API Release Notes, September 2021
Contents
- Ongoing: Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1)
- Ongoing: Retirement of List v1 API
- Ongoing: Retirement of List v3 API
- Ongoing: Retirement of List Item v3 API
- Ongoing: OAuth 2.0 Migration
- Ongoing: Decommission of Bulk User v3.1 API
- Ongoing: Application Connector Username and Password Length Requirements Updated
- Ongoing: Updated Naming Convention for Sub-URLs
- Ongoing: Deprecation of User v3 API
- Ongoing: Deprecation of Travel Profile Notification v1 API
- Ongoing: Deprecation of User v1
- Ongoing: Decommission of Hotel Service v1
- Planned Changes: New Invoice Pay v4 GET Call Parameter
- Planned Changes: New Invoice Pay v4 PATCH Endpoint
- Planned Changes: Request v4 API Event Subscription Service Topic Available
- Planned Changes: Request v4 - External Validations and Workflow Event Notifications
- Planned Changes: Request v4 - New Link to List Item Endpoint
- Planned Changes: Request v4 – Deprecation of the Request Cash Advance Endpoint
- Planned Changes: Request v4 - Agency Proposal Endpoint
- Planned Changes: Request v4 – New View Parameter Value for GET List of Existing Request Endpoint
- Planned Changes: Request v4 – Changes to GET Detail of an Existing Request Endpoint
- Enhanced Developer Center Experience
- Travel Profile v2 - Users’ Active Status Changes LastModifiedDate
- Travel Profile v2 - Returns Termination Date
- Budget v4 - Team Budgets Available
- Cash Advance v4 API Available
- Deeplink URL Integration Available
Ongoing: Decommission of Existing Concur Request APIs (v1.0, v3.0, v3.1)
Effective July 1, 2020, We have retired the Concur Request APIs (v1.0, v3.0, and v3.1). These APIs are replaced by the Concur Request v4 API.
Business Purpose / Client Benefit
The Concur Request APIs v1.0, v3.0, and v3.1 only support the previous authentication method, which is not best security practice and does not meet the OAuth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 API.
In addition, we have run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 API (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 API.
Ongoing: Retirement of List v1 API
We will be retiring the List v1 API in a future release. This API is replaced by the List v4 API.
Business Purpose / Client Benefit
This update removes an outdated API. The List v4 APIs use more secure and modern, fine-grained methods. These APIs use Universal Unique Identifiers (UUIDs) and use JSON instead of XML. Also, authentication to the List v4 APIs may be performed with a User JWT or a Company JWT, providing the opportunity to apply the principle of least privilege.
Configuration / Feature Activation
The List v1 API is being retired in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
If you currently use the List v1 API, please plan to migrate to the List Item v4 API as soon as possible.
Ongoing: Retirement of List v3 API
Effective April 16, 2021, we have deprecated the List v3 API. This API is replaced by the List v4 API. List v3 is planned to be retired in a future release.
Business Purpose / Client Benefit
This update removes an outdated API. The List v4 APIs use more secure and modern, fine-grained methods. These APIs use Universal Unique Identifiers (UUIDs) and use JSON instead of XML. Also, authentication to the List v4 APIs may be performed with a User JWT or a Company JWT, providing the opportunity to apply the principle of least privilege.
Configuration / Feature Activation
The List v3 API has been deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
If you currently use the List v3 API, please migrate to the List v4 API as soon as possible.
Ongoing: Retirement of List Item v3 API
Effective April 16, 2021, we have deprecated the List Item v3 API. This API is replaced by the List Item v4 API. List Item v3 is planned to be retired in a future release.
Business Purpose / Client Benefit
This update removes an outdated API. The List Item v4 APIs use more secure and modern, fine-grained methods. These APIs use Universal Unique Identifiers (UUIDs) and use JSON instead of XML. Also, authentication to the List Item v4 APIs may be performed with a User JWT or a Company JWT, providing the opportunity to apply the principle of least privilege.
Configuration / Feature Activation
The List Item v3 API has been deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
If you currently use the List Item v3 API, please migrate to the List Item v4 API as soon as possible.
Ongoing: OAuth 2.0 Migration
We will be converting from the legacy authentication (deprecated 2017) method to the new OAuth 2.0 authentication method. This effort will be taking place starting in the third quarter of 2021 and will conclude by the end of the second quarter of 2022.
Any existing partners, Client Web Service (CWS) clients, and clients with a Hosted Customer Connector using the legacy authentication (deprecated 2017) will need to be converted to the new OAuth 2.0 authentication. If you are a partner or a client using the legacy authentication (deprecated 2017) method, we will be reaching out and will provide communication on how to convert to the new OAuth 2.0 authentication. Clients with a Hosted Custom Connector will be handled by the SAP Concur Development team.
For more information, please refer to Authentication.
With the ongoing effort of the authentication conversion project, we will be placing the Register Partner Application UI into a read-only state. Existing customers who still access or use this UI would now only be able to view their legacy authentication applications. Clients will be unable to create net-new or modify their existing legacy authentication applications.
With the launch of the Company Request Token Self-Service Tool and the Self-Service Tool for Application Management in July 2021, Clients should begin utilizing these tools and UI to create Oauth 2.0 applications. If you feel that your company has a proper business case to create a net-new legacy authentication application, please submit an SAP Concur Support case. The support case will be reviewed and either approved or denied. We will only allowing exceptions for the creation of net new legacy authentication applications until September 20th, 2021.
Business Purpose / Client Benefit
This update provides more secure authentication methods.
Ongoing: Deprecation of Bulk User v3.1 API
We have deprecated the Bulk User v3.1 API for the US and EMEA data centers. This API is replaced by Identity v4. Decommission is scheduled for Q1 2022.
Bulk User v3.1 will remain available for China data centers.
Business Purpose / Client Benefit
This update removes an outdated API. The Identity v4 API allows for a granular access control and fetch limited data as per the need. This service is more resilient than Bulk User v3.1 API.
Configuration / Feature Activation
The Bulk User v3.1 API is being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
If you currently use the Bulk User v3.1 API, please plan to migrate to the Identity v4 API as soon as possible.
Ongoing: Application Connector Username and Password Length Requirements Updated
Changes are being made to the length of usernames and passwords associated with application connectors. For more information please see the Expense release notes.
Ongoing: Updated Naming Convention for Sub-URLs
Changes are being made to the naming conventions of sub-urls. For more information please see the Expense release notes.
Ongoing: Deprecation of User v3 API
As of August 2021, User v3 has been deprecated. Decommission will follow.
Business Purpose / Client Benefit
The User v3 API will be replaced due to less secure authentication methods.
Ongoing: Deprecation of Travel Profile Notification v1 API
We are deprecating the Travel Profile Notification v1 APIs due to low usage.
Business Purpose / Client Benefit
The Travel Profile Notification v1 APIs support older, less secure authentication methods.
Configuration / Feature Activation
The Travel Profile v1 APIs are being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
Ongoing: Deprecation of User v1
User v1 service will be deprecated. User v1 service can be replaced with either the upcoming User Provisioning service and/or the Identity v4 service. Both of these services enable callers to CRUD user’s core/identity profile information like UUID, name, address, email etc.
Business Purpose / Client Benefit
This update removes an outdated API. The Identity v4 API allows for a granular access control and fetch limited data as per the need. This service is more resilient than User v1 API.
Configuration / Feature Activation
The User v1 API is being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
Ongoing: Decommission of Hotel Service v1
Following the deprecation of Hotel Service v1 API’s in March 2019, we will be decommissioning the Hotel Service v1 APIs on December 31, 2021.
Any configuration that uses hotel content connectors that rely on HSv1 will be affected. Please reference the Hotel Service Travel Service Guide for a list of connectors. If you are a client of one of these connectors, please work with your TMC or administrator to switch to an HSv2 connection and/or GDS for your hotel content needs.
If you are a content provider, with the decommissioning of this API, our clients will only access hotel content via a GDS or Hotel Service v2 after December 2021. We are working with providers individually to discuss their options. Content providers can reach out to our partner developer team to discuss the process of establishing a new HSv2 connection.
Business Purpose / Client Benefit
This update removes an outdated API. Hotel Service v2 provides additional functionality and is more resilient than Hotel Service v1. If you currently use Hotel Service v1 please plan to migrate to Hotel Service v2 as soon as possible.
Configuration / Feature Activation
The Hotel Service v1 API is being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
Planned Changes: New Invoice Pay v4 GET Call Parameter
We will be releasing an additional parameter for the Invoice Pay v4 API. GET calls will have the option to use the new invoiceId
parameter to retrieve payment information and the ERP Document ID associated to the invoice.
Business Purpose / Client Benefit
This update will allow Invoice Payment Provider Partners to retrieve the payment information and ERP Document ID of a single invoice.
Configuration / Feature Activation
The feature will be automatically available; there will be no additional configuration or activation steps.
Planned Changes: New Invoice Pay v4 PATCH Endpoint
We will be releasing a PATCH endpoint for the Invoice Pay v4 API. With the new PATCH, the invoice will be updated with the erpDocumentNumber
value in the body whenever an invoiceId
is passed as part of the API URL.
Business Purpose / Client Benefit
This update will allow Invoice Payment Provider Partners to update the ERP Document ID field on an invoice. Customers will then be able to use the ERP Document ID to help reconcile extracted invoices from SAP Concur services with invoices in their ERP system.
Configuration / Feature Activation
The feature will be automatically available; there will be no additional configuration or activation steps.
Planned Changes: Request v4 API Event Subscription Service Topic Available
Concur Request will be introducing a Request Status Changed event using the Event Subscription Service API on the public.concur.request topic. Customers and partners will be able to subscribe to events that will be published as the request traverses through the workflow.
Business Purpose / Client Benefit
Notification when a request is at a workflow step avoids the need for a client to keep polling via APIs at regular intervals to identify reports that are in a particular status. The event message bus is a reliable medium for receiving these notifications and will simplify the sequence of calls required to complete the use cases for clients and partners.
Planned Changes: Request v4 External Validations and Workflow Event Notifications
For the October release, Concur Request will introduce the ability for Concur Admins to configure event notifications at the workflow step level. When a request reaches a specific step in a workflow that is configured for external notifications, a third-party application will be prompted to complete the required action on the corresponding report.
Business Purpose / Client Benefit
More flexibility allows users to be able to create notifications for multiple steps across the workflow for third-party applications. Customers have use cases and business processes that need to occur in parallel as requests move through the workflow in Concur Request. These event notifications will be an efficient way to start those processes so that requests are approved on time.
Configuration / Feature Activation
Admins will configure an event notification for a workflow step by modifying the workflow step’s condition on the Modify Workflow Step page. More information will be added with the release.
Planned Changes: Request v4 - New Link to List Item Endpoint
In October 2021, Concur Request will be introducing a new link toward the List Item endpoint for Request custom fields related to a List.
Business Purpose / Client Benefit
The availability of the List Item endpoint will enable Request consumers to have a better interaction with custom fields related to a List (create/update custom fields related to a List).
To enable a better interaction between APIs, a new link will be provided within the Request customField
schema to redirect to the corresponding List Item endpoint of the List API.
Configuration / Feature Activation
The feature is automatically available; there are no additional configuration or activation steps.
Please find more information on the List Item v4 API.
Planned Changes: Request v4 - Deprecation of the Request Cash Advance Endpoint
Effective in the beginning of October 2021, Concur Request will deprecate the Request Cash Advance detail endpoint.
Business Purpose / Client Benefit
As part of the Feature parity project to externalize the Request v4 API, a temporary Request cash advance detail endpoint was developed, awaiting the availability of the Cash Advance v4 API, planned end of September 2021.
Effective in the beginning of October 2021, the Request cash advance list endpoint will redirect consumers to the Retrieve a Cash Advance endpoint, part of the Cash Advance v4 API. This endpoint has feature parity with the temporary Request endpoint. Consumers will also benefit from additional fields provided within the Cash Advance v4 API.
Configuration / Feature Activation
The feature is automatically available; there are no additional configuration or activation steps.
For more information on the Cash Advance API, please reach out to your SAP Concur Web services contact.
Planned Changes: Request v4 - Agency Proposal Endpoint
In Q4 2021, we will release an additional Request v4 API endpoint that will offer the ability for travel agencies to interact with Concur Request to submit travel itineraries directly into a request, via the agency proposal feature with Request v4 API.
The support of the agency proposal feature through our v4 APIs, available on the Request NextGen UI, will bring benefits of a better experience, simpler connectivity, and deeper integration between travel agencies and Concur Request, as well as a better user experience in their interaction with their travel agencies.
This new endpoint will provide added value to the existing Request v4 API, which already offers the ability for a user to interact with Concur Request to perform the following:
- Get the list of existing Requests.
- Get the detailed information of existing Requests.
- Create, Read, Update, or Delete an existing Request.
- Move an existing Request through the approval flow.
- Get the list of Expected Expenses (including trip segments) in a Request.
- Create, Read, Update, or Delete an expected expense (including trip segments) for a Request.
- Get the list of Request policies assigned to a given user.
- Get information of a travel agency office.
Business Purpose / Client Benefit
This additional endpoint will provide better capabilities for travel agencies who want to benefit from the Concur Request agency proposal feature with a direct consumption of the Request v4 API.
Configuration / Feature Activation
Depending on your travel agency, this feature may not be available for your company. Please coordinate with your travel agency to confirm their development completion of the required Request v4 API endpoints to benefit from this feature.
Additional information, please see the Request v4 API documentation.
Planned Changes: Request v4 – New View Parameter Value for GET List of Existing Request Endpoint
In October 2021, Concur Request will introduce a new ACTIVEAPPROVED
view parameter for the Get the List of existing Requests endpoint.
Business Purpose / Client Benefit
The current ACTIVE
view parameter enables Request API consumers to retrieve the list of all active Requests for a given traveler.
The addition of the new ACTIVEAPPROVED
view parameter will enable to restrict the list of Request to approved Requests for a given traveler.
Configuration / Feature Activation
The feature is automatically available; there are no additional configuration or activation steps.
Additional information, please see the Request v4 API documentation.
Planned Changes: Request v4 – Changes to GET Detail of an Existing Request Endpoint
In October 2021, Concur Request will introduce new eventRequest
field and enhancing the existing extensionOf
field within the GET detail of an existing Request endpoint.
Business Purpose / Client Benefit
The new eventRequest
field will enable to display the parent Event Request to which the child Request is related, if created from an Event Request. The existing extensionOf
field will display, in addition to the RequestID
(short ID) already provided, the unique identifier of the Request as well as the hyperlink to the get detail endpoint of this Request.
Configuration / Feature Activation
The feature is automatically available; there are no additional configuration or activation steps.
Enhanced Developer Center Experience
On September 28th, 2021, the Developer Center will provide an enhanced user interface with improved navigation and streamlined release notes. Some expected downtimes may occur while we complete the migration.
Business Purpose / Client Benefit
Enhanced navigation creates a better user experience.
Travel Profile v2 - Users’ Active Status Changes LastModifiedDate
Prior to this update, a change in a user’s status from Active
to Inactive
, or Inactive
to Active
, did not trigger as a change in the LastModifiedTime
in their profile. Consequently, user’s with a changed Active Status were not retrieved in the Profile Summary. With this update, a change in a user’s status from Active
to Inactive
, or Inactive
to Active
, will trigger a change to the LastModifiedTime
.
Consequently:
- Calls to Travel Profile Summary endpoint, may retrieve additional profiles based on changes to those users’ Active status
- Responses from the Travel Summary endpoint will have a
LastModifiedDate
that reflects changes to Active Status
Business Purpose / Client Benefit
This will result in more accurate and up-to-date user profile data.
Travel Profile v2 - Returns Termination Date
Currently, the Travel Profile v2 API does not return the user’s Termination Date. With this enhancement, we will include the user’s Account Termination Date in the response. It is part of the General Section and requires the Company Details (COMPD
) scope.
Business Purpose / Client Benefit
This enhancement will allow clients, TMCs, or other partners who actively manage user profiles via Travel Profile v2 to be able to keep users’ Termination Dates in sync.
Budget v4 - Team Budgets Available
Budget is releasing the new Team budgets. This will enable the users to create a new type of budget called Team Budget where they will be able to provide a list of team members whose spending items are approved by the budget owner. The budget owner will be able to edit the association of the team members with the budget by providing enrollment status and time period of their enrollment.
There are some changes required in the payload to POST a team budget. We have modified the existing payload to create budget by adding in a new field called budgetTeamMembers
that will be populated with the list of team members who are to be enrolled in the budget. We have added a new enum value for the field budgetType
called TEAM
if the budget being posted is of type team budget.
The budgetTeamMembers
is an array of team members where each team member is denoted by data type budgetItemBudgetTeam
.
Business Purpose / Client Benefit
Benefits include:
- Associating multiple team members to a budget.
- Editing enrollment of each team member in the budget.
- Allowing matching of spend items submitted only by the owner and team members of the budget.
Configuration / Feature Activation
This feature is automatically available; there are no additional configuration or activation steps.
Cash Advance v4 API Available
The Cash Advance v4 API will empower an employee to request and receive cash in advance of a trip. Cash Advance v4 will ensure that a user is not out of cash during a business trip. In markets where corporate cards are seldom issued, Cash Advance v4 will provide a useful mechanism to ensure the employee is not out of pocket.
Business Purpose / Client Benefit
The Cash Advance v4 API will provide partners and customers the ability to manage cash advances. While using the API, customers can create, view, and issue a cash advance. The API will help customers to customize the usage of cash advances according to their needs.
Deeplink URL Integration Available
We have provided an integration into Concur Expense for end users to review Expense reports at the click of a button. A deeplink URL can be created by customers and partners that can be used by end users to access Expense reports. Users can review their own reports or approvers/auditors can review reports that have been routed to them.
Business Purpose / Client Benefit
Customers and partners can extend SAP Concur solutions functionality by creating deeplinks directly to Expense reports. This can provide direct access to reports individually or to the Expense landing page from a third party application.
Configuration / Feature Activation
This feature is automatically available; there are no additional configuration or activation steps.
Please refer to the Deeplink URL Integration guide for more information on limitations.