API Release Notes, March 2020
Contents
- Planned Changes: Budget v4 API Soon Available
- Planned Changes: New SSL Certificate for concursolutions.com
- Ongoing: Quick Expense v1 and Quick Expense v3 Retirement and Decommission
- Ongoing: Retirement and Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1)
- Deprecation of Existing Concur Request APIs (v1.0, v3.0, v3.1)
- TLS v1.1 SSL Protocol Not Allowed for File Transfers
- HTTPS Protocol No Longer Allowed for File Transfer
Planned Changes: Budget v4 API Soon Available
SAP Concur will release the Budget v4 API for partner and client use in a future release. Budget v4 provides the following features:
- Fiscal Calendar: This API can GET, POST, and DELETE fiscal years and periods similar to the Fiscal Calendar UI in Budget Configuration.
- Budget Category: This API can GET, POST, and DELETE budget categories, and GET all expense types of a budget category.
- Budget Items: This API can GET, POST, and DELETE budget items including details such as period amounts, budget item tracking fields (cost objects), budget viewers, managers, and approvers.
- Budget Tracking Field: This API can GET all budget tracking fields.
- Budget Adjustment: This API can POST budget adjustments.
- Global Availability: Budget v4 API is supported in all SAP Concur data centers.
Business Purpose / Client Benefit
This new Budget API enables clients and partners to integrate Budget with their ERP and HR systems to automate budget configuration and maintenance as well as importing external transactions not captured via SAP Concur through budget adjustments.
Configuration / Feature Activation
The Budget v4 API will be available to SAP Concur clients who have purchased Web Services, or partners who have contracted with SAP Concur.
Planned Changes: New SSL Certificate for concursolutions.com
In an effort to ensure the ongoing security of our products and services, SAP Concur has issued a new concursolutions.com SSL certificate. The current certificate will expire on April 14, 2020.
Any customer who has pinned this expiring certificate will need to update to the new certificate prior to April 14, 2020. If the pinned certificate is not updated prior to April 14, 2020, your organization and users will experience disruption to SAP Concur products and services.
Customers who have not pinned the certificate do not need to take any action as the new certificate is updated automatically. Most customers do not pin the certificate.
Please be aware: As an enhancement to our Security and Compliance program, this certificate will be updated on an annual basis.
Business Purpose / Client Benefit
This update provides ongoing security for our products and services.
Configuration / Feature Activation
Please consult with your IT department to check if this applies to you. The new SSL certificate can be accessed here: http://assets.concur.com/concurtraining/cte/en-us/concursolutions.cert.pem Supply this URL to your IT department.
To save the certificate, click the link above, select all the text in the browser, copy it to a file, then name the file concursolutions.cert.pem.
Ongoing: Quick Expense v1 and Quick Expense v3 Retirement and Decommission
Effective March 31, 2020, the Quick Expense v1 and Quick Expense v3 APIs will be retired and decommissioned. We encourage all current users to migrate to Quick Expense v4 as soon as possible.
Please refer to the deprecation policy for definitions and additional information.
Business Purpose / Client Benefit
This update removes two outdated APIs.
Ongoing: Retirement and Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1)
Effective December 1, 2020, SAP Concur will be retiring the existing Concur Request APIs (v1.0, v3.0, and v3.1). These APIs are replaced by the Concur Request v4 APIs.
Business Purpose / Client Benefit
The Concur Request APIs v1.0, v3.0 and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 APIs.
In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 APIs (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 APIs.
Deprecation of Existing Concur Request APIs (v1.0, v3.0, v3.1)
SAP Concur is deprecating the existing Concur Request APIs (v1.0, v3.0, and v3.1). These APIs are replaced by the Concur Request v4 APIs.
Business Purpose / Client Benefit
The Concur Request APIs v1.0, v3.0 and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 APIs.
In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 APIs (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 APIs.
TLS v1.1 SSL Protocol Not Allowed for File Transfers
This release note is intended for technical staff responsible for file transmissions with SAP Concur. For our customers and vendors participating in data exchange through various secure file transfer protocols, SAP Concur has made changes that provide greater security for those file transfers.
The TLS 1.1 (Transport Layer Security) SSL protocol has been removed from our SAP Concur file transfer system allowed list.
- This relates to the FTPS and HTTPS file transfer protocols.
- The HTTPS file transfer protocol will not be allowed beginning on February 24, 2020. If you are currently using HTTPS, we suggest migrating to SFTP with key authentication.
This announcement pertains to the following file transfer DNS endpoints:
- st.concursolutions.com
- st-eu.concursolutions.com
- st-cge.concursolutions.com
- st-cge-dr.concursolutions.com
- vs.concursolutions.com
- vs.concurcdc.cn
Business Purpose / Client Benefit
These changes provide greater security for file transfers.
Configuration / Feature Activation
If assistance is required, please contact SAP Concur support.
HTTPS Protocol No Longer Allowed for File Transfer
This release note is intended for the technical staff responsible for file transmissions with SAP Concur. For our customers and vendors participating in data exchange through various secure file transfer protocols, SAP Concur has made changes that provide greater security for those file transfers.
As of 2 PM PST on February 24, 2020, connections via the HTTPS protocol are no longer allowed when connecting to the SAP Concur file transfer system.
- • Existing HTTPS file transfer accounts must now switch to SFTP with SSH Key.
This announcement pertains to the following file transfer DNS endpoints:
- st.concursolutions.com
- st-eu.concursolutions.com
- st-cge.concursolutions.com
- st-cge-dr.concursolutions.com
- vs.concursolutions.com
- vs.concurcdc.cn
Business Purpose / Client Benefit
These changes provide greater security for file transfers.
Configuration / Feature Activation
If assistance is required, please contact SAP Concur support.