In simple terms, a punchout solution lets your client log in to your webshop from a thirdparty solution, place products in the shopping cart, and then transfer the contents of the cart back to their solution.
Later on somebody makes a purchase order out of the transferred products and an electronic order is imported to your shop.

We support several different implementations; the most popular being based on OCI (Open Catalog Interface) and cXML.

OCI
https://www.YOURSITE.com/ocilogin.ashx - requires username, password, hook_url
Usernames/passwords are standard logins that you have created for your users in the webshop, 
while hook_url should automatically be filled in by the client purchasing solution when everything is set up correctly.
The oci login handler works with both GET and POST, so for testing you may create a simple URL with valid username and password and a fake hook_url just to test the login (the cart will be sent nowhere, in that case).
Like this: https://www.YOURSITE.com/ocilogin.ashx?username=TESTUSER&password=123&hook_url=fakeURL
We don't recommend putting the password in cleartext in the URL in production.

We do support customizations. In such cases the URL will most likely change to something like https://www.YOURSITE.com/ocilogin.ashx/ENDCUSTOMER . 
Typical customizations are for instance to include or exclude sales tax or return additional values from the shopping cart, such as freight.

The returned shopping cart

<Root>

<input type="hidden" name="NEW_ITEM-DESCRIPTION[1]" value="CANON PowerShot SX430"/>
<input type="hidden" name="NEW_ITEM-MATGROUP[1]" value="45121504"/>
<input type="hidden" name="NEW_ITEM-QUANTITY[1]" value="1"/>
<input type="hidden" name="NEW_ITEM-UNIT[1]" value="EA"/>
<input type="hidden" name="NEW_ITEM-PRICE[1]" value="1393.00"/>
<input type="hidden" name="NEW_ITEM-CURRENCY[1]" value="DKK"/>
<input type="hidden" name="NEW_ITEM-VENDOR[1]" value=""/>
<input type="hidden" name="NEW_ITEM-VENDORMAT[1]" value="1790C002AA"/>
<input type="hidden" name="NEW_ITEM-CUST_FIELD1[1]" value="45121504"/>
<input type="hidden" name="NEW_ITEM-CUST_FIELD2[1]" value="25.00"/>
<input type="hidden" name="NEW_ITEM-CUST_FIELD3[1]" value="348.25"/>
<input type="hidden" name="NEW_ITEM-LEADTIME[1]" value="9"/>

</Root>



cXML
https://www.YOURSITE.com/oracleprocurementcxml.ashx - requires xml with login info, including a shared secret.
In order to find out which customer is being logged in, we use the following:
If there's an email in Request/PunchOutSetupRequest/Contact/Email we assume this is the user email
If it's missing or no match, we use the Identity from Header/Sender/Credentials/Identity and look for email address <Identity>@oracle-wmx.com (for instance 12345@oracle-wmx.com)

Orders

xCBL 3.5/4.0
We will give you the exact URL, but it will be similar to this: https://secure.webmercs.com/ibxwebservice/YOURSITE/ibxorder.ashx (It requires a valid order to be POSTed.)
We use SOAP for xCBL.

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding">
  <SOAP-ENV:Header>
    <nseps:endpoints xmlns:nseps="urn:schemas-IBX:/docs/endpoint.nsendpoint" SOAP-ENV:mustUnderstand="true">
      <nseps:to>
        <nseps:address></nseps:address>
      </nseps:to>
      <nseps:from>
        <nseps:address>TPID</nseps:address>
      </nseps:from>
    </nseps:endpoints>

In your solution, you create a user email in the following format (added to the correct customer, of course): TPID@ibx-wmx.com
You can set the TPID to anything you like. Orders from purchasing portals (where this solution is used today) normally use a GUID value, like 12bcd1dc-33e1-9000-a2ab-b1a873450102
(which would result in a user email = 12bcd1dc-33e1-9000-a2ab-b1a873450102@ibx-wmx.com), but you can use anything you want.

The email address is fake and not used for anything - except internally by us to place the order on the correct customer. It doesn't need a password, and it should never be shared with anybody.

Keep in mind:
1) The TPID must match a user email in your system
2) The billing/shipping addresses must be valid
3) The products must exist in the solution

Value from OrderHeader/OrderParty/BuyerParty/Party/ListOfIdentifier/Identifier/Ident may be used in some cases.

cXML

https://secure.webmercs.com/cxmlservice/YOURSITE/cxmlorder.ashx

We place the order on the user given here:
cXML/Request/OrderRequest/OrderRequestHeader/Contact@role='Purchaser'/Email
Or we look for <Identity>@oracle-wmx.com as explained above.

Not punchout but "Catalog"?

We support that as well, including Tradeshift/IBX, EHF, OIOUBL, etc. In that case the customer doesn't go to your site, but receives a product catalog that he imports into his own solution. Sometimes the customer will approve every import, while other times there's automatic upload.
We need to know the format, filename, where it should be uploaded to / credentials, whether it is automatic upload or not, and maybe some other things. The catalog can also be customized.

Browser not supported