Skip to content
Permalink
Browse files

Merge pull request #2169 from concur/preview

Preview -> livesite 2019-11-08
  • Loading branch information...
jonikamelcher committed Nov 8, 2019
2 parents a8396a7 + f9a9bbc commit 0cdca75186a4d0f89b80b11f9bcdd8570a2d489a
@@ -2,6 +2,10 @@
title: SAP Concur Developer Center - Announcements
layout: reference
---
### 2019-11-08 :: November 2019 Release Notes Published

SAP Concur has published release notes for the Quick Expense v3, Budget v4, and Request APIs in the November 2019 release notes. More details can be found on the [Release Notes](https://developer.concur.com/tools-support/release-notes/index.html) page.

### 2019-10-03 :: Support for TLS v1.1 Encryption Protocol to End in First Quarter of 2020

#### Overview
@@ -446,10 +446,10 @@ https://{datacenterURI}//api/v3.0/invoice/salestaxvalidationrequest
|`InvoiceAmount`|`string`|-|The invoice amount (the cost of the purchased items).
|`InvoiceDate`|`string`|-|The date of the invoice.
|`LineItem`|`array`|[`LineItem`](#line-item)|The line items associated with the invoice.
|`OrgUnit1 through OrgUnit6`|`string`|-|The code from the OrgUnit fields. These fields may not have data, depending on the configuration.
|`OrgUnit1Value though OrgUnit6Value`|`string`|-|The value from the OrgUnit fields. These fields may not have data, depending on the configuration.
|`Custom1 through Custom24`|`string`|-|The code from the Custom fields. These fields may not have data, depending on the configuration.
|`Custom1Value through Custom24Value`|`string`|-|The value from the Custom fields. These fields may not have data, depending on the configuration.
|`OrgUnit1 through OrgUnit6`|`string`|-|**Not available for PUT.** The code from the OrgUnit fields. These fields may not have data, depending on the configuration.
|`OrgUnit1Value though OrgUnit6Value`|`string`|-|**Not available for PUT.** The value from the OrgUnit fields. These fields may not have data, depending on the configuration.
|`Custom1 through Custom24`|`string`|-|**Not available for PUT.** The code from the Custom fields. These fields may not have data, depending on the configuration.
|`Custom1Value through Custom24Value`|`string`|-|**Not available for PUT.** The value from the Custom fields. These fields may not have data, depending on the configuration.
|`PurchaseOrderNumber`|`string`|-|The purchase order number associated to the invoice.
|`RequestID`|`string`|-|The ID of the invoice.
|`ShippingAmount`|`string`|-|The shipping amount for the invoice.
@@ -499,8 +499,8 @@ https://{datacenterURI}//api/v3.0/invoice/salestaxvalidationrequest
|Name | Type | Format | Description
|-----|------|--------|------------
|`AllocationAmount`|`string`|-|The allocation amount associated with the line item.
|`Custom1 through Custom20`|`string`|-|The code from the Custom fields. These fields may not have data, depending on the configuration.
|`Custom1Value through Custom20Value`|`string`|-|The value from the Custom fields. These fields may not have data, depending on the configuration.
|`Custom1 through Custom20`|`string`|-|**Not available for PUT.** The code from the Custom fields. These fields may not have data, depending on the configuration.
|`Custom1Value through Custom20Value`|`string`|-|**Not available for PUT.** The value from the Custom fields. These fields may not have data, depending on the configuration.

### <a name="vendor"></a>Vendor

@@ -0,0 +1,172 @@
---
title: SAP Concur Developer Center - API Release Notes, November 2019
layout: reference
---

## Contents

* [Planned Changes: Budget v4 API Soon Available](#planned-budget-v4)
* [Planned Changes: Concur Request APIs v4](#planned-request-v4)
* [Planned Changes: Deprecation of Existing Concur Request APIs (v1.0, v3.0, v3.1)](#planned-request-deprecation)
* [Planned Changes: Support for TLS v1.1 Encryption Protocol to End in First Quarter of 2020](#planned-tls-retirement)
* [Planned Changes: Security Communication Protocols for Callouts](#planned-security-callouts)
* [Ongoing: Quick Expense v3 Retirement](#ongoing-quick-expense-v3)

## <a name="planned-budget-v4"></a>Planned Changes: Budget v4 API Soon Available

SAP Concur will release the Budget v4 API for partner and client use in a future release. Budget v4 provides the following features:

* **Fiscal Calendar:** This API can GET, POST, and DELETE fiscal years and periods similar to the Fiscal Calendar UI in Budget Configuration.
* **Budget Category:** This API can GET, POST, and DELETE budget categories, and GET all expense types of a budget category.
* **Budget Items:** This API can GET, POST, and DELETE budget items including details such as period amounts, budget item tracking fields (cost objects), budget viewers, managers, and approvers.
* **Budget Tracking Field:** This API can GET all budget tracking fields.
* **Budget Adjustment:** This API can POST budget adjustments.
* **Global Availability:** Budget v4 API is supported in all SAP Concur data centers.

### Business Purpose / Client Benefit

This new Budget API enables clients and partners to integrate Budget with their
ERP and HR systems to automate budget configuration and maintenance as well as
importing external transactions not captured via SAP Concur through budget
adjustments.

### Configuration / Feature Activation

The Budget v4 API will be available to SAP Concur clients who have purchased Web
Services, or partners who have contracted with SAP Concur.

## <a name="planned-request-v4"></a>Planned Changes: Concur Request APIs v4

SAP Concur will soon be releasing Concur Request v4 APIs for clients and partners. We are targeting to release v4 in December 2019.

With v4, SAP Concur has made great enhancements to the existing Request endpoints, and is now offering the ability for a client and/or a partner to interact with Concur Request to do the following:

* Get the list of existing Requests.
* Get detailed information of an existing Request.
* Create, Read, Update or Delete an existing Request.
* Move an existing Request through the approval flow with one of the following available actions: Submit, Approve, Recall, Cancel, Close, or Reopen.
* Get the list of expected expenses (including trip segments) attached to a Request.
* Create, Read, Update or Delete an expected expense for a Request.
* Get information of a travel agency office.
* Get the list of active Request policies for a given user.

### Background

SAP is continuing to invest heavily in APIs and tools to simplify end-to-end integration.

At SAP Concur, we strongly believe that an open ecosystem expands your view. An open ecosystem dynamically connects your internal systems, spend, and partner data to reveal powerful insights that empower you to run your business better.

Explore the capabilities listed in the Overview section and consider how the APIs could help you simplify some of your existing processes, such as:

* Automatically creating a Concur Travel Request for any off-site training approved via your Human Resources system
* Exposing authorization requests pending approvals onto your internal corporate portal “Manager” widget

### Permissions

In addition to the existing user-level permissions, the Concur Request v4 APIs are based on the most recent secured Authentication service and SAP Concur’s new Oauth2 framework, which manages the authorization for company-level permissions. Clients and/or partners can now use a single token/permission to interact with Request on behalf of all company users.

### Business Purpose / Client Benefit

These enhancements will provide more options and abilities for developers using SAP Concur's platform with Request.

### Configuration / Feature Activation

Depending on your product, some APIs may not be available to your company.

Clients should contact the group responsible for their web services, which may be inside their company, or a third-party developer, to inform them of the upcoming changes.

## <a name="#planned-request-deprecation"></a>Planned Changes: Deprecation of Existing Concur Request APIs (v1.0, v3.0, v3.1)

SAP Concur will be deprecating the existing Concur Request APIs (v1.0, v3.0 and v3.1) in a future release. Those APIs will be replaced by the Concur Request v4 APIs.

### Business Purpose / Client Benefit

The Concur Request APIs v1.0, v3.0 and v3.1 only support the previous authentication method, which is not best security practice and does not meet the Oauth2 standards. In addition, the previous versions of the Concur Request APIs provided limited possibilities for moving a Request through the approval workflow, as well as managing custom simple & connected list fields. These issues are resolved with the new Concur Request v4 APIs.

In addition, SAP Concur has run a backward compatibility project between the current Concur Request APIs and the new Concur Request v4 APIs (not iso-compatibility) in order to have the vast majority of use cases managed in the previous versions also be managed in the Concur Request v4 APIs.

## <a name="planned-tls-retirement"></a>Planned Changes: Support for TLS v1.1 Encryption Protocol to End in First Quarter of 2020

SAP Concur is announcing an end-of-support cycle for version 1.1 of the Transport
Layer Security (TLS) encryption protocol, while continuing support for the more
secure version 1.2 of TLS. As background, the TLS protocol allows secure back and
forth communications between a phone or computer and a cloud-based service.

This change is currently planned for the first quarter of 2020.

### Business Purpose / Client Benefit

SAP Concur is taking this step after careful consideration of our customers’ security and ease of upgrade to the newer, more secure version 1.2 of TLS. This end-of-support plan for TLS v1.1 ensures our clients are communicating with SAP Concur
solutions in a safer and more secure manner using TLS v1.2.

### What the Customer Sees

If the customer or user ensures they are using a TLS v1.2-compliant browser, there
will be no change in the way users interact with SAP Concur. If the browser is not
compliant, users may not be able to sign in to SAP Concur.

In general, the use of less-secure TLS connections can lead to exposed data,
resulting in compromised sessions across any TLS channel of communication (for
example, SAP Concur services). For this reason, SAP Concur is alerting clients now to ensure they may anticipate this change and begin assessment in order to comply with this change at their companies.

#### Affected Devices

In general, browsers using TLS to establish inbound / outbound communication
channels with SAP Concur services are affected, for example connections across:

* Users attempting to log in to SAP Concur solutions
* APIs
* Bulk upload via SFTP
* Connectors
* FTP / PGP
* SAP Integrations
* Other

The ability of a browser to comply by upgrade to TLS v1.2 will depend on the
company’s support for the specific browser, for example Microsoft (Edge), Google
(Chrome), and others.

#### Informational Banner to Display

A banner will display when a user attempts to log in using a browser that does not
support TLS v1.2 and later and thus cannot negotiate a connection. The intent is to
alert the user to this upcoming change using an informational-only message.

### Configuration / Feature Activation

Transitioning to support for TLS v1.2 and later may simply require updating security settings of your browser. In most instances, the company already has the support in place and need only identify non-compliant browsers and upgrade these user’s browsers to newer versions.

Please check with the department in your company that is responsible for browser
compliance and ensure they are aware of this upcoming change.

## <a name="planned-security-callouts"></a>Planned Changes: Security Communication Protocols for Callouts

Clients that use or plan to use SAP Concur [callouts](https://developer.concur.com/api-reference/callouts/callouts-application-connectors.html) (for example, Send Notification, Launch External URL, Fetch List, and Fetch Attendee) need to ensure they meet the SAP Concur security standards. To reduce security risk for our clients and SAP Concur, we are giving companies until the end of 2019 to make the required update for callouts. If clients have security protocols below our standard after December 31, 2019, their callouts will stop working in January 2020. To use callouts, clients need to ensure that the TLS version 1.1 or greater is used for the encryption protocols of the client’s endpoint. Also, clients using callouts need to ensure their callout host endpoint uses and prioritizes one or more ECDHE cipher suites with an equivalent key length greater than or equal to 2,048 bits, such as one of the ciphers listed below.

EXAMPLES OF CIPHERS TO USE:

* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

### Business Purpose / Client Benefit

Reduce security risk for the clients that use callouts and SAP Concur.

### Configuration / Feature Activation

Existing customers will need to update their protocols if they are not compliant with the stated security standards. New companies configuring callouts will need to ensure they use security protocols and authentication methods that meet these standards. For more information about SAP Concur callouts, refer to [Callouts and Application Connectors](https://developer.concur.com/api-reference/callouts/callouts-application-connectors.html).

## <a name="ongoing-quick-expense-v3"></a>Ongoing: Quick Expense v3 Retirement

Effective March 31, 2020, the Quick Expense v3 API will be retired. We encourage all current users to migrate to [Quick Expense v4](https://developer.concur.com/api-reference/expense/quick-expense/v4.quick-expense.html) as soon as possible. Please note that after the API is in a retired state the API will be decommissioned in a future release.

Please refer to the [deprecation policy](https://developer.concur.com/tools-support/deprecation-policy.html) for definitions and additional information.

### Business Purpose / Client Benefit

This update removes an outdated API.
@@ -10,6 +10,7 @@ layout: reference

# Developer Platform Release Notes

* [November 2019](./api/2019-11-08.html)
* [September 2019](./api/2019-09-09.html)
* [August 2019](./api/2019-08-01.html)
* [June 2019](./api/2019-06-01.html)

0 comments on commit 0cdca75

Please sign in to comment.
You can’t perform that action at this time.