Back to Website
Product Documentation Operations Portal Punchout Punchout Documentation

Punchout Documentation

1. Introduction to Punchout

Punchout is an e-procurement integration protocol that connects buyer procurement systems with supplier e-commerce catalogs. It allows users to "punch out" from their procurement application to a supplier's website, browse products, add items to a shopping cart, and then "punch in" back to their procurement system with the shopping cart data for purchase order creation and processing.

This documentation is designed to provide comprehensive information about punchout functionality to different stakeholders:

  • Sales teams: Understanding what punchout is and its business benefits to effectively communicate with customers
  • Support staff: Troubleshooting common issues and understanding the technical flow to assist customers
  • Developers: Implementing, configuring, and customizing punchout functionality

2. Punchout Concepts and Standards

2.1 What is Punchout?

Punchout is a procurement method that allows buyers to access and shop a supplier's catalog from within their procurement system. The term "punch out" describes the process of a user exiting (or "punching out" from) their company's procurement application to shop on a supplier's website and then returning (or "punching in") with their shopping cart contents.

2.2 cXML Overview

Commerce eXtensible Markup Language (cXML) is the most common protocol used for punchout integration. cXML was developed by Ariba and is now an open standard used by many e-procurement systems.

cXML defines:

  • XML message formats for communication between procurement systems and supplier websites
  • Authentication mechanisms for secure communication
  • Structured formats for transmitting product, pricing, and order information

cXML is based on XML (eXtensible Markup Language) and uses HTTP as its transport protocol. The punchout process involves exchanging several types of cXML documents:

Document TypeDescriptionDirection
PunchOutSetupRequestRequest to initiate a punchout sessionProcurement → Supplier
PunchOutSetupResponseResponse containing URL for punchout sessionSupplier → Procurement
PunchOutOrderMessageShopping cart contents being returnedSupplier → Procurement
PunchOutOrderRequestFinal purchase order informationProcurement → Supplier

2.3 Benefits of Punchout

For Buyers:

  • Access to real-time product information, pricing, and availability
  • Streamlined procurement processes with automated data transfer
  • Reduced data entry errors and improved accuracy
  • Control over procurement spending through approval workflows
  • Consolidated purchasing from multiple suppliers through a single system

For Suppliers:

  • Increased sales through simplified buyer access
  • Control over catalog presentation and content
  • Ability to show customer-specific pricing and product assortments
  • Opportunities for upselling and cross-selling
  • Integration with large enterprise customers without EDI investment

2.4 Standard Punchout Flow

The standard punchout flow consists of the following steps:

  1. Authentication and Session Creation:
    • The procurement system sends a PunchOutSetupRequest to the supplier's system
    • The request contains authentication credentials and user information
    • The supplier's system validates the credentials and creates a unique session
  2. Redirection to Supplier Website:
    • The supplier's system returns a PunchOutSetupResponse with a URL
    • The user's browser is redirected to the supplier's website
    • The user is automatically authenticated on the supplier's site
  3. Shopping Experience:
    • The user browses products and adds items to their cart on the supplier's site
    • The supplier's site may display customer-specific pricing and products
  4. Cart Transfer:
    • User clicks a "Return to Procurement System" or similar button
    • The supplier's system generates a PunchOutOrderMessage with cart details
    • Cart data is transmitted back to the procurement system via browser form POST
  5. Order Processing:
    • The procurement system creates a requisition from the cart data
    • The requisition goes through standard approval workflows
    • Upon approval, a purchase order is created and sent to the supplier

Note: The PunchOutOrderRequest step is optional in some implementations. Many procurement systems send purchase orders through other channels such as EDI, email, or API integrations.

3. Kodaris Implementation

3.1 Architecture Overview

The Kodaris Commerce platform implements punchout functionality through a modular architecture that handles all aspects of the punchout process, from initial authentication to order processing.

The implementation follows the standard cXML punchout model with additional features for address mapping, invoice generation, and customizable XML transformations.

3.2 Key Components

Controllers

The Kodaris implementation includes several controllers that handle different aspects of the punchout process:

ControllerPathDescription
PunchOutPublicController/api/user/punchOutHandles incoming punchout requests from procurement systems
CustomerPunchOutController/api/account/punchOutManages customer-facing punchout functionality
PunchOutIntegrationController/api/system/integration/punchOutAdmin-level configuration of punchout integrations

Services

The core business logic for punchout is implemented in the following services:

  • PunchOutService: Core service handling punchout protocol functions
  • PunchOutOrderService: Handles order creation and processing
  • PunchOutXMLUtils: Utilities for XML parsing and generation
  • PunchOutInvoiceXMLUtils: Utilities for generating invoice XML

Interceptors

The system includes several JavaScript interceptors that customize the punchout flow:

  • punchoutMapAddressIdToERP.js: Maps address IDs between punchout systems and ERP
  • punchoutOrderRequestInterceptor.js: Modifies incoming PunchOutOrderRequest XML
  • punchoutOrderMessageInterceptor.js: Customizes outgoing PunchOutOrderMessage XML
  • punchoutSetupRequestInterceptor.js: Processes incoming PunchOutSetupRequest XML
  • punchoutSetupResponseInterceptor.js: Customizes outgoing PunchOutSetupResponse XML
  • punchoutCartTransformer.js: Transforms cart data before transmission

Full details on these interceptors, including implementation examples, can be found in the Customization Guide.

Data Models

The system includes comprehensive DTO (Data Transfer Object) classes for handling cXML:

  • cXML DTO Classes: Represent cXML elements for request/response handling
  • Invoice Detail DTO Classes: Represent invoice-related XML elements
  • CartDto: Represents cart data for punchout transmission

3.3 Authentication Flow

The Kodaris implementation uses a secure, multi-step authentication process:

  1. The procurement system sends a PunchOutSetupRequest to the /api/user/punchOut/setup endpoint
  2. The system validates credentials using:
    • Shared secrets (passwords) stored in the system
    • Domain identity validation
    • Company integration settings
  3. Upon successful authentication, a one-time login token is generated
  4. The token is included in a redirect URL sent back to the procurement system
  5. The user is redirected to this URL and automatically authenticated in Kodaris Commerce
  6. The system creates a punchout session for the user

Security Best Practice: The shared secret should be a complex password known only to both systems. It should never be transmitted as plain text in the URL or query parameters.

3.4 Order Processing Flow

The Kodaris implementation supports both round-trip punchout (cart transfer) and order processing:

Cart Transfer Flow

  1. User adds items to cart during punchout session
  2. User clicks "Return to Procurement" or similar button
  3. System generates PunchOutOrderMessage XML from cart contents
  4. System creates HTML form that POSTs this XML to procurement system's return URL
  5. User's cart is cleared and marked with status "PunchOut Cart Transferred"
  6. Browser automatically submits the form, returning the user to the procurement system with cart data

Order Processing Flow

  1. After approval in the procurement system, a PunchOutOrderRequest is sent to /api/user/punchOut/order
  2. System authenticates the request using shared secrets
  3. System extracts order details from the XML
  4. System maps shipping/billing addresses from procurement system to ERP addresses
  5. System creates an order in Kodaris Commerce
  6. System responds with success status within 5 seconds (recommended timeout)
  7. The order is processed asynchronously to keep response time low

Note: The order processing step is often handled through alternative channels (e.g., EDI, email) instead of the cXML PunchOutOrderRequest.

4. Setup and Configuration

4.1 Prerequisites

Before setting up punchout in Kodaris Commerce, ensure you have:

  • Admin access to the Kodaris Commerce platform
  • Information from the customer's procurement system:
    • Domain identity (usually a URL or unique identifier)
    • Shared secret for authentication
    • Return URL for cart transmission
    • Order submission endpoint (if using PunchOutOrderRequest)
  • Company and user accounts set up in Kodaris Commerce

4.2 Company Setup

To set up a company for punchout integration:

  1. Log in to the Kodaris Commerce admin portal
  2. Navigate to Companies and select the target company
  3. Go to the Integrations tab
  4. Click "Add Integration" and select "PunchOut" as the integration type
  5. Enter the procurement system's domain identity
  6. Enter a shared secret (password) for authentication
  7. Configure any additional company-specific settings:
    • Default return URL
    • XML transformation settings (if needed)
    • Timeout values
  8. Save the configuration

Tip: It's recommended to use a strong, unique shared secret for each punchout integration to maintain security.

4.3 User Setup

Punchout users can be handled in two ways:

1. Auto-Provisioning

Users can be automatically created during the punchout process:

  • The PunchOutSetupRequest includes user information (email, name)
  • The system creates a user account if one doesn't exist
  • The user is associated with the company's punchout integration

2. Pre-Provisioned Users

Users can be created in advance and mapped to procurement system identities:

  1. Create user accounts in Kodaris Commerce
  2. Navigate to the user's profile in the admin portal
  3. In the Integrations section, add a PunchOut identity mapping
  4. Enter the user's identity in the procurement system
  5. Save the configuration

4.4 Punchout Settings

The Kodaris Commerce platform uses the following settings for punchout:

SettingDescriptionDefault
INTEGRATION_CODEIntegration type identifier"PUNCHOUT"
SETUP_REQUEST_SETTINGSetting key for setup request configuration"punchOutSetupRequest"
ORDER_REQUEST_SETTINGSetting key for order request configuration"punchOutOrderRequest"
TRACKING_ID_SETTINGSetting key for punchout session tracking"punchOutTrackingID"
ORDER_STATUS_CART_TRANSFERREDStatus applied to carts after transmission"PunchOut Cart Transferred"

Additional configurable settings include:

  • XML Validation: Enable/disable strict XML schema validation
  • XSLT Transformation: Apply custom transformations to XML messages
  • Logging Level: Control the detail of punchout logs
  • Session Timeout: Configure how long punchout sessions remain active

5. XML Message Formats

5.1 PunchOutSetupRequest

The PunchOutSetupRequest is sent from the procurement system to initiate a punchout session:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cXML SYSTEM "http://xml.cXML.org/schemas/cXML/1.2.014/cXML.dtd">
<cXML payloadID="[unique ID]" timestamp="YYYY-MM-DDThh:mm:ssZ">
    <Header>
        <From>
            <Credential domain="[buyer domain]">
                <Identity>[buyer identity]</Identity>
            </Credential>
        </From>
        <To>
            <Credential domain="[supplier domain]">
                <Identity>[supplier identity]</Identity>
            </Credential>
        </To>
        <Sender>
            <Credential domain="[buyer domain]">
                <Identity>[buyer identity]</Identity>
                <SharedSecret>[shared secret]</SharedSecret>
            </Credential>
            <UserAgent>[procurement system name]</UserAgent>
        </Sender>
    </Header>
    <Request deploymentMode="[production/test]">
        <PunchOutSetupRequest operation="create">
            <BuyerCookie>[buyer session ID]</BuyerCookie>
            <Extrinsic name="User">[username]</Extrinsic>
            <Extrinsic name="UniqueUsername">[unique username]</Extrinsic>
            <Extrinsic name="Department">[department]</Extrinsic>
            <BrowserFormPost>
                <URL>[return URL]</URL>
            </BrowserFormPost>
            <Contact>
                <Name xml:lang="en">[user name]</Name>
                <Email>[user email]</Email>
            </Contact>
            <SupplierSetup>
                <URL>[supplier website URL]</URL>
            </SupplierSetup>
            <ShipTo>
                <Address>
                    <Name xml:lang="en">[shipping name]</Name>
                    <PostalAddress>
                        <Street>[street address]</Street>
                        <City>[city]</City>
                        <State>[state]</State>
                        <PostalCode>[postal code]</PostalCode>
                        <Country isoCountryCode="US">United States</Country>
                    </PostalAddress>
                </Address>
            </ShipTo>
        </PunchOutSetupRequest>
    </Request>
</cXML>

Note: The PunchOutSetupRequest may also include operation="edit" with an ItemOut section if it's used to edit an existing cart.

5.2 PunchOutSetupResponse

The PunchOutSetupResponse is sent from the supplier system in response to a setup request:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cXML SYSTEM "http://xml.cXML.org/schemas/cXML/1.2.014/cXML.dtd">
<cXML payloadID="[unique ID]" timestamp="YYYY-MM-DDThh:mm:ssZ">
    <Response>
        <Status code="200" text="OK">
            <!-- Success -->
        </Status>
        <PunchOutSetupResponse>
            <StartPage>
                <URL>https://supplier.com/punchout?token=abc123</URL>
            </StartPage>
        </PunchOutSetupResponse>
    </Response>
</cXML>

Error response example:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cXML SYSTEM "http://xml.cXML.org/schemas/cXML/1.2.014/cXML.dtd">
<cXML payloadID="[unique ID]" timestamp="YYYY-MM-DDThh:mm:ssZ">
    <Response>
        <Status code="401" text="Unauthorized">
            <!-- Authentication failure -->
            Invalid credentials
        </Status>
    </Response>
</cXML>

5.3 PunchOutOrderMessage

The PunchOutOrderMessage contains cart data sent back to the procurement system:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cXML SYSTEM "http://xml.cXML.org/schemas/cXML/1.2.014/cXML.dtd">
<cXML payloadID="[unique ID]" timestamp="YYYY-MM-DDThh:mm:ssZ">
    <Header>
        <From>
            <Credential domain="[supplier domain]">
                <Identity>[supplier identity]</Identity>
            </Credential>
        </From>
        <To>
            <Credential domain="[buyer domain]">
                <Identity>[buyer identity]</Identity>
            </Credential>
        </To>
        <Sender>
            <Credential domain="[supplier domain]">
                <Identity>[supplier identity]</Identity>
                <SharedSecret>[shared secret]</SharedSecret>
            </Credential>
            <UserAgent>Kodaris Commerce</UserAgent>
        </Sender>
    </Header>
    <Message>
        <PunchOutOrderMessage>
            <BuyerCookie>[buyer session ID]</BuyerCookie>
            <PunchOutOrderMessageHeader operationAllowed="create">
                <Total>
                    <Money currency="USD">123.45</Money>
                </Total>
            </PunchOutOrderMessageHeader>
            <ItemIn quantity="2">
                <ItemID>
                    <SupplierPartID>ABC123</SupplierPartID>
                    <SupplierPartAuxiliaryID>987ZYX</SupplierPartAuxiliaryID>
                </ItemID>
                <ItemDetail>
                    <UnitPrice>
                        <Money currency="USD">45.67</Money>
                    </UnitPrice>
                    <Description xml:lang="en">Widget A</Description>
                    <UnitOfMeasure>EA</UnitOfMeasure>
                    <Classification domain="UNSPSC">12345678</Classification>
                    <ManufacturerPartID>MFG123</ManufacturerPartID>
                    <ManufacturerName>Acme Corp</ManufacturerName>
                </ItemDetail>
            </ItemIn>
            <!-- Additional items -->
        </PunchOutOrderMessage>
    </Message>
</cXML>

5.4 PunchOutOrderRequest

The PunchOutOrderRequest contains purchase order information sent to the supplier:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cXML SYSTEM "http://xml.cXML.org/schemas/cXML/1.2.014/cXML.dtd">
<cXML payloadID="[unique ID]" timestamp="YYYY-MM-DDThh:mm:ssZ">
    <Header>
        <From>
            <Credential domain="[buyer domain]">
                <Identity>[buyer identity]</Identity>
            </Credential>
        </From>
        <To>
            <Credential domain="[supplier domain]">
                <Identity>[supplier identity]</Identity>
            </Credential>
        </To>
        <Sender>
            <Credential domain="[buyer domain]">
                <Identity>[buyer identity]</Identity>
                <SharedSecret>[shared secret]</SharedSecret>
            </Credential>
            <UserAgent>[procurement system name]</UserAgent>
        </Sender>
    </Header>
    <Request deploymentMode="[production/test]">
        <OrderRequest>
            <OrderRequestHeader orderID="PO12345" orderDate="YYYY-MM-DD" type="regular">
                <Total>
                    <Money currency="USD">123.45</Money>
                </Total>
                <ShipTo>
                    <Address addressID="ShipTo123">
                        <Name xml:lang="en">[shipping name]</Name>
                        <PostalAddress>
                            <Street>[street address]</Street>
                            <City>[city]</City>
                            <State>[state]</State>
                            <PostalCode>[postal code]</PostalCode>
                            <Country isoCountryCode="US">United States</Country>
                        </PostalAddress>
                    </Address>
                </ShipTo>
                <BillTo>
                    <Address addressID="BillTo123">
                        <Name xml:lang="en">[billing name]</Name>
                        <PostalAddress>
                            <Street>[street address]</Street>
                            <City>[city]</City>
                            <State>[state]</State>
                            <PostalCode>[postal code]</PostalCode>
                            <Country isoCountryCode="US">United States</Country>
                        </PostalAddress>
                    </Address>
                </BillTo>
            </OrderRequestHeader>
            <ItemOut quantity="2" lineNumber="1">
                <ItemID>
                    <SupplierPartID>ABC123</SupplierPartID>
                </ItemID>
                <ItemDetail>
                    <UnitPrice>
                        <Money currency="USD">45.67</Money>
                    </UnitPrice>
                    <Description xml:lang="en">Widget A</Description>
                    <UnitOfMeasure>EA</UnitOfMeasure>
                </ItemDetail>
            </ItemOut>
            <!-- Additional items -->
        </OrderRequest>
    </Request>
</cXML>

6. Implementation Examples

Setting Up a New Punchout Integration

This example demonstrates how to set up a new punchout integration with a customer using Ariba:

  1. Gather Information:
    • Ariba Network ID (e.g., AN0123456789)
    • Shared secret provided by the customer
    • Return URL for cart transmission (provided by Ariba)
    • Customer's company information
  2. Configure Company Integration:
    • Navigate to Companies in the admin portal
    • Select the target company
    • Go to the Integrations tab
    • Add "PUNCHOUT" integration type
    • Set domain identity to "NetworkID" and identity value to the Ariba Network ID
    • Enter the shared secret
    • Save the configuration
  3. Test the Integration:
    • Use the built-in testing tools to generate a PunchOutSetupRequest
    • Send the request to the endpoint /api/user/punchOut/setup
    • Verify successful authentication and redirect URL generation
    • Test the complete punchout flow with cart transmission

Testing Punchout Integration

Follow these steps to test a punchout integration:

Stage 1: Synthetic Testing

  1. Use Swagger UI to send PunchOutSetupRequest to /api/user/punchOut/setup
  2. Verify successful response with redirect URL
  3. Follow the URL to access the site as a punchout user
  4. Add items to cart and click "Return to Procurement"
  5. Verify successful cart transmission and format of PunchOutOrderMessage

Stage 2: End-to-End Testing

  1. Work with customer to initiate punchout from their procurement system
  2. Verify successful authentication and redirection
  3. Add items to cart and return to procurement system
  4. Verify cart data appears correctly in procurement system
  5. Complete requisition process in procurement system
  6. Verify order is created correctly in Kodaris Commerce

7. Troubleshooting

Common Issues and Solutions

IssuePossible CausesSolutions
Authentication Failure• Incorrect shared secret
• Incorrect domain/identity values
• Company integration not configured		• Verify shared secret in company integration settings
• Confirm domain and identity values match PunchOutSetupRequest
• Check that company has active punchout integration
Redirect URL Not Working• URL formatting issues
• Token expiration
• Cross-domain cookies blocked		• Check URL encoding
• Verify token hasn't expired (default 30 minutes)
• Check browser settings for third-party cookies
Cart Transmission Failure• Incorrect return URL
• XML formatting issues
• Browser form submission blocked		• Verify return URL in PunchOutSetupRequest
• Check XML format for compliance with cXML standard
• Check for browser pop-up blockers
Order Processing Errors• Missing or invalid address mapping
• Product SKU not found
• Quantity or pricing issues		• Configure address mapping for the company
• Verify product SKUs exist in both systems
• Check quantity and pricing rules

Logging and Diagnostics

The Kodaris punchout implementation includes extensive logging:

  • XML Logs: All incoming and outgoing XML messages are logged with tracking IDs
  • Session Logs: User session activity during punchout is tracked
  • Error Logs: Authentication failures and processing errors are recorded

To access logs:

  1. Navigate to System > Logs in the admin portal
  2. Filter for "PUNCHOUT" integration type
  3. Search by tracking ID or timestamp
  4. View detailed XML messages and errors

Tip: Always reference the tracking ID when communicating with customers about punchout issues. This unique identifier helps quickly locate the relevant transaction logs..

8. Common Punchout Providers

Kodaris Commerce can integrate with the following common punchout providers:

Ariba

  • Description: SAP Ariba is one of the largest procurement networks
  • Special Considerations:
    • Uses Ariba Network IDs for identity
    • Typically requires HTTPS for all endpoints
    • May require additional parameters in PunchOutOrderMessage
  • Documentation: Ariba PunchOut Documentation

Coupa

  • Description: Popular cloud-based procurement platform
  • Special Considerations:
    • Uses Coupa Supplier Portal for configuration
    • Supports both cXML and OCI punchout
    • Has specific requirements for product attributes
  • Documentation: Coupa PunchOut Documentation

Jaggaer (formerly SciQuest)

  • Description: Procurement solution focused on higher education and healthcare
  • Special Considerations:
    • Supports both cXML and OCI protocols
    • Has specific authentication requirements
    • Handles shipping and tax differently
  • Documentation: Jaggaer PunchOut Documentation

Oracle Procurement

  • Description: Part of Oracle ERP Cloud
  • Special Considerations:
    • Supports both cXML and OCI protocols
    • Requires specific XML namespace handling
    • May require custom XSL transformations
  • Documentation: Oracle Procurement Documentation

↑ Back to Top

In this article