What is a cXML validator?

A cXML validator checks that a cXML message conforms to the official grammar (DTD) published by cxml.org. It catches missing elements, missing required attributes, mis-nested tags, and out-of-enum values.

Which cXML DTD version is used?

The latest stable version as of February 14, 2026: cXML 1.2.069. All official DTD files (cXML.dtd, Fulfill.dtd, Catalog.dtd, Quote.dtd, etc.) ship with the validator.

Is my payload stored or logged?

No. The cXML is validated in ephemeral memory and released as soon as the response is sent. No disk writes, no content logging, no tracking. Only HTTP metadata (status, duration, byte size) is kept in the system journal.

Free cXML Validator Online - Official DTD 1.2.069

Q: Which cXML messages can you validate?

Every message the DTD declares: PunchOutSetupRequest, PunchOutSetupResponse, PunchOutOrderMessage, OrderRequest, ConfirmationRequest, ShipNoticeRequest, InvoiceDetailRequest, ProfileRequest, QuoteRequest, and more.

How to use this cXML validator

Paste your cXML message into the field on the left, or import a .xml / .cxml file from your disk (500 KB cap).
Click Validate. The validator runs your message against the official cXML 1.2.069 DTD in a few milliseconds.
Read the result. If the message is valid, you get a 100% conformity score and the detected message type. Otherwise, every error appears with its line number and a plain-language explanation.

Most common cXML errors

Broken cXML messages almost always come from a slow drift between the buyer-side implementation (Ariba, Coupa, Oracle Procurement, etc.) and the official spec. Here are the errors this validator catches most often:

Missing element in the Header. The DTD enforces a strict sequence of From, To, Sender. Skip any of them and the whole request fails.
Missing payloadID or timestamp on the cXML root. Both are required attributes.
Out-of-enum operation value on PunchOutSetupRequest. Only create, inspect, edit and source are accepted.
Element not declared in the DTD. Often a custom attribute or proprietary extension that should be wrapped in an Extrinsic.
Mismatched opening and closing tags. Typical of a partial copy-paste between Postman and a text editor.

Which cXML messages can you validate?

Every message defined by the official cXML 1.2.069 DTD. The most common in PunchOut and e-procurement integrations:

PunchOutSetupRequest / PunchOutSetupResponse - the catalog session handshake.
PunchOutOrderMessage - cart return to the buyer's ERP.
OrderRequest / ConfirmationRequest - the order and its confirmation.
ShipNoticeRequest - the advance ship notice (ASN).
InvoiceDetailRequest - the electronic invoice.
ProfileRequest / ProfileResponse - capability negotiation.
QuoteRequest / QuoteMessage - quote request and response, etc.

cXML DTD 1.2.069 - what gets checked

Our validator runs against the official cXML 1.2.069 DTD published by cxml.org in strict mode. Specifically it checks:

The structural grammar: elements present, in the right order, with the right cardinality (a single Header, exactly one of Request/Response/Message).
Required attributes on each element (payloadID, timestamp, domain, operation, etc.).
Enumerated values on typed attributes.
Tag nesting (XML well-formedness).

What the validator does not check: business consistency (a negative price, a reused BuyerCookie, an Identity that doesn't match your supplier account, etc.). Those rules are domain-specific and belong to the outbound integration layer.

Learn more

What is cXML? - Understand the protocol, its history, and its role in B2B e-procurement.
cXML vs OCI - The differences between the two historic PunchOut standards.
Setup Request vs cart return - The two key moments of a PunchOut session.
Magento PunchOut planning checklist - What to plan on the supplier side.

Free cXML validator, compliant with the official DTD.

How to use this cXML validator

Most common cXML errors

Which cXML messages can you validate?

cXML DTD 1.2.069 - what gets checked

Learn more

You can validate cXML - but who generates yours?