The first step to a successful Punchout Catalog is the cXML Setup Request. The cXML Setup Request establishes the Punchout session and essentially logs the user into the Punchout Catalog. A request (see below) is sent by the eProcurement system to the Punchout Catalog as detailed below. The Punchout Catalog validates the credentials to ensure the user is authorized to access the catalog. If the users credentials are valid, the user is allowed to continue into the Punchout Catalog.

There are two key components to a cXML Setup Request, the header and the request itself. The header consists of the credentials from the eProcurement system which uniquely identify the customer in the eProcurement system. The From identity is generally setup as the customers name. If your customer is Caterpillar, the from identity might be “caterpillar-T” (the “-T” generally identifies test credentials). Alternatively eProcurement systems can use the DUNS number to identify the buyer, this simply depends on the customer and eProcurement configuration. The To Identity is your DUNS number or unique identifier for your organization (tiresupplier-T). The sender identity can be the same as the From Identity or very often is the eProcurement Platform, again it varies for each system.

The Shared Secret is essentially the common passphrase that used to authenticate the buyer, essentially a password that controls access. All users will generally use the same shared secret for all Punchout sessions.

The request indicates what type of transaction is being sent. For the Setup Request the operation is create. This indicates the session is a new operation, not a modification (edit) or a view (inspect) of a previous session. As part of the request individual user information is sent over such as the users name, unique user name and email address. The request can also contain other extrinsics such as department or business unit.


<?xml version="1.0" encoding="UTF-8"?>
<cXML payloadID="1211221788.71299@customer-eprocurement-system
  timestamp="2015-06-12T08:30:00" xml:lang="en-US">
      <Credential domain="NetworkID">
      <Credential domain="NetworkID">
      <Credential domain="NetworkID">
      <UserAgent>eProcurement-System 1.0</UserAgent>
    <PunchOutSetupRequest operation="create">
      <Extrinsic name="FirstName">John</Extrinsic>
      <Extrinsic name="LastName">Smith</Extrinsic>
      <Extrinsic name="UniqueName">john</Extrinsic>
      <Extrinsic name="UserEmail">[email protected]</Extrinsic>
      <Extrinsic name="User">john</Extrinsic>
      <Extrinsic name="BusinessUnit">Buyer Department</Extrinsic>
      <Contact role="endUser">
        <Name xml:lang="en-US">john</Name>
        <Email>[email protected]</Email>