ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

CXML-SHARED-SECRET

cXML SharedSecret is the <SharedSecret> element of a cXML <Credential> that carries the shared password authenticating the <Sender> emitter to the destination.

Definition

The <SharedSecret> is a string agreed out-of-band between the two partners. It serves as application-level authentication: if the receiver computes or compares a different secret it rejects the message with <Status code="401">. The value travels in clear text inside the XML, mandating HTTPS transport.

Origin

Present since cXML 1.0. With the rollout of OAuth 2.0 and X.509 certificates in Ariba Network, its usage is declining but remains common in legacy integrations.

Use

When configuring a supplier in Ariba, a SharedSecret is declared on the server side. Every received message must carry this secret in <Sender><Credential><SharedSecret>...</SharedSecret></Credential></Sender>. Periodic rotation is a security best practice.

Last updated: May 14, 2026