Skip to main content

Configure cXML punchout

This howto describes how to connect your cXML compliant eprocurement solution to Storefront.

Prerequisites

  • A cXML-compliant eprocurement solution
  • Basic knowledge of punchout in general and cXML in particular, including PunchOutSetupRequest/Response etc.

Step 1: Gather information

  • Go to Administration->Tenants and pick the tenant you want to connect via cXML
  • Scroll to "Punchout"
  • Copy the "cXML Punchout URL" and write it down as CXML_PUNCHOUT_URL. It looks like https://<customer>.meplato.live/cxml.

Step 2: Create a new client for cXML punchout

  • Go to Administration->Clients and click "New client"
  • Enter a description of the purpose of the new client, e.g. "cXML Punchout to Coupa (Production)". It will help you remember which client is being used for what.
  • Enter the redirect URL. It is being used as an additional security layer so that malicious users cannot use the client even if they somehow retrieved the client credentials.
  • DO NOT attach the client to a specific user.
  • Click "Create"
  • Select the newly created client.
  • Write down the "OAuth Client ID" as OAUTH_CLIENT_ID.

Step 3: Configure your cXML-compliant eprocurement system

The cXML-compliant punchout must go to the following URL (replace the placeholders with the values written down above):

  • HTTP Method must be POST
  • Punchout URL is <CXML_PUNCHOUT_URL>, e.g. https://demo.storefront.live/cxml
  • The Content-Type header must be application/x-www-form-urlencoded
  • The body must be HTTP POST Form URL encoded.
  • Your cXML-compliant eprocurement solution will send a base64 encoded XML document in the body. The supported parameters are cxml-base64 (preferred) and cxml-urlencoded (see below for an example)
  • Make sure that your cXML system sends the <OAUTH_CLIENT_ID> in cXML PunchOutSetupRequest->Header->Sender->Credential->Shared Secret
  • Make sure the cXML PunchOutSetupRequest (POSR) passes the caller's email address in an extrinsic value named UserEmail, Email, or email.
  • (optional) Send the external ID of the view to associate with the request in an extrinsic value named View or view. If you don't specify this value, the user's (or tenant's) default view is being used.
  • (optional) Send the user's locale in an extrinsic value named Locale, locale, Language, or language. If you don't specify this value, the user's (or tenant's) default locale is being used.
  • If everything goes right, Storefront will return a PunchOutSetupResponse that includes a StartPage->URL->Value that your cXML system will redirect to.