Production-grade concur data extraction tool. OAuth2 governance, every API covered (Expense, Travel, Invoice, Receipts, Admin), multi-TB receipt-image streaming, scheduled deltas, Parquet/JSON/FBDI outputs. No bespoke REST scaffolding.
Hand-built REST clients against Concur always start cheap and end expensive. Pagination, rate limits, OAuth2 quirks and receipt-image volume break them one by one.
Concur's REST API v3 and v4 are not difficult to call — but they are difficult to call correctly at scale. Each domain (Expense, Receipts, Travel, Invoice, Corporate Cards) has its own pagination pattern, its own rate-limit behavior, its own OAuth2 scope requirement, and its own quirks left over from the pre-SAP acquisition era when Concur was independent. A custom script written for Expense Reports breaks on Receipts. The Receipts script breaks again on Corporate Card transactions. The Corporate Card script falls over on 429 back-off the first time the API throttles.
Syntra ETL's concur data extraction tool ships pre-built support for every production endpoint, every pagination pattern and every documented quirk — plus the undocumented ones we've discovered across dozens of customer deployments. Backed by an SLA. Customers typically pay back the tool in week-three savings versus equivalent custom development, and the ongoing maintenance burden (chasing API deprecations, updating OAuth2 client patterns, handling new endpoints) disappears entirely.
Whether you need a one-shot bulk extract for Fusion migration, a scheduled nightly delta feeding your data warehouse, or a multi-TB receipt-image archive pull for IRS Pub 463 compliance — the same tool covers every case with the same governance model.
Every production endpoint, every payload type, every quirk handled.
Reports, entries, itemizations, allocations, attendees, approvals, cash advances, mileage logs — full pagination handled, modified-since watermark for delta extraction.
Receipt images (JPG/PNG/PDF) plus OCR-extracted metadata. Parallel stream with checkpoint-resume; multi-TB archives completed in 8–24 hours typical.
Itineraries, segments (air/hotel/car/rail), online booking tool history, unused tickets, agency-fee bookings — preserved as analytical archive.
AP invoice headers, line items, vendor master, payment requests, three-way match history. Routed to Fusion Payables FBDI or downstream warehouse.
T-feed transactions from Amex/Visa/Mastercard plus regional issuers, card-program/BIN/MCC context preserved, posting-date and transaction-date both captured.
Custom Fields catalog, Audit Service rules, Workflow definitions, Policy Configuration, Cognos report metadata — feeds the migration discovery loop without manual export.
From OAuth2 provisioning to first scheduled delta run, typically completes in 2–4 days.
Concur tenant admin provisions a company-level OAuth2 client with read-only scope on the domains in your extraction plan (Expense, Receipts, Travel, Invoice, etc.). Client credentials are stored in your cloud KMS — Syntra never holds them in plaintext.
Extractor runtime deployed to your cloud environment (containerized, runs on Kubernetes, ECS, Cloud Run or bare VM). Output destination configured: S3/GCS/Azure Blob for files, plus optional Fusion FBDI/HDL drop targets.
Per-domain extraction scope configured (which fiscal years, which business units, which Custom Fields). Schedule defined: one-shot bulk, nightly delta, weekly full snapshot, or any cron schedule. Output format per domain set: Parquet/JSON/FBDI/raw image.
Initial full-snapshot extract runs across all configured domains in parallel. For multi-TB receipt-image archives, throttled to off-peak windows. Signed manifest produced with counts, sums and hashes per partition for downstream reconciliation.
Scheduled delta runs execute on cron, capturing modified-since records since the last watermark. Run logs feed your SOC 2 audit trail. Failures surface as alerts via email, Slack, PagerDuty or webhook — no silent drift.
The details that matter when the tool has to run unattended for years.
Every extract is idempotent — re-running the same scope produces byte-identical output. Failed runs resume from the last checkpoint rather than starting over.
Respects Concur's per-tenant REST API rate limits (default 25 req/sec, configurable lower). Automatic 429 back-off with exponential retry. Never throttles live user submissions.
Every run produces a signed JSON manifest with record counts, sum totals, hash signatures, and source-modified timestamps per partition — ready for downstream reconciliation.
OAuth2 credentials encrypted at rest in cloud KMS. Receipt images and Parquet output encrypted at rest with KMS-managed keys. TLS 1.3 in transit.
Prometheus metrics exposed for extraction throughput, error rates, API latencies, queue depth. Grafana dashboards shipped. Plug into your existing observability stack.
Every OAuth2 token issuance, every API call, every output write logged with user, timestamp, scope and result. Audit logs ship to SIEM via standard syslog or CloudTrail integration.
A concur data extraction tool is a piece of software that authenticates to a Concur tenant, calls the REST APIs (Expense, Travel, Invoice, Receipts plus the Admin APIs for Custom Fields, Audit Rules and Workflow definitions) and streams the resulting data — JSON for structured records, binary for receipt images — to a destination of your choice. Syntra ETL's extractor authenticates via OAuth2 with scoped client credentials, paginates through every endpoint, respects rate limits (typically 25 req/sec per tenant), handles 429 back-off transparently, captures modified-since watermarks for delta runs and hash-signs every output for downstream reconciliation. Output formats include Parquet for analytics, JSON Lines for downstream ETL, and FBDI/HDL for direct Oracle Fusion loading.
Custom REST clients always start cheap and end expensive. Concur's REST API v3 and v4 have evolving schemas, deprecated endpoints, undocumented rate-limit behaviors, OAuth2 quirks specific to the SAP-acquired tenant model, and a long tail of pagination patterns that vary by domain. A custom script that works for Expense Reports falls over on Receipts (different pagination), then breaks again on Corporate Card Transactions (different auth scope). Syntra ETL's concur data extraction tool ships pre-built support for every endpoint, every pagination pattern, every quirk — backed by an SLA. Customers typically pay for the tool in week-three savings versus a hand-built equivalent.
All of them in production use: Expense API v3 and v4 (reports, entries, allocations, attendees, approvals, cash advances, mileage), Receipts API (image upload/retrieval), Travel API (itineraries, segments, online booking tool history, unused tickets), Invoice API (headers, lines, vendors, payments), Corporate Card transactions, Audit Service rules, Workflow definitions, Custom Fields catalog, Policy Configuration, Cognos report metadata, plus the older List API and Group API where modern equivalents don't exist. New API endpoints get folded in via quarterly extractor releases tracking SAP Concur's own roadmap, so you never have to chase a deprecation announcement on your own.
Concur uses OAuth2 with client_credentials grant for company-level integration access. Syntra ETL ships a vetted OAuth client pattern: scoped client credentials provisioned with read-only access to the domains you actually need, automatic token rotation before expiry, encrypted credential storage in cloud KMS, SOC 2-compliant audit logging of every token issuance and API call. No admin password is ever stored, no service-account shortcuts are used, and the OAuth scope can be reduced post-deployment without re-installing anything. Customers in regulated sectors (financial services, healthcare, government) routinely pass internal security review on the first attempt.
Yes. The extractor includes a built-in scheduler with cron syntax and supports modified-since delta extraction on every domain that exposes a watermark field (expense reports, receipts, corporate-card transactions, itineraries). Common schedules: nightly delta extract feeding a downstream data warehouse, weekly full-snapshot extract for backup, monthly receipt-image archive batch for IRS Pub 463 compliance. Each scheduled run produces a signed manifest (counts, sums, hashes per partition) plus a run log captured for SOC 2 audit. Failures surface as alerts through email, Slack, PagerDuty or webhook — no silent drift.
Three primary formats: Parquet (columnar, partitioned by fiscal year and business unit, ideal for downstream analytics in Athena/BigQuery/Snowflake/Spark), JSON Lines (newline-delimited JSON preserving the full Concur API response shape, ideal for streaming pipelines or downstream ETL), and Fusion-native loaders (FBDI ZIPs for Expense Reports and Payables, HDL bundles for any HCM context, REST API payloads for incremental delta loads). Receipt images stream as their original binary (JPG/PNG/PDF) into cloud object storage with a hash-signed sidecar JSON capturing receipt-id, OCR metadata and source-modified timestamp. Custom output formats are configurable per domain.
Receipt images are streamed in parallel using a configurable connection pool (default 25, matching Concur's typical rate limit). The extractor checkpoints progress per image so a failed run resumes from the last successful image rather than starting over. Images are written directly to cloud object storage (S3, GCS, Azure Blob) with KMS-managed encryption at rest and hash signatures stored alongside. For multi-TB archives, the extract is partitioned across multiple parallel workers and typically completes in 8–24 hours depending on volume and Concur's tenant-specific rate limit. Throughput in production: roughly 200K–800K images per hour per worker pod.
Yes. The extractor authenticates with read-only OAuth2 scope, so no write operations ever touch the tenant. API calls are rate-limited to respect Concur's per-tenant limits (default 25 req/sec, configurable lower) so live user submissions are never throttled. Heavy extracts (receipt images, multi-year historical pulls) are scheduled for off-peak windows. No Concur admin downtime is needed, no tenant configuration changes are required, and the extractor leaves no trace beyond the API request log Concur captures by default. Customers routinely run scheduled nightly extracts against live production tenants for years without a single user complaint.
30-minute discovery call. We'll scope your Concur modules, receipt-image volume, OAuth2 setup and downstream destination — and have a working extract running on your tenant within a week.