Punchout and cXML PO buyers use dedicated credentials, separate from the REST API key. Glede provisions and manages these; they map your traffic to your Glede business account.
What you receive from Glede
| Protocol | Credential fields |
|---|---|
| cXML (PunchOut + PO) | From domain + identity, and a shared secret |
| OCI | a username and password |
HOOK_URL / cart-return allowlist
Each credential carries an allowlist of hosts that Glede will post the finished cart back to (glob entries such as *.coupahost.com). A setup request whose HOOK_URL / BrowserFormPost host is not on the allowlist is rejected. This protects recipient data from being posted to a hostile URL if your procurement system is compromised. Send Glede the hostname(s) your system posts from.
Rotation
Secrets can be rotated without downtime. Glede issues a new value, you update your procurement config, and we retire the old one. The shared secret / password is shown once and never stored in plaintext (we keep only a hash).
Sessions
Each punchout produces a fresh, short-lived session (token in the redirect URL, used as a bearer token by the shopping UI). Sessions expire after 4 hours — start a new punchout each time.
Transport
All endpoints are HTTPS only. cXML shared secrets are masked in our audit logs; OCI passwords are never logged in plaintext.
Tenant binding
Orders created through your credential are attributed to your Glede business account, which controls pricing, templates and branding applied to the gift cards.