API Release Notes, June 2024
New This Month
Planned Change: Report Short URL API
The Report Short URL API will provide a PATCH endpoint allowing companies to edit certain report-level attributes on expense reports prior to extraction. Editable attributes will include custom fields/org units, business purpose, comment and report name.
Now Available: Request v4 New isPaymentCardRelated Field
Concur Request has introduced a new isPaymentCardRelated field within the Get the list of expected Expenses and Get the content of an expected expense endpoints at the entry level.
The addition of a new isPaymentCardRelated field within the Request v4 API is aligned with the addition of a new Is Payment Card Related boolean field within the Request Entry Forms and Fields. This Is Payment Card Related boolean field will be made available to Concur Request customers to enable their end users to select if one or several expected expenses (including segments) would require the need of a payment card. Customers and partners consuming the Concur Request v4 APIs will have the ability to know which Request has at least one expected expense requiring a payment card (see Request Event new feature section below), and retrieve the corresponding amount via those endpoints.
The Is Payment Card Related field can be added at the Request entry level for one or several expected expenses (including segments).
For more information about how to add a new field within a Request entry form, please refer to the Concur Request: Forms and Fields technical guide.
If an end user selects the Is Payment Card Related field within an expected expense, the isPaymentCardRelated field will be set to true within the Get the list of expected expenses endpoint as well as the Get the content of an expected expense endpoint, for this corresponding expected expense. Else the field with show false. Several expected expenses of a Request can have the field Is Payment Card Related selected by their traveler.
Now Available: Request Event New isPaymentCardRelated Field
Concur Request has introduced a new isPaymentCardRelated field within the Concur Request Event Facts fields.
The new isPaymentCardRelated field is aligned with the addition of the new Is Payment Card Related boolean field within the Request Entry Forms and Fields. The Is Payment Card Related field can be added at the Request entry level for one or several expected expenses (including segments). More information within the new feature Request v4 API section above.
If an end user selects the Is Payment Card Related for at least one expected expense (including segments) of a Request, then the Request workflow status change event will contain the isPaymentCardRelated fact field set to true. Else the field with show false.
Planned Change: Travel Allowance v4 API
The Travel Allowance v4 API allows you to extract travel allowance information from the SAP Concur platform. The API provides the possibility to read travel allowance itinerary data, calculation results, and configuration settings.
The API can be used by customers and partners to build custom solutions to enhance their business processes wherever travel allowance data is needed. This could be reports, forms, special audit requirements, passing travel allowance data to time management systems for further processing and many more.
Now Available: Spend Documents v4 Update
We have released an update to Spend Documents V4. This allows partners to directly post compliance documents on behalf of a SAP Concur user to Concur Expense.
- POST endpoint to allow posting of new receipts.
- PUT endpoint to allow upload of compliance documents.
- GET endpoint to allow retrieval of receipt details by
ReceiptIdor byImageIdandCompanyId.
Now Available: Deep Links now available for Air, Car, Hotel, and Rail
Concur Travel has added support for deep link URLs to Car, Hotel, and Rail Search Results. By providing URL parameters, customers and partners will be able to create a deep link that users can follow and land on Concur search results page bypassing the homepage.
This feature enables clients and partners to incorporate Concur Travel into the journey maps they design for their end users. Developers can leverage the deep link to allow the user to skip the Concur home page and the search widget, making the booking process a more seamless part of larger end-to-end processes.
Now Available: Cost Object Workflow
The Workflow v4 API page has been updated to include the new Cost Object workflow functionality. This endpoint allows external callers to view a report’s approver related cost objects within a cost object approval workflow.
Planned Change: New SSL certificate for *.concursolutions.com and *api.concursolutions.com
To ensure the ongoing security of our products and services, the *.concursolutions.com and *.api.concursolutions.com SSL certificates are updated on an annual basis. The current certificates will expire as follows:
- 23:59 GMT on July 11, 2024 (*.concursolutions.com)
- 23:59 GMT on August 11, 2024 (*.api.concursolutions.com)
SAP Concur plans to issue new certificates as follows:
- 6PM PST on June 20, 2024 (*.concursolutions.com)
- 6PM PST July 25, 2024 (*.api.concursolutions.com)
Clients who have not pinned the expiring certificate do not need to take any action as their expiring certificate will be renewed automatically. Most clients do not pin the certificate.
NOTE: SAP ICS customers who follow the certificate handling processes described in the following note do not need to take any action: 2914977 - FAQ: Concur Certificates, Authentication, and Connectivity.
Clients who have pinned an expiring certificate must update to the new certificate before the new certificate is issued at 6PM PST on June 20, 2024 (.concursolutions.com) or at 6PM PST on July 25, 2024 (.api.concursolutions.com).
Clients who have pinned the certificate and who do not update it with the new certificate before it is renewed, will experience disruption to SAP Concur products and services.
Configuration / Feature Activation
IMPORTANT: Certificate pinning is not recommended, and you do so at your own risk. To support security for SAP Concur solutions, security certificates are renewed regularly. Pinned certificates are not renewed automatically and, if a pinned certificate is not renewed before it expires, the pinned certificate can cause a disruption of service.
To avoid disruption of service, clients who pin their security certificates must pin both the RSA and ECDSA certificates. Clients may obtain the new certificates from the following web pages:
*.concursolutions.com
- https://assets.concur.com/concurtraining/cte/en-us/concursolutions-com-chain_ECDSA.pem
- https://assets.concur.com/concurtraining/cte/en-us/concursolutions-com-chain_RSA.pem
*.api.concursolutions.com
- https://assets.concur.com/concurtraining/cte/en-us/api-concursolutions-com-chain_RSA.pem
- https://assets.concur.com/concurtraining/cte/en-us/api-concursolutions-com-chain_ECDSA.pem
NOTE: If you are not sure whether your concursolutions.com certificate is pinned, consult with your IT department.
Ongoing
Planned Change: PGP Key for File Transfers to be Replaced
Files transferred to SAP Concur solutions must be encrypted with the SAP Concur public PGP key.
- A new PGP key, key ID 8C51C89E, will be available in the client’s root folder beginning on or before May 24, 2024. The file name will be concursolutions.asc.
- The current key, key ID 9AFF10B5, will expire on September 4, 2024, and should no longer be used.
More information about migrating from the legacy key (key ID D4D727C0) to the new key (key ID 8C51C89E), will be provided in the June 2024 release notes.
The expiration date of the current key (key ID 9AFF10B5) cannot be changed. To ensure that file uploads continue to be processed after the key expires on September 4, 2024, clients must migrate to the new PGP key (key ID 8C51C89E) before the expiration date.
If you are unable to migrate to the new key (key ID 8C51C89E) before September 4, 2024, you can manually upload files using the Import / Extract Monitor feature.
For more information about the Import / Extract Monitor feature, refer to the Shared: Import/Extract Monitor User Guide.
Admin Experience
When it becomes available, an administrator with the required file transfer credentials can log into the file transfer site to retrieve the public PGP key, concursolutions.asc, from the root directory.
Configuration
When it becomes available, your internal file transfer administrator can add the new key to their PGP keyring and start using it to encrypt files being transferred to SAP Concur. If you require assistance, please contact SAP Concur support.
For more information, refer to the Shared: File Transfer for Customers and Vendors User Guide.
Deprecations and Decommissions
APIs are being deprecated or decommissioned in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
| Date | API | Details |
|---|---|---|
| 03/2024 | Deprecation of Spend User Retrieval 4.0. | The decommission of password provisioning via file import will occur in April 2025. |
| 07/2023 | Decommission of Password Provisioning via File Import | The decommission of password provisioning via file import will occur on October 1st, 2023. |
| 07/2023 | Decommissioning of Password Provisioning | Beginning August 2nd, 2023, password provisioning for user accounts will not be supported. |
| 07/2023 | Decommission of User v1 Password Endpoint | The decommission of the User v1 password endpoint will occur on July 28th, 2023. |
| 06/2023 | Deprecation of Launch External URL Callout v1 | The Launch External URL V1 API is deprecated as of June 16th, 2023. Decommission will follow. |
| 01/2023 | Move from the Travel Request External Validation Callout v1 to the Event Subscription Service (ESS) | This callout was designed to work with the Concur Request v1 API that is in the process of being decommissioned. Users are strongly recommended to move to the Event Subscription Services (ESS) in order to subscribe to the Request events. |
| 12/2022 | Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1) | The decommission of the v1.0, v3.0, and v3.1 APIs is planned to conclude soon. Users that have not yet migrated to the Concur Request v4 APIs are strongly encouraged to make the required developments. |
| 11/2022 | Deprecation of User v1 | Effective November 10th, 2022, the User v1 API has been deprecated. This has been replaced by User Provisioning Service v4. Decommission has been extended and will conclude on May 31st, 2024. |
| 11/2022 | Deprecation of User v3 | Effective November 10th, 2022, the User v1 API has been deprecated. This has been replaced by User Provisioning Service v4. Decommission has been extended and will conclude on May 31st, 2024. |
| 10/2022 | Deprecation of Cash Advance v4 | Effective October 1st, 2022, the Cash Advance v4 API is deprecated. This has been replaced by the release of Cash Advance v4.1. Decommission will follow on October 2, 2023. |
| 10/2022 | Deprecation of Hotel Service v2 | Effective October 14th, 2022, the Hotel Service v2 API is deprecated. This has been replaced by the release of Hotel Service v4. Decommission will follow on October 16, 2023. |
| 04/2021 | Bulk User v3.1 API | We have deprecated the Bulk User v3.1 API for the US and EMEA data centers. This API is replaced by Identity v4. Decommission will follow. Bulk User v3.1 will remain available for China data centers. |
| 01/2021 | List v3 API | Effective April 16, 2021, we have deprecated the List v3 API. This API is replaced by the List v4 API. List v3 is planned to be retired in a future release. |
| 01/2021 | List Item v3 API | Effective April 16, 2021, we have deprecated the List Item v3 API. This API is replaced by the List Item v4 API. List Item v3 is planned to be retired in a future release. Please migrate to the List Item v4 API as soon as possible. |
| 06/2020 | Travel Profile Notification v1 API | We are deprecating the Travel Profile Notification v1 APIs due to low usage. |
| 01/2020 | List v1 API | We will be retiring the List v1 API in a future release. This API is replaced by the List v4 API. |
Planned Changes
| Date | API | Planned Change |
|---|---|---|
| 05/2024 | Retention Period for Credit Card Data Files | For compliance reasons, SAP Concur will be implementing a process wherein card data files received from external sources (Issuing banks, Card associations) will be deleted from systems after 90 days. |
| 01/2024 | Hotel Service v4 | Updates to Hotel Service v4 that will remove existing elements from the |
| 11/2023 | Expense Report v1.1 | We will be adding a new request query parameter includeInactive={Y/N} to return both active and inactive delegators for a particular delegate. If this parameter is not present the API will return only active delegators (no change from current behavior). |
| 09/2023 | Travel Profile API 2.0 | All partners and customers currently using Travel Profile API 2.0 will need to prepare their systems to support two new Gender values: Unknown and Unspecified. The support for those new values is planned to be released in Q1 2024. |
| 05/2023 | Get Cost Objects Request v4 API | This endpoint will allow external callers to view a Request’s approver related cost objects within a cost object approval workflow. |