Today, we will take a closer look at OCI RoundTrip in Sylius, which plays a critical role in scenarios where full PunchOut support is not available. PunchOut is a technology that connects a buyer’s eProcurement application directly to their suppliers’ eCommerce sites. This seamless connection allows your clients to „PunchOut” from their eProcurement application to your website, browse products, and then return to their system with exported carts. This process enables other employees to review orders before they are placed, ensuring accuracy and compliance with company policies.
While PunchOut covers the entire process of placing, editing, and reviewing orders, OCI RoundTrip focuses on a more limited scope: logging in and exporting carts. Despite its limitations, OCI RoundTrip is essential for integration with certain SAP applications that do not support PunchOut. Implementing OCI RoundTrip often involves integration with SAP Ariba, further broadening the compatibility and functionality of your eCommerce platform.
1. RoundTrip workflow
RoundTrip workflow of getting a cart from the supplier’s eCommerce website consists of the following steps:
- An employee logs into the buyer’s eProcurement system
- The employee then can select the supplier’s eCommerce website to shop on.
- The employee then is redirected to the supplier’s website, where he is automatically logged in using the buyer’s system account. Such an account may have custom permissions that distinguish it from a standard account.
- The employee can browse the website like other customers and add items to the cart.
- At checkout, instead of providing shipping and payment details, the employee is redirected back to the buyer’s eProcurement system where he can validate the cart items and combine cart items from multiple suppliers into a single order which then goes through the validation process before items are ordered.
In simpler terms, let’s say you’re your client’s employee. You log in to the eProcurement system and want to order something that only your website provides. You click on your website’s logo, and you’re taken to your website. You’re already logged in and ready to browse the products. After you pick everything you need, you go to checkout, where instead of checkout, you are simply redirected back to the eProcurement system, where you can see all the cart items, their price, and quantity, and you can submit the order for your peers to review. It is a very seamless experience that allows you to procure items from other suppliers.
2. Implementing OCI RoundTrip in Sylius
Sylius, a Symfony-based eCommerce platform, makes implementing OCI RoundTrip very easy. Because most of the implementation details are already done in Sylius, all we have to do is adapt the login and export the cart.
In our implementation, buyer’s accounts will have to have the role ‘ROLE_ROUNDTRIP’, with this role we will allow login via post and change checkout’s behavior.
Login
When the employee is being redirected to our website,
POST request is being sent with login and password. We need to handle that and authenticate the user.
First we add RoundTrip path regex to ‘security.yaml’, which holds our authorization and authentication configuration as well as modify ‘sylius.security.shop_regex’ to include ‘roundtrip/’ path.
After which we can add a RoundTrip firewall, which is basically a carbon copy of the shop firewall except we disable CRSF, as well as change login and password parameters’ names. CRSF (Cross-site request forgery) is a system used in forms in Symfony that adds a token to the form, in order to prevent malicious attacks. In case of our OCI RoundTrip login, we’re not the one making the form so we can’t put such a token.
Now you should also store at login time additional parameters such as HOOK_URL and ~TARGET, because you need to know where to return the cart and user, as well as your shop might be opened in iFrame.
You can now proceed to test the login using OCI RoundTrip Tester tool provided by a very helpful website >> click. If everything looks fine, then proceed to adjust your website for a RoundTrip user.
Cart export
After the user picks items, the next step to modify is checkout. Instead of a normal checkout page, users should have just a simple button to return to their system with the cart. We need to create a form according to the specifications listed on the previously mentioned website >> click. We can just make a simple html form, as all we need is to send the correct data. An example form type can be seen below.
As you can see, the most important part is having the correct name for the fields and the value. We also send the form to previously stored HOOK_URL and with stored option ~TARGET. After proper implementation you can then proceed to use the previously linked tester tool to validate your exported cart and entire RoundTrip process.
Want to know more about Sylius?
Summary
Overall, implementing OCI RoundTrip might sound scarier than it is in reality. Thanks to not having to implement the process of placing or editing orders, we avoided many headaches and allowed our clients’ employees to easily browse products on our website and integrate our website into clients’ eProcurement processes.