API Release Notes, March 2025
New This Month
Now Available: Retrieve Expense Taxes by Expense ID
The Expense Report Service API suite includes a mechanism to retrieve tax details for a specified expense entry. These details include individual tax amounts, tax authority specifics, and custom data. Previously, only aggregate tax amounts were exposed by the Retrieve an Expense by ID API and its expenseTaxSummary
element.
This endpoint only supports Company JWT authentication.
For full API documentation, check out Expense Tax v4.
Now Available: reportCreated Event for Concur Expense
Concur Expense Events has been amended to include a reportCreated
event. This uses the same public.concur.expense.report
topic associated with this event group. This event will be published upon any report creation whether through the product UI, Create a New Report API, or other automated sources, such as the Expense Assistant, for example.
Preview: Cash Advance Associations v4 APIs for Reports
The Expense Report Service API suite will be updated to include APIs to retrieve, update, and delete cash advance associations to a report.
Now Available: v4.1 FormFields Endpoint for Spend User
Overview
The new v4.1 FormFields endpoint replicates the functionality of the api/user/v1.0/FormFields API in a JSON response format. This update simplifies integration with modern applications, improves performance and enhances the developer experience.
Key Enhancements
- JSON Response Format – Replaces XML, enabling easier data parsing and integration with modern frameworks.
- Simplified Integration – Enhances development efficiency, making debugging and maintenance more straightforward.
- Backward Compatibility – Ensures a easy transition for systems currently using XML-based responses.
Impact & Actions
- Developers can work with JSON-formatted data, aligning with modern application architectures.
- Existing integrations remain supported, but teams are encouraged to update to JSON for optimal performance and maintainability.
For full API documentation, refer to Spend Form Fields v4.1.
Note: The decommission of User V1 Form Fields will occur on June 30th, 2026. This will affect access to the Form Fields API. Please work with your SAP Concur representative if you have any questions.
Now Available: New Endpoint for Access Token Requests by Third-Party Partners
All third-party partners making access token requests are required to use https://glz.api.concursolutions.com/oauth2/v0/token. This ensures that you receive the correct geolocation for your API calls. Ensure that you make the necessary adjustments to keep the service uninterrupted.
Decomissioned: Bulk User v3.1 API
Effective Date: January 21, 2025
The Bulk User v3.1 API has been officially decommissioned and is no longer supported. Clients are advised to transition to the User Provisioning Service v4 or Identity v4 APIs, which offer enhanced functionality, improved performance, and expanded capabilities to meet modern provisioning needs.
Preview: Support of Hotel Date Modification for Hotel Connectors
Hotel connectors will support the modification of check-in and check-out dates using the Hotel Service v4 Modify endpoint. This will allow users to change their dates of stay without having to cancel and rebook. When a user selects Change, we will send a rate-details request to the connector using the same ratePlanId
as used in the original booking, together with the confirmationCodes
associated with the original booking. The Hotel Connector will respond with the price details for the new dates so the user can review and accept. Once the user confirms the change request, we will invoke the modify endpoint.
The support of modification is optional. If the modification is supported by the Hotel Connector, they must send back the following flag in the Reservation response indicating whether that booking can be modified:
],
“isModifiable”: true
}
Preview: Single PNR solution for the Hotel Connector Booking
Overview
For bookings made through hotel connectors today, the SAP Concur platform creates a new PNR in the appropriate GDS and adds a passive segment to that PNR with details of the hotel booking made by the Hotel Connector. The Hotel Connector also creates a PNR in the GDS with the active segment. This causes issues for the TMC and the Hotel Connector as SAP Concur platform PNR is in the SAP Concur standard format and any changes have to be made manually as no PNR synch is available.
This Single PNR solution will result in only one PNR created for the Hotel Connector booking. The solution will allow us and the Hotel Connector to work in the PNR at the same time using lock/release. For GDS content, the Hotel Connector will add an active segment. For non-GDS content, the Hotel Connector will add a passive segment.
API Details
The reservation/modify
request will be sent with the SAP Concur platform PNR locator (ConfirmationCodeType: CONCUR_GDS_REFERENCE
) to the Hotel Connector supplier. If the connector supports the single PNR solution the ActiveSegmentInConcurPNR
flag will be added to the HSV4 ReservationDetails
and will be handled in the reservation/modify
response. If the booking is cancelled, we will forward the cancellation number in the cancel
request to the Hotel Connector.
Ongoing
Now Available: Verified Email Flag Management in SAP Concur Profile via Identity 4.1 and UPS 4.0 APIs
We have re-released of the Verified Email Flag Management feature that enables clients to manage the verified email flag within SAP Concur user profiles via the Identity 4.1 or UPS 4.0 APIs, offering enhanced control over user profile management and verification processes. Users still retain the option to verify their email addresses independently.
The feature now requires clients and partners to use the identity.user.emails.verified.writeonly
scope to utilize the functionality. Without this scope, the verified email flag will remain read-only.
Key Features
Verified Email Flag Management: Clients can set or update the verified email flag for user profiles, ensuring email addresses are accurately marked as verified within SAP Concur.
How to Use
- During user creation or updates, set the
emails.verified
parameter using theidentity.user.emails.verified.writeonly
scope within the Identity 4.1 or UPS 4.0 API. - Refer to the Identity API documentation for implementation details.
Benefits
- Simplifies email management workflows.
- Reduces the need for manual intervention to set verification values.
- Enhances profile security and integrity.
For more information, visit the UPS or Identity 4.1 API Reference pages, or contact your SAP Concur representative.
Preview: SSL Certificate Renewal for *.concursolutions.com and *api.concursolutions.com
Updated with links to new certificates.
Starting in October 2025, DigiCert Global Root CA will be replaced by DigiCert Global Root G2. To ensure clients have adequate time to prepare for this Root certificate change, SAP Concur plans to renew the certificates for *.concursolutions.com and *api.concursolutions.com in March 2025.
Note: The intermediate certificate and Root certificate for *.concursolutions.com and *.api.concursolutions.com will not change in March 2025. Only the end-entity certificate (leaf certificate) will be updated.
Availability Target Details: The intermediate certificate and Root certificate for *.concursolutions.com and *.api.concursolutions.com will not change in March 2025.
SAP Concur plans to issue new certificates as follows:
- 6PM PST on March 21, 2025 (*.concursolutions.com)
- 6PM PST March 27, 2025 (*.api.concursolutions.com)
The current certificates will expire as follows:
- 23:59 GMT on May 13, 2025 (*.concursolutions.com)
- 23:59 GMT on August 2, 2025 (*.api.concursolutions.com)
Clients who have not pinned the expiring certificate do not need to take any action as their expiring certificate will be renewed automatically. Most clients do not pin the certificate.
Note: SAP ICS customers who follow the certificate handling processes described in the following note do not need to take any action:2914977 - FAQ: Concur Certificates, Authentication, and Connectivity.
User Experience
Clients who have pinned an expiring certificate must update to the new certificate before the new certificate is issued at 6PM PST on March 20, 2025 (.concursolutions.com) or at 6PM PST on March 27, 2025 (.api.concursolutions.com).
Clients who have pinned the certificate and who do not update it with the new certificate before it is renewed, will experience disruption to SAP Concur products and services.
Configuration / Feature Activation
IMPORTANT! Certificate pinning is not recommended, and you do so at your own risk. To support security for SAP Concur solutions, security certificates are renewed regularly. Pinned certificates are not renewed automatically and, if a pinned certificate is not renewed before it expires, the pinned certificate can cause a disruption of service.
To avoid disruption of service, clients who pin their security certificates must pin both the RSA and ECDSA certificates. Clients may obtain the new certificates from the following web pages:
*.concursolutions.com
https://assets.concur.com/concurtraining/cte/en-us/concursolutions-com-chain_RSA.pem
https://assets.concur.com/concurtraining/cte/en-us/concursolutions-com-chain_ECDSA.pem
*.api.concursolutions.com
https://assets.concur.com/concurtraining/cte/en-us/api-concursolutions-com-chain_RSA.pem
https://assets.concur.com/concurtraining/cte/en-us/api-concursolutions-com-chain_ECDSA.pem
Note:If you are not sure whether your *concursolutions.com certificate is pinned, consult with your IT department.
Previews
In general, this table lists items that will be shipping in the next 30-60 days. For a broader view of features that are coming, please see our Road Map Explorer.
Date | API | Preview |
---|---|---|
05/2024 | Retention Period for Credit Card Data Files | For compliance reasons, SAP Concur will be implementing a process wherein card data files received from external sources (Issuing banks, Card associations) will be deleted from systems after 90 days. |
01/2024 | Hotel Service v4 | Updates to Hotel Service v4 that will remove existing elements from the |
Deprecations and Decommissions
APIs are being deprecated or decommissioned in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
Date | API | Details |
---|---|---|
03/2024 | Deprecation of Spend User Retrieval 4.0. | The decommission of password provisioning via file import will occur in April 2025. |
06/2023 | Deprecation of Launch External URL Callout v1 | The Launch External URL V1 API is deprecated as of June 16th, 2023. Decommission will follow. |
01/2023 | Move from the Travel Request External Validation Callout v1 to the Event Subscription Service (ESS) | This callout was designed to work with the Concur Request v1 API that is in the process of being decommissioned. Users are strongly recommended to move to the Event Subscription Services (ESS) in order to subscribe to the Request events. |
01/2021 | List v3 API | Effective April 16, 2021, we have deprecated the List v3 API. This API is replaced by the List v4 API. List v3 is planned to be retired in a future release. |
01/2021 | List Item v3 API | Effective April 16, 2021, we have deprecated the List Item v3 API. This API is replaced by the List Item v4 API. List Item v3 is planned to be retired in a future release. Please migrate to the List Item v4 API as soon as possible. |