the List Item v3 API. This API is replaced by the List Item v4 API. List Item v3 is planned to be retired in July 2021.

Business Purpose / Client Benefit

This update removes an outdated API. The List Item v4 APIs use more secure and modern, fine-grained methods. These APIs use Universal Unique Identifiers (UUIDs) and use JSON instead of XML. Also, authentication to the List Item v4 APIs may be performed with a User JWT or a Company JWT, providing the opportunity to apply the principle of least privilege.

Configuration / Feature Activation

The List Item v3 API is being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

If you currently use the List Item v3 API, please plan to migrate to the List Item v4 API as soon as possible.

Planned Changes: Identity v4 API Available

The Identity v4 service will enable callers to create, read, update, and delete a user’s core/identity profile information.

Business Purpose / Client Benefit

With granular access control, this API can be used access to user’s profile information on a need-to-know basis.

Planned Changes: Cash Advance v4 API Available

The Cash Advance API will empower an employee to request and receive cash in advance of a trip. Cash Advance will ensure that a user is not out of cash during a business trip. In markets where corporate cards are seldom issued, Cash Advance will provide a useful mechanism to ensure the employee is not out of pocket.

Business Purpose / Client Benefit

SAP Concur Cash Advance API will provide partners and customers the ability to manage cash advances. While using the API, customers can create, view, and issue a cash advance. The API will help customers to customize the usage of cash advances according to their needs.

Planned Changes: Comments v4 API Available

SAP Concur will be introducing a new API to provide comments data. Customers and partners will be able to read the data recorded in the comments at the report and expense level.

Business Purpose / Client Benefit

Employees and approvers use comments to record an exception with respect to a spend policy or reasons for approving an expense that would normally not be allowed. This data can be beneficial for audit and compliance partners who are flagging these expenses for review, thereby creating false positives for downstream approvers.

Planned Changes: Event Subscription Service API Available

The Event Subscription Service (ESS) is part of Event Driven Architecture in the SAP Concur platform. It will allow clients and partners to be notified through webhooks when certain actions take place in any business workflow. When the business or system event occurs, ESS will send that event to the configured endpoint with the relevant information.

Business Purpose / Client Benefit

Subscribing to a SAP Concur topic will be the best way to integrate business workflow with SAP Concur. If you already have an integration with SAP Concur, ESS will allow you to move from an API polling pattern to an Event Driven approach in order reduce reaction time on your user’s or customer’s actions within SAP Concur products.

Planned Changes: Expense v4 API Event Subscription Service Topic Available

Concur Expense will be introducing a Report Status Changed event using the Event Subscription Service API on the public.concur.expense.report topic. Customers and partners will be able to subscribe to events that will be published as the report traverses through the workflow.

Business Purpose / Client Benefit

Notification when a report is at a workflow step avoids the need for a client to keep polling via APIs at regular intervals to identify reports that are in a particular status. The event message bus is a reliable medium for receiving these notifications and will simplify the sequence of calls required to complete the use cases for clients and partners.

Planned Changes: Travel Profile v2 Canonical Value Changes

Currently, SAP Concur does not enforce any validation for the NamePrefix, NameSuffix, and PreferredLanguage fields. SAP Concur will begin enforcing canonical values for these three fields, in two phases:

  • In April 2021, existing values that are not on the list of canonical values for these three fields, will be returned to callers of the GET requests as empty strings.
  • In May, 2021, any updates to these three fields that do not conform to the lists of canonical values, will be set as an empty string in the user’s profile, and the API will return an error.

Updates to other user profile fields will not be affected.

For more information, refer to the Travel Profile v2 API Travel Service Guide.

Business Purpose / Client Benefit

Reduction of risk in sharing personal data in unintended ways. More consistent user data will result in better stability and fewer escalations.

Configuration / Feature Activation

This feature is enabled by default. There are no configuration steps

Application Connector Setup Update

As of February 20, 2021, the application connector (used for callouts) registration process requires that usernames and passwords are at least 10 characters and less than 50 characters. Usernames and passwords length standards will be enforced for new application connectors or if updates are made to the username or password of an existing application connector.

Clients who already have application connectors registered need to update their usernames and passwords by May 31, 2021, if the new standards are not currently met.

Business Purpose / Client Benefit

Enforcing password and username length restrictions improves the security standards for the callouts.

Configuration / Feature Activation

Callouts are activated through the Application Connector Registration process through Web Services.

Usernames and passwords for application connectors are managed through the Manage Application Connector administration screen. Note: after usernames and passwords are updated, a successful Test Connection request is required to set the connector to Verified before it can be used for any of the callout services. For steps on how to access the screen where usernames and passwords are set, please refer to the Modifying an Application Connector Registration page.

Submitted Report PATCH for Expenses v4 API Available

In order to delineate the modifications possible on an unsubmitted report and a submitted report, the Expenses v4 API is releasing a new PATCH operation with the restricted attributes that can be modified on a submitted report.

Business Purpose / Client Benefit

The PATCH operation provides the ability to take a different approach to update expenses by third party applications. You are now be able to send only the attributes that require updating in the request body without addressing other values that might exist on the expense. In addition, the restricted scope of attributes allows modifications on an expense in a submitted report, which was not supported in prior versions.

Changes to Hotel Service Search v2

As of Feb 16, 2021, a new TPA_PropertyReferenceInfo TPA Extension node has been added to the Hotel Service Search Response. This node is used to support additional property reference details.

For additional information, please see Hotel Service Search.

Business Purpose / Client Benefit

The new TPA_PropertyReferenceInfo node supports additional property reference data to enable the display of UI features within Hotel Search, for example, Corporate Discounts Notes.

Configuration / Feature Activation

The new TPA Extension is available as part of the Hotel Service v2 API.

Changes to Travel Profile v2

Previously the HasNoPassport field was set automatically by SAP Concur. With this change, SAP Concur allows callers with the Passport Visa Information Scope to set this field directly.

For more information, please see the Travel Profile v2 HasNoPassport schema.

Business Purpose / Client Benefit

Users who have their passport information provided by a system (e.g. their employer’s Human Resources or TMC) will have the HasNoPassport flag correctly set and correctly displayed in the User Profile UI.

Configuration / Feature Activation

This feature is enabled by default. There are no configuration steps.

Exchange Rate v4 API Available

The Exchange Rate Broker API provides the capability for users to load custom exchange rates for a company.

Business Purpose / Client Benefit

Clients who wish to keep exchange rates in sync with their internal exchange rates, or must populate certain exchange rates from specific sources can load these rates at their convenience via the API functionality. This precludes the need for batch jobs to be set up, scheduled, and executed at specific times. This functionality also supports capability to load a subset of rates and keep the externally sourced SAP Concur rates for the remainder of rates.

On this page