Documentation

Technical reference for integrating enterprise PunchOut cXML workflows with WooCommerce.

Overview

Punchr is a production-ready PunchOut cXML bridge for WooCommerce, designed to connect B2B e-commerce catalogs with enterprise procurement platforms.

It enables buyers to access a WooCommerce catalog directly from their procurement system (Ariba-style PunchOut), shop within a controlled session, and return structured order data back to the procurement platform.

This documentation provides an architectural and functional overview of Punchr and is intended for developers, system integrators, and IT teams responsible for procurement integrations.

Intended Audience

This documentation is intended for:

  • B2B e-commerce teams using WooCommerce
  • Procurement and sourcing IT teams
  • System integrators and technical agencies
  • Enterprise architects and compliance stakeholders

A basic understanding of WooCommerce, HTTP APIs, and PunchOut concepts is recommended.

Prerequisites

Before integrating Punchr, ensure the following requirements are met:

  • WordPress 6.x or later
  • WooCommerce 8.x or later
  • PHP 8.1 or later
  • HTTPS enabled
  • Ability to configure outbound HTTPS requests
  • Familiarity with PunchOut and cXML-based procurement workflows

Architecture Overview

Punchr operates entirely within the merchant’s WordPress and WooCommerce environment.

It acts as a controlled PunchOut bridge that:

  • Receives PunchOutSetupRequests from procurement platforms
  • Establishes a temporary PunchOut shopping session
  • Enforces PunchOut-specific rules inside WooCommerce
  • Returns cart data as a structured PunchOutOrderMessage
On-premise by design. Punchr does not proxy traffic, store data externally, or rely on third-party middleware. All processing occurs within the WooCommerce installation, ensuring data ownership, transparency, and compliance.

Supported PunchOut Flow

Punchr implements a standard PunchOut cXML flow compatible with Ariba-style procurement systems.

The supported flow is as follows:

  1. A procurement system sends a PunchOutSetupRequest (cXML) to Punchr
  2. Punchr authenticates the request and creates a PunchOut session
  3. The buyer is redirected to the WooCommerce catalog in PunchOut mode
  4. Products are added to the cart with PunchOut restrictions applied
  5. The buyer returns the cart to the procurement system
  6. Punchr sends a PunchOutOrderMessage (cXML) to the procurement return URL

No WooCommerce order is finalized during this flow unless explicitly configured.

API Endpoints Overview

Punchr exposes a minimal and predictable REST API surface:

POST /wp-json/punchr/v1/setup
Receives PunchOutSetupRequest (cXML) and returns a StartPage URL.

GET /wp-json/punchr/v1/start
Initializes the PunchOut shopping session and redirects the buyer to the catalog.

GET /wp-json/punchr/v1/return
Returns the PunchOut cart to the procurement platform as a PunchOutOrderMessage.

Endpoint behavior is deterministic and designed for enterprise integration scenarios.

PunchOut Session Behavior

During a PunchOut session, Punchr enforces a controlled shopping experience:

  • Checkout and payment flows are disabled
  • Orders are not finalized inside WooCommerce
  • Session expiration is strictly enforced
  • Buyer actions are limited to catalog navigation and cart building

This ensures alignment with procurement platform expectations and avoids unintended order creation.

Logging & Diagnostics

Punchr provides structured technical logs for all critical events, including:

  • PunchOut setup requests and responses
  • Session lifecycle events
  • Cart return attempts
  • Outbound HTTP responses and status codes
  • Security-related rejections

Logs are stored locally in dedicated database tables.

Data minimization. Payload contents are not stored by default, supporting compliance and reducing risk. Logs are designed to support audits, troubleshooting, and production monitoring.

Punchr Lite vs Punchr Pro

Punchr Lite is provided for evaluation and basic testing purposes.

Punchr Pro is designed for production and enterprise environments and includes:

  • Support for multiple buyers
  • Buyer-specific credentials and rules
  • Advanced catalog and pricing controls
  • Extended diagnostics and logging
  • Hardened security and rate limiting
  • Priority, engineer-level support
Recommendation. For production use cases, Punchr Pro is strongly recommended.

Compliance & Data Ownership

Punchr is designed with enterprise compliance expectations in mind:

  • No external data processing
  • No telemetry sent outside the WordPress environment
  • Clear separation of technical logs and business data
  • Full control over retention and access policies

All PunchOut data remains under the control of the merchant.

Support & Contact

For enterprise integrations, onboarding discussions, or production readiness questions, please contact the Punchr team.

Contact Sales →

Propulsé par
Les cookies nécessaires activent des fonctionnalités essentielles du site comme les connexions sécurisées et les ajustements des préférences de consentement. Ils ne stockent pas de données personnelles.
Aucun
Les cookies fonctionnels supportent des fonctionnalités comme le partage de contenu sur les réseaux sociaux, la collecte de retours, et l’activation d’outils tiers.
Aucun
Les cookies analytiques suivent les interactions des visiteurs, fournissant des informations sur des métriques telles que le nombre de visiteurs, le taux de rebond et les sources de trafic.
Aucun
Les cookies publicitaires diffusent des annonces personnalisées basées sur vos visites précédentes et analysent l'efficacité des campagnes publicitaires.
Aucun
Propulsé par
Retour en haut