Documentation
Feedback
Guides
API Reference
App Development
Storefront Development
VTEX IO Apps
Troubleshooting
Release Notes
API Reference
Filter By
Post
Get
Put
Delete
Patch
Anti-fraud Provider API
Audience API
Buyer organizations (B2B Suite)
B2B Contracts
B2B Buyers
B2B Addresses
Budgets API
Buying Policies API
Legacy CMS Portal API
Card Token Vault API
Catalog API - Seller Portal
Catalog API
Checkout API
Checkout Custom Card Payment API
Customer Credit API
Custom Checkout Fields
Delivery Promise Notification API
Delivery Promise Suggestions API
GiftCard API
Giftcard Provider Protocol API
GiftCard Hub API
Headless CMS
Intelligent Search API
Intelligent Search Events API - Headless
License Manager API
Logistics API
Marketplace API
Marketplace Protocol
VTEX Shopee Integration API
Master Data API - v2
Master Data API - v1
Message Center API
mTLS API
Operational Capacity API
Orders API
Organization Units API
Payment Provider Protocol API
Payments Gateway API
Pick and Pack API
Pick and Pack Last Mile Protocol API
Pick and Pack Order Changes API
Policies System API
Pricing API
Pricing Hub
Promotions & Taxes API
Promotions & Taxes API v2
Punchout API
Reviews and Ratings API
Recommendations BFF API
SKU Bindings API
Search API
Session Manager API
SSL Certificates API
Storefront Roles API
Subscriptions API (v3)
VTEX Ads API
VTEX Shipping Network API
VTEX DO API
VTEX ID
Profile System (Data Protection Plus)
Orders API - PII Data Architecture (Data Protection Plus)

Punchout API

The Punchout API enables seamless login integration between external procurement systems and VTEX. It allows procurement system users to authenticate into VTEX without manual credential management, using a secure OAuth2-like flow with real-time credential validation and one-time tokens (OTT).

Learn more about Punchout login integration.

Endpoint requirements

  • OTTs expire after 5 minutes and are single-use to prevent replay attacks.
  • Return URLs are validated against authorized hosts to prevent open redirect vulnerabilities.

Endpoints

Punchout login

SummaryMethodPath
Start VTEX user punchout flowPOST/api/authenticator/punchout/start
Start pre-authenticated user punchout flowPOST/api/authenticator/punchout/authenticated/start
Finish punchout login flowGET/api/authenticator/punchout/finish

Loading API specification...