PrestaShop 9 + Oracle Fusion iProcurement

How Oracle Fusion iProcurement Uses PunchOut

When a buyer inside Oracle Fusion wants to purchase from an approved supplier, they click a "Shop" link inside iProcurement. This triggers a PunchOutSetupRequest — a signed XML message containing the buyer's identity, their BuyerCookie, and the supplier's SharedSecret credential.

The supplier's system validates the request, creates a session, and returns a PunchOutSetupResponse with a one-time URL. The buyer is redirected to that URL and lands directly inside the supplier's store — with their negotiated pricing and approved catalog already loaded.

When the buyer is done shopping, they click "Checkout" or "Return to iProcurement". Instead of placing an order, the cart is serialized into a cXML PunchOutOrderMessage and posted back to Oracle. The buyer's procurement workflow — approval routing, budget checks, PO creation — continues entirely inside Oracle.

What Oracle Requires from the Supplier

Oracle Fusion iProcurement mandates:

• cXML 1.2 compliance — strict adherence to the open standard
• SharedSecret HMAC authentication (SHA-256) — per-buyer credentials
• HTTPS endpoint — TLS 1.2+ with a CA-signed certificate
• BuyerCookie echo — the same cookie returned in PunchOutOrderMessage
• Response time under 10 seconds — for session creation

Non-compliance causes the session to fail silently inside Oracle — a frustrating experience that often delays supplier onboarding by weeks.

Setting Up the Oracle Fusion Connection in PunchOutHub

In the PunchOutHub Buyers dashboard, create a new buyer and select Oracle Fusion iProcurement as the platform. Enter the NetworkID provided by your Oracle contact (typically in the format networkid:AN01234567890) and your agreed SharedSecret.

PunchOutHub generates the endpoint URL automatically:

https://yourstore.com/module/punchouthub/punchout

Give this URL to your Oracle procurement contact. They configure it in:

iProcurement → Procurement → Manage Stores → Add Store URL

Sample PunchOutSetupRequest

This is the request your endpoint will receive when an Oracle buyer clicks your store link:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cXML SYSTEM "http://xml.cxml.org/schemas/cXML/1.2.014/cXML.dtd">
<cXML payloadID="12345@buyer.com" timestamp="2026-05-05T00:00:00+00:00">
  <Header>
    <From>
      <Credential domain="NetworkID">
        <Identity>buyer_id</Identity>
      </Credential>
    </From>
    <To>
      <Credential domain="NetworkID">
        <Identity>supplier_id</Identity>
      </Credential>
    </To>
    <Sender>
      <Credential domain="NetworkID">
        <Identity>buyer_id</Identity>
        <SharedSecret>your_shared_secret</SharedSecret>
      </Credential>
    </Sender>
  </Header>
  <Request>
    <PunchOutSetupRequest operation="create">
      <BuyerCookie>test_cookie_001</BuyerCookie>
      <Extrinsic name="UserEmail">buyer@company.com</Extrinsic>
      <BrowserFormPost>
        <URL>https://buyer.erp.com/return</URL>
      </BrowserFormPost>
    </PunchOutSetupRequest>
  </Request>
</cXML>

A successful response from PunchOutHub returns HTTP 200 with a PunchOutSetupResponse containing a StartPage URL — the buyer's session entry point.

Production Reference

A Thailand-based enterprise supplier uses this exact flow with Oracle Fusion iProcurement. Their buyers punch out, browse 1,000+ storage products with real-time pricing, and return structured order messages — all without any manual intervention on the supplier side.

Setup time was quickly, and there have been zero technical incidents since go-live.

Common Oracle Fusion PunchOut Errors

What Oracle Fusion Returns After Approval

Once the buyer's procurement workflow approves the requisition, Oracle generates a purchase order and transmits it back to your store via the configured PO receiver endpoint. PunchOutHub's Order Receiver (Business tier and up) accepts inbound cXML OrderRequest messages and creates orders in PrestaShop automatically.