Download PDF Manual Back to Extension
Back to Knowledge Base
Download this page as PDF

Admin Field Reference

This page describes the main Punchout admin fields in business-friendly language.

Buyer Profile Fields

Store View

  • Purpose: scope buyer behavior to a specific store view.
  • Recommended: use store-specific scope when price catalogs differ by store.

Buyer ID

  • Purpose: identity key sent by the procurement platform.
  • Recommended: use a stable external identifier, for example COMPANY_A_BUYER_01.

Protocol

  • Options: oci, cxml
  • Purpose: defines the expected inbound/outbound request model.

Active

  • Purpose: enable or disable this buyer quickly without deleting configuration.
  • Recommended: set to No for deprecated or test buyers.

Mapping Profile

  • Purpose: links transfer field rules to this buyer.
  • Recommended: assign one profile per integration variant and keep names explicit.

Mapping Profile Fields

Name and Code

  • Purpose: unique identification in admin and logs.
  • Recommended format: include target system and direction, for example coupa_outbound_main.

Protocol and Direction

  • Purpose: determine compatible flows and templates.
  • Rule: must match buyer protocol and intended endpoint behavior.

Start From Template

  • Purpose: preload proven mapping rules.
  • Recommended: use templates for first rollout, then apply minimal custom changes.

Mapping Rules

  • Source Entity: where data comes from (quote item, product, context).
  • Source Field: Magento-side value key.
  • Target Field: outbound protocol field.
  • Transformer: normalization logic, such as trim or price format.
  • Default Value: fallback if source is empty.
  • Required: field must be present for successful transfer.
  • Sort Order: evaluation order for deterministic output.

Global Configuration Fields

Punchout Enabled

  • Purpose: master switch for module behavior.

Sandbox Mode

  • Purpose: separates test and production behavior.
  • Recommended: disable in production.

Strict Signature Check

  • Purpose: reject unsigned or invalidly signed requests.
  • Recommended: enable in production.

Signature Secret

  • Purpose: shared secret for signature validation.
  • Recommended: rotate periodically and store securely.

Allowed IP Ranges

  • Purpose: inbound source restriction.
  • Recommended: allow only procurement platform egress IPs.

Trace Enabled and Retention

  • Purpose: support diagnosis and audit.
  • Recommended: enable during integration, keep at least 14 days retention in rollout phase.
Go-Live ChecklistAuthentication and Security Model

Found an issue with this documentation? Let us know