- API Reference
- Authentication
- Budget v4
-
Callouts
- Callouts and Application Connectors
- Delete notification requests
- Event Notification Callout
- Fetch Attendee Version 2 Callout
- Fetch List Callout
- Get notifications by status
- Launch an external URL request v1
- Launch External URL - Expense v4
- Launch External URL - Request v4
- Post an event notification request
- Post an attendee search request
- Post a list search request
- Cards v4
- Cash Advance v4.1
- Common
- Direct Connect - Ground Transportation v1
- Direct Connect - Hotel Service v4
- Document Compliance Gateway v4
- Event Subscription Service v4
- Exchange Rate v4
- Expense v1
- Expense v3
- Expense v4
- Financial Integration Service v4
- Insights
- Invoice
- Quick Expense v4
- Receipts
- Receipt Image
- Request v4
- Spend Documents v4
- Travel
- Travel Allowance v4
- Travel Profile
- User
- General
Scopes
Scope is a parameter as defined in the OAuth 2.0 standards (RFC6749) to enable a client to specify the scope of the access request. The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings although some implementations of scope uses a comma-delimited format. Scopes limit access for OAuth2 tokens and do not grant any additional permission beyond that which the client already has.
Scopes apply to applications only. Scopes play a crucial part in defining the ultimate access to a resource by a User.
User’s Roles / Permissions + Claims + Application Scopes
Naming Conventions
Concur services follow these standard naming conventions for scopes.
Template: {resource}.{optional subresource}.{action}
Examples: mileage.rate.read
receipts.read
List of v4 Actions
{actions} are common authorizations across resources.
| Action | Description | Examples |
|---|---|---|
read |
Read only access (GET) | receipts.read, budgetitem.read |
write |
Read AND Write access (GET, POST, UPDATE etc) | company.write, travel.receipts.write |
writeonly |
Write only access | mileage.journey.writeonly, receipts.writeonly |
delete |
Delete access | N/A |
List of API Scopes
A list of the various scopes and the APIs that use them is available here.