API Release Notes, December 2022
New This Month
Decommission of Concur Request APIs (v1.0, v3.0 and v3.1)
A decommissioning date of the v1.0, v3.0, and v3.1 APIs has now been defined and is planned for May 31, 2023. Clients that have not yet moved to the Concur Request V4 APIs will have until this date to make the required developments. After May 31, 2023, the legacy Concur Request APIs (v1.0, v3.0, v3.1) will no longer be available into Production, in accordance also with the SAP Concur API Lifecycle & Deprecation Policy.
API Timeline for v1.0, v3.0, v3.1:
- Deprecation: March 1, 2020 – May 31, 2021
- Decommission: June 01, 2021 - May 31, 2023
The Concur Request APIs v1.0, v3.0 and v3.1 only support the previous authentication method, which is not best security practice and does not meet the OAuth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 APIs.
In addition, SAP has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 APIs (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 APIs.
Please work with your Concur representative to move from your current legacy Concur Request APIs (v1.0, v3.0, v3.1) towards the Request v4 APIs.
Itemizations v4 API Available
The Itemizations v4 API allows users to download a summary of itemizations on a report entry. This enables developers to quickly get a list of itemizations for a report. If necessary, the expense ID of the itemization can be passed as a parameter to the Expense v4 API to retrieve full details of an itemization.
Planned Change: Deprecation and Decommission of Vendor v3
Due to Export Control and Sanctions Compliance regulations, we will be deprecating and decommissioning the Vendors v3 API. Once Vendors v3.1 is released, users will have sixty days to migrate to the latest version of the API. This is done in accordance to the SAP Concur API Lifecycle & Deprecation Policy, as this is required by law.
Planned Change: Vendor v3.1 API Available
We will be releasing the Vendor v3.1 API. This API will have the same functionality as the previous Vendors v3 API, with the exception of now aligning with Export Control and Sanctions Compliance regulations.
Ongoing
Migration of Test Entities & Production Sandbox Environment
Some SAP Concur users use Production Sandbox Environment (PSE) entities to set up, test, and train on new configurations prior to deploying them to their live production entity. We plan to migrate PSEs as part of our move to Amazon Web Services (AWS). For more information, please see the Test Entities: Production Sandbox Environment release note in the August Shared Release Notes.
SAP ICS Connector Production Sandbox Environment Migration Change Required
By early December 2022, we will be completing the migration of implementation environments to AWS. After migration, all users who are currently using:
- The SAP ICS Connector in their Production Sandbox Environment
- Legacy authentication (user and password)
will encounter an error in the Production Sandbox Environment. This will not impact your production environment and will not affect SAP S/4HANA Cloud, public edition customers.
In order to avoid disruption, authentication will need to be updated post-migration. Users can do this by updating their login ID to contain the .uat domain. For more information on how to update your login ID, please see the following knowledge base article.
IP Address Range for Callouts
Beginning in August and continuing through the end of 2022, servers that support SAP Concur callouts in the US & EMEA datacenters will be upgraded. For more information on this release note, please see the August Shared Release Notes.
Deprecations
APIs are being deprecated in accordance with the SAP Concur API Lifecycle & Deprecation Policy.
Date | API | Details |
---|---|---|
11/2022 | Deprecation of User v1 | Effective November 10th, 2022, the User v1 API has been deprecated. This has been replaced by User Provisioning Service v4. Decommission will follow on November 10th, 2023. |
11/2022 | Deprecation of User v3 | Effective November 10th, 2022, the User v1 API has been deprecated. This has been replaced by User Provisioning Service v4. Decommission will follow on November 10th, 2023. |
10/2022 | Deprecation of Cash Advance v4 | Effective October 1st, 2022, the Cash Advance v4 API is deprecated. This has been replaced by the release of Cash Advance v4.1. Decommission will follow. |
10/2022 | Deprecation of Hotel Service v2 | Effective October 14th, 2022, the Hotel Service v2 API is deprecated. This has been replaced by the release of Hotel Service v4. Decommission will follow. |
04/2021 | Bulk User v3.1 API | We have deprecated the Bulk User v3.1 API for the US and EMEA data centers. This API is replaced by Identity v4. Decommission will follow. Bulk User v3.1 will remain available for China data centers. |
01/2021 | List v3 API | Effective April 16, 2021, we have deprecated the List v3 API. This API is replaced by the List v4 API. List v3 is planned to be retired in a future release. |
01/2021 | List Item v3 API | Effective April 16, 2021, we have deprecated the List Item v3 API. This API is replaced by the List Item v4 API. List Item v3 is planned to be retired in a future release. Please migrate to the List Item v4 API as soon as possible. |
06/2020 | Travel Profile Notification v1 API | We are deprecating the Travel Profile Notification v1 APIs due to low usage. |
01/2020 | List v1 API | We will be retiring the List v1 API in a future release. This API is replaced by the List v4 API. |
Planned Changes
Date | API | Planned Change |
---|---|---|
10/2022 | Addition of ECDSA Encryption and Cipher Retirement | To provide ongoing security for our products, we plan to remove support for select ciphers on February 16, 2023, at 5 PM PST. For more information, please see the Planned Changes: Addition of ECDSA Encryption and Cipher Retirement in the October release notes. |
05/2022 | Filters for Identity v4 API | We will be releasing SCIM formatted search filters for the Identity v4 API based on user attributes to help refine search results. This functionality will allow users to use attributes, logical operators, and grouping operators to improve search results to their specific requirements. |
01/2022 | Account Termination Date Will be in UTC for Travel Profile v2 | The Account Termination Date will be returned in UTC. This will provide a consistent time and date reference for all users and all data centers. |
01/2022 | UUID is Returned in Success Response When New User Created via Travel Profile v2 API | Travel Profile v2 will return the user’s UUID synchronously in the success response. This will allow external systems that sync data with the API to have a unique identifier for the user’s profile immediately and use it on subsequent calls to update the user’s profile. |
10/2021 | Report Details v2 API Vulnerability Patch | We will be adding additional security to the Report Details v2 API. Current callers may receive a 401 - Unauthorized response if using an unauthorized admin OAuth token to access reports. |
09/2021 | Request v4 - Deprecation of the Request Cash Advance Endpoint | Initially planned for October 2021, Concur Request will soon deprecate the Request Cash Advance detail endpoint. Date will be communicated in future communications. |
04/2021 | Invoice Pay v4 GET Call Parameter | GET calls will have the option to use the new invoiceId parameter to retrieve payment information and the ERP Document ID associated to the invoice. The feature will be automatically available; there will be no additional configuration or activation steps. |
04/2021 | Invoice Pay v4 PATCH Endpoint | With the new PATCH, the invoice will be updated with the erpDocumentNumber value in the body whenever an invoiceId is passed as part of the API URL. The feature will be automatically available; there will be no additional configuration or activation steps. |