PunchOut OCI - Getting Started
This guide helps you set up and validate an OCI PunchOut integration between DJUST and your eProcurement system, from pre-flight checks to end-to-end tests.
At a glance
- DJUST exposes a PunchOut setup endpoint (
/punchout/oci/setup/{tenantConfigurationKey}) using HTTP POST withapplication/x-www-form-urlencoded- Your eProcurement system initiates a session with USERNAME/PASSWORD/HOOK_URL parameters.
- DJUST authenticates the user and redirects them to the catalog via a form-based HTML auto-submit, sending an access token.
- You must agree on supported parameters, mappings, and fallbacks before go-live.
➡️ Steps
1. Send these pre-requisite informations to your DJUST consultant
| Requirement | Fields | Details / Examples |
|---|---|---|
| Authentication parameters | USERNAME, PASSWORD | Credentials sent via x-www-form-urlencoded. |
| Hook / return URL | HOOK_URL | URL where DJUST posts the response. |
| PunchOut request structure | All fields used by your system: ACCOUNT_ID, OPERATION_TYPE etc. | |
| Example PunchOut request* | Real HTTP POST (form-encoded) example to validate integration. | |
| Example PunchOut response** | PunchOut response fields needed in your eProcurement solution to validate integration. | |
| Security constraints | IPs to allowlist, mandatory HTTPS, TLS version (1.2+). | |
| Supported scenarios | Use of OPERATION_TYPE=create, and optional FUNCTION=VALIDATE / DETAIL if supported. |
POST /punchout HTTP/1.1
Host: api.djust-app.com
Content-Type: application/x-www-form-urlencoded
USERNAME=client_username
&PASSWORD=client_password
&HOOK_URL=https://eprocurement.com/return
&OPERATION_TYPE=create
&RETURNTARGET=_self
&EDI=123456789<html>
<body onload="document.forms[0].submit()">
<form method="POST" action="https://eprocurement.example.com/hook-url">
<!-- Line 1 : Pen -->
<input type="hidden" name="NEW_ITEM-PRICE[1]" value="2.50" />
<input type="hidden" name="NEW_ITEM-VENDORMAT[1]" value="84187" />
<input type="hidden" name="NEW_ITEM-DESCRIPTION[1]" value="Pen" />
<input type="hidden" name="NEW_ITEM-QUANTITY[1]" value="10" />
<input type="hidden" name="NEW_ITEM-CUST_FIELD1[1]" value="20" />
<input type="hidden" name="NEW_ITEM-UNIT[1]" value="EA" />
<input type="hidden" name="NEW_ITEM-CURRENCY[1]" value="EUR" />
<input type="hidden" name="NEW_ITEM-LONGTEXT_1:132[1]" value="Black ink ballpoint pen" />
<!-- Line 2 : Highlighter Set -->
<input type="hidden" name="NEW_ITEM-PRICE[2]" value="12.00" />
<input type="hidden" name="NEW_ITEM-VENDORMAT[2]" value="90012" />
<input type="hidden" name="NEW_ITEM-DESCRIPTION[2]" value="Highlighter Set" />
<input type="hidden" name="NEW_ITEM-QUANTITY[2]" value="2" />
<input type="hidden" name="NEW_ITEM-CUST_FIELD1[2]" value="20" />
<input type="hidden" name="NEW_ITEM-UNIT[2]" value="BX" />
<input type="hidden" name="NEW_ITEM-CURRENCY[2]" value="EUR" />
<input type="hidden" name="NEW_ITEM-LONGTEXT_1:132[2]" value="Set of 5 assorted highlighters" />
<!-- User info -->
<input type="hidden" name="NEW_ITEM-CUST_FIELD5[1]" value="00371234556" />
</form>
</body>
</html>2. DJUST provides:
Requirement | Details / Examples |
|---|---|
Tenant Configuration Key | A unique key: |
Setup endpoint URL | Full public endpoint provided by DJUST |
Redirect & return mechanism | Form-based HTML auto-submit to |
Accepted field mapping | Support mapping like |
Error fallback handling | Returns 200 with an error HTML page using form auto-submit with hidden inputs ( |
Token-based authentication | DJUST calls |
3. Optional — Front-end punchout compatibility
- Your front should extract and use the
accessTokenreturned from the punch-out session - You must support hidden POST form inputs for all expected parameters (
accessToken,redirectUrl, etc.) - All optional custom parameters from the original request will be passed through
Updated about 9 hours ago