API Release Notes, July 2024
New This Month
Planned Change: Submitted Report PATCH for Expenses v4 API
The Report v4 API is releasing a new PATCH operation allowing updates to the report header in an unsubmitted or submitted expense report and is restricted to modify Business Purpose, Comment, Custom/Org unit, Name, and Paper Receipt Received fields only.
NOTE: This replaces the previously announced Report Short URL API planned change.
Important Update to Planned Change: New SSL certificate for *.concursolutions.com and *api.concursolutions.com.
See the full release note in the Ongoing section below.
*.api.concursolutions.com
- https://assets.concur.com/concurtraining/cte/en-us/api-concursolutions-comchain_RSA.pem
- https://assets.concur.com/concurtraining/cte/en-us/api-concursolutions-comchain_ECDSA.pem
NOTE: If you pin your certificates and you downloaded the updated *api.concursolutions.com certificate between June 14, 2024, and July 2, 2024, you might need to re-download the certificate. To verify whether you need to re-download your certificate, check the expiration date of the certificate you downloaded. The expiration date for your new certificate should be August 2, 2025, 23:59 GMT. If the expiration date of your certificate is earlier than August 2, 2025, 23:59 GMT, re-download the certificate.
To verify whether you need to re-download your certificate, check the expiration date of the certificate you downloaded. The expiration date for your new certificate should be August 2, 2025, 23:59 GMT. If the expiration date of your certificate is earlier than August 2, 2025, 23:59 GMT, re-download the certificate.
Now Available: UPS support for Invoice Employee, Authorized Approver, Cost Object Approver, Authorized Approver With Level Import
The User Provisioning Service supports the provisioning and updating of attributes found within the 360 and 700, 710, 720, 740, and 750 file import types. Mapping guides and supporting Postman collection have been updated to reflect this change.
Now Available: Travel Allowance v4
You can extract travel allowance information from the SAP Concur platform and read travel allowance itinerary data, calculation results, and configuration settings. Customers and partners can use the Travel Allowance API to build custom solutions to enhance their business processes wherever travel allowance data is needed. This could be reports, forms, special audit requirements, passing travel allowance data to time management systems for further processing and many more.
Planned Change: Decommission of Suppliers v3
We have decommissioned the Suppliers v3 API in accordance with the API Lifecycle & Deprecation Policy provision: “Where the API or the associated application have no adoption and are therefore being deleted.”
Ongoing
Planned Change: New SSL certificate for *.concursolutions.com and *api.concursolutions.com
To ensure the ongoing security of our products and services, the *.concursolutions.com and *.api.concursolutions.com SSL certificates are updated on an annual basis. The current certificates will expire as follows:
- 23:59 GMT on July 11, 2024 (*.concursolutions.com)
- 23:59 GMT on August 11, 2024 (*.api.concursolutions.com)
SAP Concur plans to issue new certificates as follows:
- 6PM PST on June 20, 2024 (*.concursolutions.com)
- 6PM PST July 25, 2024 (*.api.concursolutions.com)
Clients who have not pinned the expiring certificate do not need to take any action as their expiring certificate will be renewed automatically. Most clients do not pin the certificate.
NOTE: SAP ICS customers who follow the certificate handling processes described in the following note do not need to take any action: 2914977 - FAQ: Concur Certificates, Authentication, and Connectivity.
Clients who have pinned an expiring certificate must update to the new certificate before the new certificate is issued at 6PM PST on June 20, 2024 (.concursolutions.com) or at 6PM PST on July 25, 2024 (.api.concursolutions.com).
Clients who have pinned the certificate and who do not update it with the new certificate before it is renewed, will experience disruption to SAP Concur products and services.
Configuration / Feature Activation
IMPORTANT: Certificate pinning is not recommended, and you do so at your own risk. To support security for SAP Concur solutions, security certificates are renewed regularly. Pinned certificates are not renewed automatically and, if a pinned certificate is not renewed before it expires, the pinned certificate can cause a disruption of service.
To avoid disruption of service, clients who pin their security certificates must pin both the RSA and ECDSA certificates. Clients may obtain the new certificates from the following web pages:
*.concursolutions.com
- https://assets.concur.com/concurtraining/cte/en-us/concursolutions-com-chain_ECDSA.pem
- https://assets.concur.com/concurtraining/cte/en-us/concursolutions-com-chain_RSA.pem
*.api.concursolutions.com
- https://assets.concur.com/concurtraining/cte/en-us/api-concursolutions-com-chain_RSA.pem
- https://assets.concur.com/concurtraining/cte/en-us/api-concursolutions-com-chain_ECDSA.pem
NOTE: If you are not sure whether your concursolutions.com certificate is pinned, consult with your IT department.
Planned Change: PGP Key for File Transfers to be Replaced
Files transferred to SAP Concur solutions must be encrypted with the SAP Concur public PGP key.
- A new PGP key, key ID 8C51C89E, will be available in the client’s root folder beginning on or before May 24, 2024. The file name will be concursolutions.asc.
- The current key, key ID 9AFF10B5, will expire on September 4, 2024, and should no longer be used.
More information about migrating from the legacy key (key ID D4D727C0) to the new key (key ID 8C51C89E), will be provided in the June 2024 release notes.
The expiration date of the current key (key ID 9AFF10B5) cannot be changed. To ensure that file uploads continue to be processed after the key expires on September 4, 2024, clients must migrate to the new PGP key (key ID 8C51C89E) before the expiration date.
If you are unable to migrate to the new key (key ID 8C51C89E) before September 4, 2024, you can manually upload files using the Import / Extract Monitor feature.
For more information about the Import / Extract Monitor feature, refer to the Shared: Import/Extract Monitor User Guide.
Admin Experience
When it becomes available, an administrator with the required file transfer credentials can log into the file transfer site to retrieve the public PGP key, concursolutions.asc, from the root directory.
Configuration
When it becomes available, your internal file transfer administrator can add the new key to their PGP keyring and start using it to encrypt files being transferred to SAP Concur. If you require assistance, please contact SAP Concur support.
For more information, refer to the Shared: File Transfer for Customers and Vendors User Guide.
Planned Changes
In general, this table lists items that will be shipping in the next 30-60 days. For a broader view of features that are coming, please see our Road Map Explorer.
| Date | API | Planned Change |
|---|---|---|
| 05/2024 | Retention Period for Credit Card Data Files | For compliance reasons, SAP Concur will be implementing a process wherein card data files received from external sources (Issuing banks, Card associations) will be deleted from systems after 90 days. |
| 01/2024 | Hotel Service v4 | Updates to Hotel Service v4 that will remove existing elements from the |
Deprecations and Decommissions
APIs are being deprecated or decommissioned in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
| Date | API | Details |
|---|---|---|
| 03/2024 | Deprecation of Spend User Retrieval 4.0. | The decommission of password provisioning via file import will occur in April 2025. |
| 07/2023 | Decommission of Password Provisioning via File Import | The decommission of password provisioning via file import will occur on October 1st, 2023. |
| 07/2023 | Decommissioning of Password Provisioning | Beginning August 2nd, 2023, password provisioning for user accounts will not be supported. |
| 07/2023 | Decommission of User v1 Password Endpoint | The decommission of the User v1 password endpoint will occur on July 28th, 2023. |
| 06/2023 | Deprecation of Launch External URL Callout v1 | The Launch External URL V1 API is deprecated as of June 16th, 2023. Decommission will follow. |
| 01/2023 | Move from the Travel Request External Validation Callout v1 to the Event Subscription Service (ESS) | This callout was designed to work with the Concur Request v1 API that is in the process of being decommissioned. Users are strongly recommended to move to the Event Subscription Services (ESS) in order to subscribe to the Request events. |
| 12/2022 | Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1) | The decommission of the v1.0, v3.0, and v3.1 APIs is planned to conclude soon. Users that have not yet migrated to the Concur Request v4 APIs are strongly encouraged to make the required developments. |
| 11/2022 | Deprecation of User v1 | Effective November 10th, 2022, the User v1 API has been deprecated. This has been replaced by User Provisioning Service v4. Decommission has been extended and will conclude on May 31st, 2024. |
| 11/2022 | Deprecation of User v3 | Effective November 10th, 2022, the User v1 API has been deprecated. This has been replaced by User Provisioning Service v4. Decommission has been extended and will conclude on May 31st, 2024. |
| 04/2021 | Bulk User v3.1 API | We have deprecated the Bulk User v3.1 API for the US and EMEA data centers. This API is replaced by Identity v4. Decommission will follow. Bulk User v3.1 will remain available for China data centers. |
| 01/2021 | List v3 API | Effective April 16, 2021, we have deprecated the List v3 API. This API is replaced by the List v4 API. List v3 is planned to be retired in a future release. |
| 01/2021 | List Item v3 API | Effective April 16, 2021, we have deprecated the List Item v3 API. This API is replaced by the List Item v4 API. List Item v3 is planned to be retired in a future release. Please migrate to the List Item v4 API as soon as possible. |