ml-connector
Oracle NetSuiteSAP Concur

Oracle NetSuite and SAP Concur integration

Oracle NetSuite runs your general ledger and vendor master. SAP Concur runs your travel and expense program. Connecting the two keeps your GL accurate when employees submit expense reports and vendors submit invoices through Concur. Approved expense reports and payment requests flow into NetSuite and post to the correct GL accounts and cost centers, eliminating manual re-keying during month-end close. ml-connector handles the different auth models, multi-datacenter routing, and moving only validated transactions that match vendors and accounts already in NetSuite.

How Oracle NetSuite works

Oracle NetSuite exposes vendors, invoices, purchase orders, general ledger accounts, departments, locations, and employees through REST SuiteTalk Web Services. It authenticates with OAuth 2.0 Client Credentials (certificate-based, recommended) or Token-Based Authentication (legacy). OAuth tokens valid 60 minutes with no refresh token in the M2M flow. NetSuite supports Event Subscriptions for webhook push on supported record types like Sales Orders and Invoices, but webhooks carry no HMAC signature, so you must use IP allowlist or a shared secret in the URL. For bulk or historical reads, queries use SuiteQL. Scopes are governed by the role assigned to the integration, not named OAuth scopes.

How SAP Concur works

SAP Concur exposes vendors, invoices (payment requests), purchase orders, expense reports, and financial integration documents through REST APIs across multiple datacenters (US, EMEA, China). It authenticates with OAuth 2.0 password grant using company ID, client credentials, and a 24-hour bootstrap token. Access tokens are valid 1 hour with a 6-month refresh token. SAP Concur routes all subsequent calls through the correct data center based on geolocation from the initial token response, not a hardcoded URL. It offers the Event Subscription Service for webhooks on expenses, invoices, and travel requests with at-least-once delivery and mutual TLS (certificate CN webhook.api.concursolutions.com). Each app is limited to 5 active webhook subscriptions. Vendors, invoices, and purchase requests are all accessible, but Purchase Orders cannot be deleted and Purchase Requests v4 do not support PATCH or DELETE.

What moves between them

Expense reports and invoices (payment requests) flow from SAP Concur into Oracle NetSuite. After approval in SAP Concur, ml-connector reads the financial integration documents (expense, invoice, cashadvance, payroll types), validates that the vendor and GL account exist in NetSuite, and posts the amount to the matching GL account. The sync happens on a scheduled cadence rather than real-time, so batches of approved expenses are posted together during off-peak hours to avoid API rate limits. Vendors and departments are validated against NetSuite master data, so only transactions for existing vendors and cost centers post successfully.

How ml-connector handles it

ml-connector handles OAuth token lifecycle for both systems: NetSuite tokens (60-minute lifetime) are cached and re-acquired before expiry, while SAP Concur access tokens (1-hour lifetime) use the stored refresh token to extend the session. When SAP Concur returns a geolocation header in the token response, ml-connector stores that data center URL and routes all subsequent API calls through the correct endpoint (US, EMEA, or China). On the NetSuite side, ml-connector validates the OAuth certificate is current and uses the assigned role scopes for the integration app. When reading expense reports and invoices from SAP Concur, ml-connector checks that the vendor and cost center already exist in NetSuite before attempting to post; if validation fails, the record is skipped with an audit note. SAP Concur webhooks use mutual TLS with certificate pinning (issuer SAP SE, CN webhook.api.concursolutions.com), and ml-connector presents the certificate on each inbound webhook call. Both systems implement exponential backoff on rate-limit responses (HTTP 429), so ml-connector respects Retry-After headers and pauses the queue before retrying. Every transaction posted carries a full audit record linking the SAP Concur expense ID to the NetSuite GL posting ID.

A real-world example

A mid-sized professional services firm runs Oracle NetSuite for accounting and vendor management, and uses SAP Concur for employee travel and expense submissions. Before the integration, the finance team collected approved expense reports from SAP Concur each week, manually verified the vendors and accounts, and entered the amounts into NetSuite using journal entries. Month-end close required reconciling the two systems and resolving mismatches when an expense was approved in Concur but not yet posted in NetSuite. With SAP Concur and Oracle NetSuite connected, approved expense reports flow automatically into NetSuite each day, validated against vendors and cost centers already in the system. The finance team no longer re-enters expense totals, and reconciliation at month-end close is immediate because both systems are in agreement.

What you can do

  • Post approved expense reports and invoices from SAP Concur into Oracle NetSuite's general ledger, allocated to the correct GL accounts and cost centers.
  • Validate expense vendors and cost centers against NetSuite master data before posting, skipping any transactions that fail validation.
  • Manage OAuth token lifecycle for both systems, including NetSuite 60-minute tokens and SAP Concur 1-hour access tokens with 6-month refresh.
  • Route SAP Concur API calls to the correct data center (US, EMEA, or China) based on geolocation from the token response.
  • Authenticate NetSuite with OAuth 2.0 Client Credentials and SAP Concur with password grant, presenting certificates and mutual TLS where required.

Questions

Which direction does data move between Oracle NetSuite and SAP Concur?
The main flow is from SAP Concur into Oracle NetSuite. Approved expense reports and invoices (payment requests) move from SAP Concur into NetSuite, where they are posted as transactions to the general ledger. Vendor and department master data are validated in both directions, but financial transactions post only from SAP Concur to NetSuite because NetSuite is the source of truth for the general ledger.
How does ml-connector handle SAP Concur's multi-datacenter setup?
When ml-connector exchanges the bootstrap token for an access token, SAP Concur returns a geolocation header indicating the correct data center (US, EMEA, or China). ml-connector stores that URL and routes all subsequent API calls through that endpoint. This ensures consistent behavior regardless of where your SAP Concur instance is hosted and prevents 401 errors from hitting the wrong region.
What happens if a vendor or GL account in the SAP Concur expense does not exist in NetSuite?
ml-connector validates the vendor and cost center against NetSuite master data before posting. If the vendor or account is missing in NetSuite, ml-connector skips the transaction and records the validation failure in the audit log. The transaction can be retried later once the missing vendor or account is added to NetSuite.

Related integrations

More Oracle NetSuite integrations

Oracle NetSuite and Adobe CommerceOracle NetSuite and ADPOracle NetSuite and AdyenOracle NetSuite and AirbaseOracle NetSuite and Amazon Seller CentralOracle NetSuite and AnaplanOracle NetSuite and SAP AribaOracle NetSuite and AsanaOracle NetSuite and AvalaraOracle NetSuite and AvidXchangeOracle NetSuite and BambooHROracle NetSuite and Basware

Other systems that connect to SAP Concur

Acumatica and SAP ConcurDATEV and SAP ConcurDeltek and SAP ConcurMicrosoft Dynamics 365 Business Central and SAP ConcurMicrosoft Dynamics 365 F&O and SAP ConcurMicrosoft Dynamics GP and SAP ConcurMicrosoft Dynamics NAV and SAP ConcurEpicor Kinetic and SAP ConcurExact Online and SAP ConcurFreshBooks and SAP ConcurIFS Cloud and SAP ConcurInfor CloudSuite and SAP Concur

Connect Oracle NetSuite and SAP Concur

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started