Basic solutionsTechnical FAQ
I'm confused. SbXp? OrderXchange? toolkit?
OrderXchange is the part of the @UK PLC e-procurement system that translates different forms of shopping basket for supplier websites and systems which are not directly hosted by @UK. Some buyers use OrderXchange as well.
OrderXchange supports a number of shopping basket formats such as cXML and SbXp which was defined by @UK PLC.
SbXp is defined in terms of HTML form variables, which only requires a web server and browser. SbXp doesn't require a specific programming language, but in practice all webservers use different technologies to produce their websites. The toolkit should give you a leg-up in modifing your site to generate the appropriate forms.
I don't understand the pricing when the protocol document is free?
The Shopping Basket Xchange Protocol is freely available. @UK PLC owns the copyright and trademark
OrderXchange is a effectively a brokering service, and so has ongoing costs which are reflected in the pricing structure.
In order to pass baskets to and fro using SbXp someone needs to modify your website. Our intent is that SbXp should require the smallest amount of effort on your part. The toolkit has example code in a number of programming languages, and has some libraries which should make it easier to do the work needed.
I already bought an ecommerce basket for my website. Can't I use that?
There are hundreds of ecommerce baskets available, we just can't keep up with every version of each one, which is why SbXp uses simple web technologies. Of course, we are improving our integration with other ecommerce baskets all the time.
Can I use SbXp for orders and invoices?
Yes. The Shopping Basket Xchange Protocol now optionally supports order and invoices.
You don't have to use SbXP for every part of the process. It is common for suppliers to already have electronic processes for receiving orders and sending invoices.
What is the absolute minimum we need to do?
Write one scripted web page that produces a form post to transfer the shopping basket back to @UK PLC. We recommend that after your checkout you have a page that says
LHS RHS
Return your order for Authorisation Pay here now
(this sends the form post back to @UK)
It is a simple form post with all the fields to transfer the shopping basket. There are quite a lot of fields and these are secured with a checksum and a hmac to stop tampering and confirm that the page can from you.
Where is the spec?
See Downloads or click here to get the latest version. You need to put in a valid email address when you register as the password will be sent to you by email. This means that we can let you know if we release any updates to the specification and know what version you received. It also sets you up with a BizCard Website on @UK PLC so that you have an ID for testing.
How long is the spec?
Do not panic. It is not 500 pages! It is an html file approximately 5 pages long.
What is a complete implementation?
3 scripted webpages:
1. To accept the startSession command
2. To send the transfer or checkout command with the basket
3. To accept an amendBasket command.
Optionally you can have a 4th page to accept a confirmed purchase order. This is a server to server communication so there are a lot more options and a lot of other protocols can be used.
Is there a tool kit?
There is a tool kit for dot Net and ASP. But, we have not yet implemented tool kits for jsp, php or perl. If you are implementing on these platforms we would be interested in licencing back your implementation to provide others. The only tricky part is the sha1 checksum algorithm and the hmac-shal1-96 algorithm, and we have links to libraries that implement these algorithms in most languages in the documentation.
Are there examples?
There are a series of scenarios that you can go through and if you view source you can see the full details of the form posts, all implemented in sbXp. The source code for the scenarios are part of the tool kit.
What are the likely problems after implementation?
1. The most common mistake is getting sender and receiver id’s mixed up.
When @UK PLC sends the customer to you, @UK PLC is the sender. A third party e.g. a school is the buyer and you are the receiver.
When you send the basket back you are the sender, @UK PLC is the receiver and the third party is still the buyer.
This is something that the tool kit can not help with since you tell it who to send to and it tells you who it received from.
2. HMAC/SHA1 Algorithms
You need to strip out any non ASCII characters (over 127) and then convert to ASCII before creating the checksum or mac. Why? Because even something as simple as the £ sign does not interoperate in windows between dotNet and asp. Never mind interoperating with EBCDIC or UNIX.
The tool kit handles this and lets you know whether or not a message is valid and, if it is invalid, why it is invalid.
How does it work?
One site generates out an html page with a form post. This goes to the customers browser. The customer clicks on the form post, and the post message gets sent to the receiving webserver. It is the same as any other webpage where the customer enters information. The only difference is that the form post fields are hidden so that the page is cleaner. Please see the Technical details page for more details.