API Release Notes, March 2025
New This Month
Updated Preview: Retrieve Expense Taxes by Expense ID
The Expense Report Service API suite will be updated to include a mechanism to retrieve tax details for a specified expense entry. These details will include individual tax amounts, tax authority specifics, and custom data. Currently, only aggregate tax amounts are exposed by the Retrieve an Expense by ID API and its expenseTaxSummary element.
This endpoint will initially only support Company JWT authentication.
Further documentation to be provided soon.
Ongoing
Now Available: Verified Email Flag Management in SAP Concur Profile via Identity 4.1 and UPS 4.0 APIs
We have re-released of the Verified Email Flag Management feature that enables clients to manage the verified email flag within SAP Concur user profiles via the Identity 4.1 or UPS 4.0 APIs, offering enhanced control over user profile management and verification processes. Users still retain the option to verify their email addresses independently.
The feature now requires clients and partners to use the identity.user.emails.verified.writeonly scope to utilize the functionality. Without this scope, the verified email flag will remain read-only.
Key Features
Verified Email Flag Management: Clients can set or update the verified email flag for user profiles, ensuring email addresses are accurately marked as verified within SAP Concur.
How to Use
- During user creation or updates, set the
emails.verifiedparameter using theidentity.user.emails.verified.writeonlyscope within the Identity 4.1 or UPS 4.0 API. - Refer to the Identity API documentation for implementation details.
Benefits
- Simplifies email management workflows.
- Reduces the need for manual intervention to set verification values.
- Enhances profile security and integrity.
For more information, visit the UPS or Identity 4.1 API Reference pages, or contact your SAP Concur representative.
Preview: SSL Certificate Renewal for *.concursolutions.com and *api.concursolutions.com
Updated with links to new certificates.
Starting in October 2025, DigiCert Global Root CA will be replaced by DigiCert Global Root G2. To ensure clients have adequate time to prepare for this Root certificate change, SAP Concur plans to renew the certificates for *.concursolutions.com and *api.concursolutions.com in March 2025.
Note: The intermediate certificate and Root certificate for *.concursolutions.com and *.api.concursolutions.com will not change in March 2025. Only the end-entity certificate (leaf certificate) will be updated.
Availability Target Details: The intermediate certificate and Root certificate for *.concursolutions.com and *.api.concursolutions.com will not change in March 2025.
SAP Concur plans to issue new certificates as follows:
- 6PM PST on March 21, 2025 (*.concursolutions.com)
- 6PM PST March 27, 2025 (*.api.concursolutions.com)
The current certificates will expire as follows:
- 23:59 GMT on May 13, 2025 (*.concursolutions.com)
- 23:59 GMT on August 2, 2025 (*.api.concursolutions.com)
Clients who have not pinned the expiring certificate do not need to take any action as their expiring certificate will be renewed automatically. Most clients do not pin the certificate.
Note: SAP ICS customers who follow the certificate handling processes described in the following note do not need to take any action:2914977 - FAQ: Concur Certificates, Authentication, and Connectivity.
User Experience
Clients who have pinned an expiring certificate must update to the new certificate before the new certificate is issued at 6PM PST on March 20, 2025 (.concursolutions.com) or at 6PM PST on March 27, 2025 (.api.concursolutions.com).
Clients who have pinned the certificate and who do not update it with the new certificate before it is renewed, will experience disruption to SAP Concur products and services.
Configuration / Feature Activation
IMPORTANT! Certificate pinning is not recommended, and you do so at your own risk. To support security for SAP Concur solutions, security certificates are renewed regularly. Pinned certificates are not renewed automatically and, if a pinned certificate is not renewed before it expires, the pinned certificate can cause a disruption of service.
To avoid disruption of service, clients who pin their security certificates must pin both the RSA and ECDSA certificates. Clients may obtain the new certificates from the following web pages:
*.concursolutions.com
https://assets.concur.com/concurtraining/cte/en-us/concursolutions-com-chain_RSA.pem
https://assets.concur.com/concurtraining/cte/en-us/concursolutions-com-chain_ECDSA.pem
*.api.concursolutions.com
https://assets.concur.com/concurtraining/cte/en-us/api-concursolutions-com-chain_RSA.pem
https://assets.concur.com/concurtraining/cte/en-us/api-concursolutions-com-chain_ECDSA.pem
Note:If you are not sure whether your *concursolutions.com certificate is pinned, consult with your IT department.
Previews
In general, this table lists items that will be shipping in the next 30-60 days. For a broader view of features that are coming, please see our Road Map Explorer.
| Date | API | Preview |
|---|---|---|
| 05/2024 | Retention Period for Credit Card Data Files | For compliance reasons, SAP Concur will be implementing a process wherein card data files received from external sources (Issuing banks, Card associations) will be deleted from systems after 90 days. |
| 01/2024 | Hotel Service v4 | Updates to Hotel Service v4 that will remove existing elements from the |
Deprecations and Decommissions
APIs are being deprecated or decommissioned in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
| Date | API | Details |
|---|---|---|
| 03/2024 | Deprecation of Spend User Retrieval 4.0. | The decommission of password provisioning via file import will occur in April 2025. |
| 06/2023 | Deprecation of Launch External URL Callout v1 | The Launch External URL V1 API is deprecated as of June 16th, 2023. Decommission will follow. |
| 01/2023 | Move from the Travel Request External Validation Callout v1 to the Event Subscription Service (ESS) | This callout was designed to work with the Concur Request v1 API that is in the process of being decommissioned. Users are strongly recommended to move to the Event Subscription Services (ESS) in order to subscribe to the Request events. |
| 04/2021 | Bulk User v3.1 API | We have deprecated the Bulk User v3.1 API for the US and EMEA data centers. This API is replaced by Identity v4. Decommission will follow. Bulk User v3.1 will remain available for China data centers. |
| 01/2021 | List v3 API | Effective April 16, 2021, we have deprecated the List v3 API. This API is replaced by the List v4 API. List v3 is planned to be retired in a future release. |
| 01/2021 | List Item v3 API | Effective April 16, 2021, we have deprecated the List Item v3 API. This API is replaced by the List Item v4 API. List Item v3 is planned to be retired in a future release. Please migrate to the List Item v4 API as soon as possible. |