API Release Notes, October 2022

New This Month

SAP ICS Connector Production Sandbox Environment Migration Change Required

By early December 2022, we will be completing the migration of implementation environments to AWS. After migration, all users who are currently using:

The SAP ICS Connector in their Production Sandbox Environment
Legacy authentication (user and password)

will encounter an error in the Production Sandbox Environment. This will not impact your production environment and will not affect SAP S/4HANA Cloud, public edition customers.

In order to avoid disruption, authentication will need to be updated post-migration. Users can do this by updating their login ID to contain the .uat domain. For more information on how to update your login ID, please see the following knowledge base article.

Deprecation of Cash Advance v4 API

Effective October 1st, 2022, the Cash Advance v4 API is deprecated. This has been replaced by the release of Cash Advance v4.1. Decommission will follow.

Deprecation of Hotel Service v2 API

Effective October 14th, 2022, the Hotel Service v2 API is deprecated. This has been replaced by the release of Hotel Service v4. Decommission will follow.

Events for User Identity

Three external event topics have been released to inform users when an identity is created, updated, or deleted within their company. After subscribing to the topic, users will be updated when a new identity is created with a URL to the identity. Update events will include the updated attributes included within the event and a URL to the identity to retrieve values.

Demonstration Sample Code Now Available

Sample code that demonstrates how to obtain refresh tokens, automate token management, and use it to retrieve an access token to call an API is now available on the Authentication: Getting Started page.

Planned Change: Addition of ECDSA Encryption and Cipher Retirement

To provide ongoing security for our products, we plan to remove support for select ciphers on February 16, 2023, at 5 PM PST. For more information, please see the Planned Changes: Addition of ECDSA Encryption and Cipher Retirement in the October release notes.

Today, a user can maintain the same login ID for their test and production entities because they are in separate environments. With the plan to migrate both test and production entities to the same AWS production environment in the future, this will no longer be possible since each login ID must be unique.

While there is no action required for customers regarding this update, we want to ensure customers are aware of it because the change will be visible in certain areas of PSEs. To account for this change, we will append all PSE login IDs with a “.uat” domain during both migration and user creation to ensure they are unique and do not conflict with any existing production login ID. For example, johnsmith@123.com will become johnsmith@123.com.uat.

No changes will made to the login IDs in the current implementation environment in our private data centers.

This process will occur in the background during both the migration and user creation processes. Because we will manage this process, users will NOT have to make any changes to their login ID.

During the migration, user profiles will be synchronized to the new environment. Depending on the number of users to be synchronized, the synchronization process might take a few minutes, a few hours, or a few days. While this process is in progress, users might not be able to log into the PSE. If a user is unable to sign in after the migration, they should wait a few hours or as much as a day, before attempting to logging in again.

For migrated users, they will still use the same implementation URL and login ID they used prior to the AWS migration.

New clients will use the AWS production URL: https://us2.concursolutions.com or https://eu2.concursolutions.com with the appended login ID, which will include the appended domain (for example, johnsmith@123.com.uat, as shown).

This change will help to safeguard against any conflicts with production login IDs.

User Creation: Additionally, clients can use the exact same employee import files as they would in production. The .uat domain will also be applied to all aspects of user creation: FTP import, Excel import, entity restore, and more. Extracts: When generating accounting extracts or financial integration documents, we will automatically remove the .uat domain from login IDs that were appended during user creation. This will help to generate realistic extracts without requiring any actions from the clients, such as removing the appended domain. User Profile Sync Process: During the migration, user profiles will be synchronized to the new environment. Depending on the number of users to be synchronized, the synchronization process typically takes a few minutes or hours, but may take up to 72 hours. While this process is in progress, users might not be able to sign in to the PSE. If a user is unable to sign in after the migration, they should wait before attempting to sign in again. If the issue persists beyond 72 hours, please open a case with SAP Concur support.

NOTE: These changes apply to PSEs that have been moved or created in the AWS environment. Migration of PSEs is ongoing.

Ongoing

Migration of Test Entities & Production Sandbox Environment

Some SAP Concur users use Production Sandbox Environment (PSE) entities to set up, test, and train on new configurations prior to deploying them to their live production entity. We plan to migrate PSEs as part of our move to Amazon Web Services (AWS). For more information, please see the Test Entities: Production Sandbox Environment release note in the August Shared Release Notes.

IP Address Range for Callouts

Beginning in August and continuing through the end of 2022, servers that support SAP Concur callouts in the US & EMEA datacenters will be upgraded. For more information on this release note, please see the August Shared Release Notes.

Deprecations

APIs are being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

Date	API	Details
09/2021	Deprecation of User v1	User v1 service will be deprecated. User v1 service can be replaced with either the upcoming User Provisioning service and/or the Identity v4 service. Both of these services enable callers to CRUD user’s core/identity profile information like UUID, name, address, email, etc.
07/2021	User v3 API	We will be deprecating the User v3 API in a future release due to less secure authentication methods.
04/2021	Bulk User v3.1 API	We have deprecated the Bulk User v3.1 API for the US and EMEA data centers. This API is replaced by Identity v4. Decommission will follow. Bulk User v3.1 will remain available for China data centers.
01/2021	List v3 API	Effective April 16, 2021, we have deprecated the List v3 API. This API is replaced by the List v4 API. List v3 is planned to be retired in a future release.
01/2021	List Item v3 API	Effective April 16, 2021, we have deprecated the List Item v3 API. This API is replaced by the List Item v4 API. List Item v3 is planned to be retired in a future release. Please migrate to the List Item v4 API as soon as possible.
06/2020	Travel Profile Notification v1 API	We are deprecating the Travel Profile Notification v1 APIs due to low usage.
04/2020	Existing Concur Request APIs (v1.0, v3.0, v3.1)	Effective July 1, 2020, these APIs are replaced by the Concur Request v4 API. We have run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 API (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 API.
01/2020	List v1 API	We will be retiring the List v1 API in a future release. This API is replaced by the List v4 API.

Planned Changes

Date	API	Planned Change
05/2022	Filters for Identity v4 API	We will be releasing SCIM formatted search filters for the Identity v4 API based on user attributes to help refine search results. This functionality will allow users to use attributes, logical operators, and grouping operators to improve search results to their specific requirements.
04/2022	User Provisioning v4 API Available	The User Provisioning Service will allow users to create, update, and replace users. This will allow faster and increased access to user data attributes. Once a user is provisioned, the user identity will be created in Profile, Travel and Spend.
01/2022	Account Termination Date Will be in UTC for Travel Profile v2	The Account Termination Date will be returned in UTC. This will provide a consistent time and date reference for all users and all data centers.
01/2022	UUID is Returned in Success Response When New User Created via Travel Profile v2 API	Travel Profile v2 will return the user’s UUID synchronously in the success response. This will allow external systems that sync data with the API to have a unique identifier for the user’s profile immediately and use it on subsequent calls to update the user’s profile.
10/2021	Report Details v2 API Vulnerability Patch	We will be adding additional security to the Report Details v2 API. Current callers may receive a `401 - Unauthorized` response if using an unauthorized admin OAuth token to access reports.
09/2021	Request v4 - Deprecation of the Request Cash Advance Endpoint	Initially planned for October 2021, Concur Request will soon deprecate the Request Cash Advance detail endpoint. Date will be communicated in future communications.
04/2021	Invoice Pay v4 GET Call Parameter	GET calls will have the option to use the new `invoiceId` parameter to retrieve payment information and the ERP Document ID associated to the invoice. The feature will be automatically available; there will be no additional configuration or activation steps.
04/2021	Invoice Pay v4 PATCH Endpoint	With the new PATCH, the invoice will be updated with the `erpDocumentNumber` value in the body whenever an `invoiceId` is passed as part of the API URL. The feature will be automatically available; there will be no additional configuration or activation steps.