Profile v1 - Getting Started
Important: This API is currently in pre-release status and is only available to approved early access participants. The API is under development and might change before being generally released. To become an early access participant, contact your SAP Concur Representative.
Getting Started - Company API - User API
The Profile API consists of a set of APIs to manage users, companies and apps within Concur. Profile API is the API for profile information for all SAP Concur profile data, including Enterprise applications such as Expense, Invoice, Request, and Travel, as well as Retail applications such as TripIt.
Limitations
Access to this documentation does not provide access to the API.
Security
Profile API can be accessed using following authentication methods:
- Access Token based authentication
Access Token Authentication
An access token based authenticated call is made in the context of a principal (user/company/app). When an access token is used, it must be supplied in the ‘Authorization’ HTTP header by the caller.
The access token must have scopes that are relevant for the API call. For example, in order to call the Company API correctly, the token must include the company.read scope or the API call will fail. Similiarly, an API call to retrieve user information will succeed only if the token has user.read scope. You will receive “access denied” error if the scope does not match the API call you are trying to make.
To obtain or refresh an access token, please refer to OAuth2 - Getting Started.
Profile Endpoints
The base URL for the Profile API is:
https://host/profile/v1/
The following production hosts are available:
| Data Center | Environments | Host | Description |
|---|---|---|---|
| US | Production | https://us.api.concursolutions.com |
- |
| US | Production - access token | https://www-us.api.concursolutions.com |
This is for clients that cannot handle the server request for x.509 cert. |
| US | Implementation | https://us-impl.api.concursolutions.com |
- |
| EMEA | Production | https://emea.api.concursolutions.com |
- |
| EMEA | Production - access token | https://www-emea.api.concursolutions.com |
This is for clients that cannot handle the server request for x.509 cert. |
| EMEA | Implementation | https://emea-impl.api.concursolutions.com |
- |
| CHINA | Production | https://cn.api.concurcdc.cn |
- |
| CHINA | Production - access token | https://www-cn.api.concurcdc.cn |
This is for clients that cannot handle the server request for x.509 cert. |
Profile APIs are aware of the US and EMEA data centers. If an API call is made against a specific data center and the target resource is not stored in that data center, you will receive a “301-redirect” that points to the right location for the resource.
Caveats
Changes in Profile do not follow the typical notification or deprecation processes. If you want to be included in the Profile related notifications, please email profile@concur.com.