The Event Subscription Service (ESS) implements the Publish/Subscribe pattern using principles of Event Driven Architecture in the SAP Concur platform. It allows clients and partners to be notified through web services when certain actions take place in connected companies. When the business/system event occurs ESS sends that event to the configured endpoint with relevant information.
EventTypethat represents a type of entity change or specific state in a workflow. Example: Report Created, Report Submitted, etc.
In order to begin receiving events, you must first subscribe to the relevant topic(s) for your application. To subscribe to an event, you must work with your relevant SAP Concur technical contact; for partners, please work with your technical enablement contact. For customers, your web services consultant will subscribe on your behalf to the relevant topic(s).
There are two levels of scopes required for creating subscription.
||Access to ESS API||GET, POST, PUT, DELETE|
||Access to specific topic (events)||GET, POST, PUT, DELETE|
events.topic.readscope an empty list of topics will always be returned.
ESS requires a caller to have a proper JWT and scopes, for more details please see the Scopes documentation. A caller must have the following types of scopes:
events.topic.readis required to be able to access ESS API.
expense.request.readis required to be able to access the
expense.requesttopic and to be able to create subscriptions to that topic.
All required scopes can be requested for a caller application by Partner Enablement team.
It is important to remember that ESS doesn’t have an API that you can call for events, ESS delivers events to your endpoint.
ESS guarantees at least once event delivery. This is accomplished through the retry posting the event payload to the subscribers’ endpoint until the response indicates successful receipt. The expected maximum acknowledgment time for a request to the subscribers’ endpoint is 30 seconds. The service will attempt posting to the endpoint and then hold and retry until the subscriber endpoint responds with delivered or not accepted. The service will retry at least 3 days and skip to the next event after unsuccessful delivery. We suggest that the subscriber consider following:
There are several ways that you can be sure that your endpoint being accessed by our service.
CN=webhook.api.concursolutions.com,O=Concur Technologies\, Inc.,L=Bellevue,ST=Washington,C=USand the certificate serial number is
Concur-Signature. If you decide to use this authentication method you will need our Public Key.
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS1LsXrEWEEMPooLHa4r osCAnmkO3HaBAk0YcsDMR6hQeuQNLqRWP65TpbfTbKWmZ22Hzep3Ekhs1qvSZgI+ iq/bnVeDhkcD+LqVQGP+7fyE0E0bO96FOzMmtbRet4wAiiE9+uw5GmZfg+fRG3yI y2N5u5p7VHJ1RwNugrIUQjhrLvZc+lhqR/aKTxQCQ5CGAgLZIcr3FIWCWrSBMK3d Wy3KI+qe3ZX0STrCCNxl2UFnuuAa2RZZ2j4QtWHlNkyK+UEup+cGkvpc1XrT7anL HlbTP6jE7MqB5sJ9r2EEzrJzJZjD13UqlzvI61tTC8SKpuk5AEaSsUV7RKlKUCjB 8wIDAQAB -----END PUBLIC KEY-----
The Event Subscription service has the following characteristics from the subscriber perspective: