Many Thailand suppliers first hear the word PunchOut when a large enterprise buyer says: "Please connect your catalog to our Oracle procurement system." The buyer usually wants their users to shop from inside Oracle while the supplier continues to maintain catalog content on its own website.
Core Oracle PunchOut Fields
| Field | Why it matters |
|---|---|
Sender Credential | Identifies the buyer or procurement system |
SharedSecret | Authenticates the PunchOut setup request |
BuyerCookie | Links the procurement session to the supplier cart |
BrowserFormPost.URL | The URL where the final cart must be posted back |
PunchOutOrderMessage | The cXML document that returns cart items to Oracle |
Product Data Checklist
- Clean SKU with no duplicates
- English product name and description where required by buyer
- THB or buyer-agreed currency
- UOM such as EA, BOX, SET, or buyer-specific code
- UNSPSC code if required by buyer
- Buyer-approved product list or category restriction
Common UAT Issues
Most UAT issues are not caused by the cXML version number. They are usually caused by missing fields, wrong encoding, mismatched UOM, missing BuyerCookie, a blocked BrowserFormPost URL, or cart session loss after redirect.
Using PunchOutHub
PunchOutHub gives Thailand suppliers a PrestaShop-native path to support Oracle-compatible cXML PunchOut without rebuilding the whole e-commerce site or depending on a large middleware project.
Frequently Asked Questions
Can a Thailand supplier use PrestaShop for Oracle PunchOut?
Yes. A PrestaShop store can support Oracle-compatible cXML PunchOut when the store has an endpoint that accepts PunchOutSetupRequest and returns a valid PunchOutOrderMessage cart.
Does Oracle always use the newest cXML version?
No. Oracle environments may send legacy cXML versions while still following the expected PunchOut structure. The important part is handling the required fields correctly.
What should suppliers prepare before UAT?
Prepare product SKU, name, price, currency, UOM, UNSPSC, buyer credential, SharedSecret, HTTPS domain, and a support contact who can inspect logs during testing.