API Release Notes, March 2025

New This Month

Now Avaialble: New Endpoint for Access Token Requests by Third-Party Partners

All third-party partners making access token requests are required to use https://glz.api.concursolutions.com/oauth2/v0/token. This ensures that you receive the correct geolocation for your API calls. Ensure that you make the necessary adjustments to keep the service uninterrupted.

Decomissioned: Bulk User v3.1 API

Effective Date: January 21, 2025

The Bulk User v3.1 API has been officially decommissioned and is no longer supported. Clients are advised to transition to the User Provisioning Service v4 or Identity v4 APIs, which offer enhanced functionality, improved performance, and expanded capabilities to meet modern provisioning needs.

Preview: reportCreated Event for Concur Expense

Concur Expense Events will be amended to include a reportCreated event. This will be on the same public.concur.expense.report topic associated with this event group. This event will be published upon any report creation whether through the product UI, Create a New Report API, or other automated sources, for example, Expense Assistant.

Preview: Support of Hotel Date Modification for Hotel Connectors

Hotel connectors will support the modification of check-in and check-out dates using the Hotel Service v4 Modify endpoint. This will allow users to change their dates of stay without having to cancel and rebook. When a user selects Change, we will send a rate-details request to the connector using the same ratePlanId as used in the original booking, together with the confirmationCodes associated with the original booking. The Hotel Connector will respond with the price details for the new dates so the user can review and accept. Once the user confirms the change request, we will invoke the modify endpoint.

The support of modification is optional. If the modification is supported by the Hotel Connector, they must send back the following flag in the Reservation response indicating whether that booking can be modified:

 ],
 “isModifiable”:  true
}

Preview: Single PNR solution for the Hotel Connector Booking

Overview

For bookings made through hotel connectors today, we create a new PNR in the appropriate GDS and adds a passive segment to that PNR with details of the hotel booking made by the Hotel Connector. The Hotel Connector also creates a PNR in the GDS with the active segment. This causes issues for the TMC and the Hotel Connector as SAP Concur platform PNR is in the SAP Concur standard format and any changes have to be made manually as no PNR synch is available.

This Single PNR solution will result in only one PNR created for the Hotel Connector booking. The solution will allow us and the Hotel Connector to work in the PNR at the same time using lock/release. For GDS content, the Hotel Connector will add an active segment. For non-GDS content, the Hotel Connector will add a passive segment.

API Details

The reservation/modify request will be sent with the SAP Concur platform PNR locator (ConfirmationCodeType: CONCUR_GDS_REFERENCE) to the Hotel Connector supplier. If the connector supports the single PNR solution the ActiveSegmentInConcurPNR flag will be added to the HSV4 ReservationDetails and will be handled in the reservation/modify response. If the booking is cancelled, we will forward the cancellation number in the cancel request to the Hotel Connector.

Updated Preview: Retrieve Expense Taxes by Expense ID

The Expense Report Service API suite will be updated to include a mechanism to retrieve tax details for a specified expense entry. These details will include individual tax amounts, tax authority specifics, and custom data. Currently, only aggregate tax amounts are exposed by the Retrieve an Expense by ID API and its expenseTaxSummary element.

This endpoint will initially only support Company JWT authentication.

Further documentation to be provided soon.

Ongoing

Preview: v4.1 FormFields Endpoint for Spend User

Overview

The new v4.1 FormFields endpoint will replicate the functionality of the api/user/v1.0/FormFields API in a JSON response format. This update simplifies integration with modern applications, improves performance and enhances the developer experience.

Key Enhancements

• JSON Response Format – Replaces XML, enabling easier data parsing and integration with modern frameworks.
• Simplified Integration – Enhances development efficiency, making debugging and maintenance more straightforward.
• Backward Compatibility – Ensures a easy transition for systems currently using XML-based responses.

Impact & Actions

• Developers will be able to work with JSON-formatted data, aligning with modern application architectures.
• Existing integrations remain supported, but teams will be encouraged to update to JSON for optimal performance and maintainability.

Now Available: Verified Email Flag Management in SAP Concur Profile via Identity 4.1 and UPS 4.0 APIs

We have re-released of the Verified Email Flag Management feature that enables clients to manage the verified email flag within SAP Concur user profiles via the Identity 4.1 or UPS 4.0 APIs, offering enhanced control over user profile management and verification processes. Users still retain the option to verify their email addresses independently. The feature now requires clients and partners to use the identity.user.emails.verified.writeonly scope to utilize the functionality. Without this scope, the verified email flag will remain read-only.

Key Features

Verified Email Flag Management: Clients can set or update the verified email flag for user profiles, ensuring email addresses are accurately marked as verified within SAP Concur.

How to Use

• During user creation or updates, set the emails.verified parameter using the identity.user.emails.verified.writeonly scope within the Identity 4.1 or UPS 4.0 API.
• Refer to the Identity API documentation for implementation details.

Benefits

• Simplifies email management workflows.
• Reduces the need for manual intervention to set verification values.
• Enhances profile security and integrity.

For more information, visit the UPS or Identity 4.1 API Reference pages, or contact your SAP Concur representative.

Preview: SSL Certificate Renewal for *.concursolutions.com and *api.concursolutions.com

Updated with links to new certificates.

Starting in October 2025, DigiCert Global Root CA will be replaced by DigiCert Global Root G2. To ensure clients have adequate time to prepare for this Root certificate change, SAP Concur plans to renew the certificates for *.concursolutions.com and *api.concursolutions.com in March 2025.

Note: The intermediate certificate and Root certificate for *.concursolutions.com and *.api.concursolutions.com will not change in March 2025. Only the end-entity certificate (leaf certificate) will be updated.

Availability Target Details: The intermediate certificate and Root certificate for *.concursolutions.com and *.api.concursolutions.com will not change in March 2025.

SAP Concur plans to issue new certificates as follows:

• 6PM PST on March 21, 2025 (*.concursolutions.com)
• 6PM PST March 27, 2025 (*.api.concursolutions.com)

The current certificates will expire as follows:

• 23:59 GMT on May 13, 2025 (*.concursolutions.com)
• 23:59 GMT on August 2, 2025 (*.api.concursolutions.com)

Clients who have not pinned the expiring certificate do not need to take any action as their expiring certificate will be renewed automatically. Most clients do not pin the certificate.

Note: SAP ICS customers who follow the certificate handling processes described in the following note do not need to take any action:2914977 - FAQ: Concur Certificates, Authentication, and Connectivity.

User Experience

Clients who have pinned an expiring certificate must update to the new certificate before the new certificate is issued at 6PM PST on March 20, 2025 (.concursolutions.com) or at 6PM PST on March 27, 2025 (.api.concursolutions.com).

Clients who have pinned the certificate and who do not update it with the new certificate before it is renewed, will experience disruption to SAP Concur products and services.

Configuration / Feature Activation

IMPORTANT! Certificate pinning is not recommended, and you do so at your own risk. To support security for SAP Concur solutions, security certificates are renewed regularly. Pinned certificates are not renewed automatically and, if a pinned certificate is not renewed before it expires, the pinned certificate can cause a disruption of service.

To avoid disruption of service, clients who pin their security certificates must pin both the RSA and ECDSA certificates. Clients may obtain the new certificates from the following web pages:

*.concursolutions.com

https://assets.concur.com/concurtraining/cte/en-us/concursolutions-com-chain_RSA.pem

https://assets.concur.com/concurtraining/cte/en-us/concursolutions-com-chain_ECDSA.pem

*.api.concursolutions.com

https://assets.concur.com/concurtraining/cte/en-us/api-concursolutions-com-chain_RSA.pem

https://assets.concur.com/concurtraining/cte/en-us/api-concursolutions-com-chain_ECDSA.pem

Note:If you are not sure whether your *concursolutions.com certificate is pinned, consult with your IT department.

Previews

In general, this table lists items that will be shipping in the next 30-60 days. For a broader view of features that are coming, please see our Road Map Explorer.

Deprecations and Decommissions

APIs are being deprecated or decommissioned in accordance with the SAP Concur API Lifecycle & Deprecation Policy.