API Release Notes, January 2022

New This Month

Planned Change: Account Termination Date Will be in UTC for Travel Profile v2

Currently the Travel Profile v2 API is returning the Account Termination Date in the timestamp of the SAP Concur data center in which the user resides. In some instances, this results in a different date than an external system that is calling the API.

In February, the Account Termination Date will be returned in UTC. This will provide a consistent time and date reference for all users and all data centers.

Planned Change: UUID is Returned in Success Response When New User Created via Travel Profile v2 API

With this change, when a new user is successfully created, Travel Profile v2 will return the user’s UUID synchronously in the success response. This will allow external systems that sync data with the API to have a unique identifier for the user’s profile immediately and use it on subsequent calls to update the user’s profile.

Request v4 API – Agency Proposal Endpoint GA

Effective mid-December 2021, we have released an additional Request v4 API endpoint that will offer the ability for travel agencies to interact with Concur Request to submit travel itineraries directly into a request, via the agency proposal feature.

The support of the agency proposal feature, available on the Request NextGen UI, will provide a better experience, simpler connectivity, and deeper integration between travel agencies and Concur Request, as well as a better user experience in their interaction with their travel agencies.

This endpoint will provide added value to the existing Request v4 API, which already offers the ability for a user to interact with Concur Request to perform the following:

  • Get the list of existing Requests.
  • Get the detailed information of existing Requests.
  • Create, read, update, or delete an existing Request.
  • Move an existing Request through the approval flow.
  • Get the list of Expected Expenses (including trip segments) in a Request.
  • Create, read, update, or delete an expected expense (including trip segments) for a Request.
  • Get the list of Request policies assigned to a given user.
  • Get information of a travel agency office.

This additional endpoint will provide better capabilities for travel agencies who want to benefit from the Concur Request agency proposal feature with a direct consumption of the Request v4 API.

Depending on your travel agency, this feature may not be available for your company. Please coordinate with your travel agency to confirm their development completion of the required Request v4 API endpoints to benefit from this feature. Additional information, please see the Request v4 API documentation.

Decommission of Hotel Service v1

As of December 31, 2021 the Hotel Service v1 is decommissioned.

Any configuration that used hotel content connectors that relied on HSv1 are affected. Please reference the Hotel Service Travel Service Guide for a list of connectors. If you are a client of one of these connectors, please work with your TMC or administrator to switch to an HSv2 connection and/or GDS for your hotel content needs.

If you are a content provider, with the decommissioning of this API, our clients will only access hotel content via a GDS or Hotel Service v2 after December 2021. We are working with providers individually to discuss their options. Content providers can reach out to our partner developer team to discuss the process of establishing a new HSv2 connection.

Travel Profile v2 API Will No Longer Return Latitude and Longitude of the Work Address in User Profiles

As of December 15, 2021, the Travel Profile v2 API no longer returns the Work Address Latitude and Longitude fields in User profiles.

Travel Profile v2 API Will No Longer Provide MobileName, MobileDevice, and PrimaryMobile Attribute in User Profiles

As of December 15,2021, Travel Profile v2 API no longer returns MobileName, MobileDevice, and PrimaryMobile attribute in User profiles.

Planned Changes: New Client SSL Certificate for ESS webhook.api.concursolutions.com

To ensure the ongoing security of our products and services, the Event Subscription Service will be issuing a new webhook.api.concursolutions.com SSL certificate

Any customer who has pinned this expiring certificate will need to update to the new certificate prior to the expiration date. If the pinned certificate is not updated prior, your organization and users will experience disruption to SAP Concur products and services. Customers who have not pinned the certificate do not need to take any action as the new certificate is updated automatically. Most customers do not pin the certificate.

NOTE: As an enhancement to our Security and Compliance program, this certificate will be updated on an annual basis.


OAuth 2.0 Migration

We will be converting from the legacy authentication (deprecated 2017) method to the new OAuth 2.0 authentication method. This effort will be taking place starting in the third quarter of 2021 and will conclude by June 30th, 2022.

Any existing partners, Client Web Service (CWS) clients, and clients with a Hosted Customer Connector using the legacy authentication (deprecated 2017) will need to be converted to the new OAuth 2.0 authentication. If you are a partner or a client using the legacy authentication (deprecated 2017) method, we will be reaching out and will provide communication on how to convert to the new OAuth 2.0 authentication. Clients with a Hosted Custom Connector will be handled by the SAP Concur Development team.

For more information, please refer to Authentication.

With the ongoing effort of the authentication conversion project, we will be placing the Register Partner Application UI into a read-only state. Existing customers who still access or use this UI would now only be able to view their legacy authentication applications. Clients will be unable to create net-new or modify their existing legacy authentication applications.

With the launch of the Company Request Token Self-Service Tool and the Self-Service Tool for Application Management in July 2021, Clients should begin utilizing these tools and UI to create OAuth 2.0 applications. If you feel that your company has a proper business case to create a net-new legacy authentication application, please submit an SAP Concur Support case. The support case will be reviewed and either approved or denied. We will only allowing exceptions for the creation of net new legacy authentication applications until September 20th, 2021.

Application Connector Username and Password Length Requirements Updated

Changes are being made to the length of usernames and passwords associated with application connectors. For more information please see the Expense release notes.

Updated Naming Convention for Sub-URLs

Changes are being made to the naming conventions of sub-urls. For more information please see the Expense release notes.


APIs are being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.

Date API Details
09/2021 Deprecation of User v1 User v1 service will be deprecated. User v1 service can be replaced with either the upcoming User Provisioning service and/or the Identity v4 service. Both of these services enable callers to CRUD user’s core/identity profile information like UUID, name, address, email, etc.
07/2021 User v3 API We will be deprecating the User v3 API in a future release due to less secure authentication methods.
04/2021 Bulk User v3.1 API We have deprecated the Bulk User v3.1 API for the US and EMEA data centers. This API is replaced by Identity v4. Decommission will follow. Bulk User v3.1 will remain available for China data centers.
01/2021 List v3 API Effective April 16, 2021, we have deprecated the List v3 API. This API is replaced by the List v4 API. List v3 is planned to be retired in a future release.
01/2021 List Item v3 API Effective April 16, 2021, we have deprecated the List Item v3 API. This API is replaced by the List Item v4 API. List Item v3 is planned to be retired in a future release. Please migrate to the List Item v4 API as soon as possible.
06/2020 Travel Profile Notification v1 API We are deprecating the Travel Profile Notification v1 APIs due to low usage.
04/2020 Existing Concur Request APIs (v1.0, v3.0, v3.1) Effective July 1, 2020, these APIs are replaced by the Concur Request v4 API. We have run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 API (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 API.
01/2020 List v1 API We will be retiring the List v1 API in a future release. This API is replaced by the List v4 API.

Planned Changes

Date API Planned Change
11/2021 Some TLSv1.2 Ciphers No Longer Supported Beginning on February 1, 2022, SAP Concur solutions will no longer support connections to *.concursolutions.com and * api.concursolutions.com that use certain TLSv1.2 ciphers.
10/2021 Report Details v2 API Vulnerability Patch We will be adding additional security to the Report Details v2 API. Current callers may receive a 401 - Unauthorized response if using an unauthorized admin OAuth token to access reports.
09/2021 Request v4 - Deprecation of the Request Cash Advance Endpoint Initially planned for October 2021, Concur Request will soon deprecate the Request Cash Advance detail endpoint. Date will be communicated in future communications.
04/2021 Invoice Pay v4 GET Call Parameter GET calls will have the option to use the new invoiceId parameter to retrieve payment information and the ERP Document ID associated to the invoice. The feature will be automatically available; there will be no additional configuration or activation steps.
04/2021 Invoice Pay v4 PATCH Endpoint With the new PATCH, the invoice will be updated with the erpDocumentNumber value in the body whenever an invoiceId is passed as part of the API URL. The feature will be automatically available; there will be no additional configuration or activation steps.

On this page