Configure punchout for third-party site purchases

  • Release version: Zurich
  • Updated March 12, 2026
  • 5 minutes to read

    • Set up punchout configuration to allow shoppers or employees to make third-party site purchases​.

    Before you begin

    Role required: admin or procurement administrator

    Procedure

    1. Navigate to All > ShoppingHub > Primary Data > Suppliers.
      You can also navigate to Sourcing and Purchasing Automation > Primary Data > Supplier.
    2. Ensure that the Punchout check box is selected for the designated third-party supplier.
      Punchout check box is selected for the designated third-party supplier in the Purchasing view.
      Note:
      This Punchout option is only available in the Purchasing view. For more information on adding suppliers, see Add a supplier.
    3. Navigate to All > Procurement Integrations > Catalog > Third-Party Categories.
    4. Do the following:
      • Add the required mapping records between SPO's model category and the punchout supplier's product category.
      • Add the required mapping records between SPO's predefined units and the punchout supplier's units of measure.

      For more information, see Mapping Product Categories and Units of Measure for seamless checkout in Shopping Hub

    5. Navigate to All > Procurement Integrations > Setup > Third-Party Registration.
    6. From the Supplier list, search for and select a supplier.
    7. Do either or both of the following depending on your implementation requirements.
      • Select the cXML punchout support check box and fill in the fields in the cXML punchout setup tab.
        Entering cXML settings in the cXML punchout setup tab.

        The suppliers that do not have Search API and Order API or do not want to use them can upload catalog index files containing product catalog data. The uploaded data is stored in the Third-party Catalog (sn_spend_intg_third_party_catalog) table. For more information, see Add third-party catalog data in an Excel file.

        Table 1. Catalog data and third-party cXML - connections
        Field Description
        Require catalog index file upload? Option that enables you to upload the catalog index CSV file. For more information, see Add third-party catalog data in an Excel file.
        cXML domain The domain name associated with your organization for the punchout transaction.
        cXML identity A unique identifier used to represent your organization in the punchout transaction.
        Third-party cXML - connections
        Order request URL The URL endpoint where the cXML order request is sent to the supplier.
        Punchout group The specific group for which this punchout configuration applies.
        Punchout inbound credentials The credentials that SPO uses to validate incoming cXML payloads from the supplier for Order Confirmation and Shipping Confirmation. Select a credential record of type Basic Auth.
        Important:
        Although the credential type is labelled Basic Auth in the UI, the fields carry cXML-specific values used to validate incoming supplier payloads:
        • Username: Enter the value that the supplier places in <Header><To><Credential><Identity> of its confirmation cXML payload. This must match exactly — SPO validates this value against the incoming <To> Identity.
        • Password: Enter the Shared Secret that the supplier places in <Header><Sender><Credential><SharedSecret> of its confirmation cXML payload. SPO decrypts and validates this value against the incoming payload.

        Inbound credentials are required for Order Confirmation and Shipping Confirmation flows. If the inbound credential record is missing or invalid, SPO returns a validation error when the supplier sends a confirmation payload. Configure these credentials before going live with a cXML punchout supplier that sends order or shipping confirmations.
        Punchout outbound credentials The credentials that SPO uses to authenticate when sending cXML requests to the supplier system. Select a credential record of type Basic Auth.
        Important:
        Although the credential type is labelled Basic Auth in the UI, it does not function as standard HTTP Basic Authentication for punchout. The two fields in the credential record carry cXML-specific values:
        • Username: Enter the Sender Identity that identifies your organization in the punchout transaction. This value is written verbatim into both <From><Credential><Identity> and <Sender><Credential><Identity> in the cXML payload. If left blank, an empty <Identity/> element is transmitted.
        • Password: Enter the Shared Secret provided by the supplier for authentication. This value maps to <Sender><Credential><SharedSecret> in the cXML payload.

        The cXML identity and cXML domain fields on this form identify the supplier's <To> side of the cXML transaction and are separate from the outbound credential fields described above.
        Punchout start URL The URL used to initiate the punchout session to the supplier system.
      • Select the APIs exchange check box and fill in the fields in the APIs configuration tab.

        This option is designed for punchout suppliers using the Search API, Order API, and Product Details API, enabling shoppers to search for products, place orders, and view product details seamlessly within the Shopping Hub experience.

        Table 2. Punch out suppliers
        Field Description
        Access token API The URL/API used to authenticate and obtain an access token for API requests.
        API Key/Client ID The unique identifier or key provided by the supplier to authenticate API requests.
        Order detail API The endpoint URL for retrieving detailed information about a specific product.
        Place order request API The endpoint URL for placing orders with the supplier.
        Product details API The endpoint URL for retrieving detailed information about a specific product.
        Product search API The endpoint URL for searching products within the supplier's catalog. For more information, see Configure extension point for Product search API.
        Punchout group The specific group for which this punchout configuration applies.
      Important:
      If a supplier uses the Search API for product searches and cXML for order placement, you should select both the cXML punchout support and APIs exchange check boxes and fill in the required fields in each corresponding section.
    8. Select Submit.

    What to do next

    When integrating with a punchout supplier, customers are required to provide specific URLs for Order Confirmation and Shipping Confirmation. For more information, see Providing Order and Shipping Confirmation URLs to Punchout Suppliers.