Skip to Content
avatar image
Former Member

OCI parameters outbound - how are they sent?

Hi all,

I have a feeling this is a laughably simple question, but study the documentation as I might, I can't work something out.

We're a vendor with no SAP experience and no OCI experience developing a catalog application for a large customer who uses SAP. Our application is .NET based.

Reading through the OCI specs and looking at the outbound parameters, I made the assumption that these can be passed as simple URL parameters, tagged on to the URL. So, our customer would configure our app URL into their external catalogs set up, and then pass the user, HOOK_URL etc to us as part of the URL that gets generated when someone chooses to "punch out".

So, we set it up this way, got online with our customer and had them configure the external supplier appropriately. they punch out and do successfully reach our site, but the URL that SAP generates does not include the parameters. We used an HTTP spy tool and the parameters are nowhere to be seen in the HTTP traffic.

Our customer has successfully set up these OCI interfaces with a number of other vendors, but our contacts do not know HOW the OCI outbound parameters are being passed.

So, I went back to the spec document, and at no point does it say "and here's HOW those parameters are passed".

My question is - can they be passed as URL parameters? If not, what is the easiest alternative?

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Jun 20, 2013 at 09:10 AM

    Hello Michael,

    I'm not sure, but maybe it helps. The OCI parameter are sent out as one URL if all parameters are maintained in the standard call structure. Your customer should checkif they have maintained that call structure correctly.



    Add comment
    10|10000 characters needed characters exceeded

  • Jun 20, 2013 at 09:49 AM


    The OCI interface uses a simple html form POST to transmit the request to the OCI catalog. I think that the GET method is a bit out of fashion due to the plain text sending of user and pass in the URL.

    For example:







    <INPUT TYPE="HIDDEN" NAME="returntarget"VALUE="_top">


    <SCRIPT LANGUAGE="JavaScript"> document.SUBMITFORM.submit();</SCRIPT>


    The blue part is what you provide and maybe you have some additional fields that you want to have as well, maybe a customer ID, or a unique ID to identify the user that logs in (BADI BBP_CAT_CALL_ENRICH should then be implemented by your customer). The above login is for a generic access that is used by all SRM users that have access to the catalog. It is possible to access a catalog by only having a URL and HOOK_URL in the call structure in SRM, however that is not really OCI compliant.



    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 04, 2013 at 02:25 PM

    Hi Michael Peters

    We're having the exact same problem as you describe.

    If you've solved the problem I'd love to hear how

    Best Regards


    Add comment
    10|10000 characters needed characters exceeded

    • Hi,

      most of it is from experience talking to suppliers and getting their catalogs OCI enabled. I am mostly an SRM/ABAP consultant so I look at it from the SAP side.

      As far as I have found there is not much more information then the document you used (actually there is now an OCI 5.0 document). In there also some extra functionality of OCI 4.0 is described such as logging in via some handshake protocol. That actually might be worth looking into seeing the focus on security lately.

      When you read the OCI documentation between the lines a bit, you can mine out the information you need, but only after reading it a few times.