# Authentication Source: https://docs.cocartapi.com/api-reference/authentication Learn how to authenticate with the CoCart API for secure access. The CoCart API provides multiple authentication methods to suit different needs. While the Products API and Cart API are publicly accessible without authentication, authenticating users enables personalized shopping experiences. ## Public vs. Authenticated Access * **Public Access**: Products API and Cart API * **Authenticated Access**: Required for registered customers to access their personal carts or special access/prices to products ## Customer Authentication Methods The use of **Basic Authentication** is only required should your store allow customer registration or provide membership access for specially discounted prices that can only be made available if the user has identified themselves. To make a successful request to an API that requires Basic Authentication, you must pass one of the identify methods we support combined as an authorization header for each request. When building a request using Basic Authentication, make sure you add the Authentication: Basic HTTP header with encoded credentials over HTTPS. Requests made over plain HTTP will fail. Authentication establishes a secure customer session. In the following request examples, you would replace ``, ``, `` and `` with your credentials before sending the request: ```bash cURL theme={"system"} curl -X GET 'https://your-store.com/wp-json/cocart/v2/cart' \ -H 'Accept: application/json' \ -H 'Authorization: Basic base64_encode(:)' ``` ```php PHP theme={"system"} 'https://your-store.com/wp-json/cocart/v2/cart', CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ 'Accept: application/json', 'Authorization: Basic ' . base64_encode( . ':' . ) ] ]); $response = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); ``` ```javascript JavaScript theme={"system"} const auth = btoa(':'); fetch('https://your-store.com/wp-json/cocart/v2/cart', { headers: { 'Accept': 'application/json', 'Authorization': `Basic ${auth}` } }); ``` ```bash cURL theme={"system"} curl -X GET 'https://your-store.com/wp-json/cocart/v2/cart' \ -H 'Authorization: Basic base64_encode(:)' ``` ```php PHP theme={"system"} '; $password = ''; $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => 'https://your-store.com/wp-json/cocart/v2/cart', CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ 'Authorization: Basic ' . base64_encode($email . ':' . $password) ] ]); $response = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); ``` ```javascript JavaScript theme={"system"} const auth = btoa(':'); fetch('https://your-store.com/wp-json/cocart/v2/cart', { headers: { 'Authorization': `Basic ${auth}` } }); ``` ```bash cURL theme={"system"} curl -X GET 'https://your-store.com/wp-json/cocart/v2/cart' \ -H 'Authorization: Basic base64_encode(:)' ``` ```php PHP theme={"system"} '; $password = ''; $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => 'https://your-store.com/wp-json/cocart/v2/cart', CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ 'Authorization: Basic ' . base64_encode($phone . ':' . $password) ] ]); $response = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); ``` ```javascript JavaScript theme={"system"} const auth = btoa(':'); fetch('https://your-store.com/wp-json/cocart/v2/cart', { headers: { 'Authorization': `Basic ${auth}` } }); ``` ## Storing Authentication Credentials After successful authentication, securely store the credentials using one of these methods: * **Browser Storage** * LocalStorage (with encryption) * SessionStorage (for temporary sessions) * **Storage Libraries** * [localForage](https://www.npmjs.com/package/localforage) - Offline storage with fallbacks * [PouchDB](https://pouchdb.com/) - Offline-first database * **Native Storage** * [SQLite](https://www.sqlite.org/) - For mobile applications * [Hive](https://docs.hivedb.dev/) - For Flutter applications * Secure Keychain/Keystore for mobile platforms [Learn more about web storage](#web-storage-%26-cookies) ## JWT Authentication (Recommended) For enhanced security, we strongly recommend using JWT authentication when available. JWT provides: * Stateless authentication * Better security * Reduced server load * Easier mobile/desktop integration If JWT authentication is enabled, use the token received after login for subsequent requests: ```bash cURL theme={"system"} curl -X GET 'https://your-store.com/wp-json/cocart/v2/cart' \ -H 'Authorization: Bearer jwt_token' ``` ```php PHP theme={"system"} 'https://your-store.com/wp-json/cocart/v2/cart', CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ 'Authorization: Bearer ' . $token ] ]); $cart = curl_exec($ch); curl_close($ch); ``` ```javascript JavaScript theme={"system"} const token = await getToken(); const cart = await fetch('https://your-store.com/wp-json/cocart/v2/cart', { headers: { 'Authorization': `Bearer ${token}` } }); ``` ## Cart Session Management ### Authenticating with Existing Cart If a customer begins shopping while unauthenticated, you can transfer their cart items during authentication. See [Authenticating a customer with an existing cart](/api-reference/authentication/authenticate-customer-with-existing-cart) for the process. Maintain consistent authentication across all routes after customer login to preserve the cart session. Failing to do so will create new sessions and lose cart data. ## Administrator Authentication The Sessions API requires [WooCommerce REST API Key](https://woocommerce.github.io/woocommerce-rest-api-docs/#rest-api-keys) authentication. 1. Navigate to WooCommerce → Settings → Advanced → REST API 2. Generate new keys with `READ/WRITE` permissions 3. Use the keys for Sessions API authentication: ```bash cURL theme={"system"} curl -X GET 'https://your-store.com/wp-json/cocart/v2/sessions' \ -H 'Authorization: Basic base64_encode(ck_XXXX:cs_XXXX)' ``` ```php PHP theme={"system"} 'https://your-store.com/wp-json/cocart/v2/sessions', CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ 'Authorization: Basic ' . base64_encode($consumer_key . ':' . $consumer_secret) ] ]); $response = curl_exec($ch); curl_close($ch); ``` ```javascript Javascript theme={"system"} const consumerKey = 'ck_XXXXXXXXXXXXXXXXXXXXXX'; const consumerSecret = 'cs_XXXXXXXXXXXXXXXXXXXXXX'; const auth = btoa(`${consumerKey}:${consumerSecret}`); fetch('https://your-store.com/wp-json/cocart/v2/sessions', { headers: { 'Authorization': `Basic ${auth}` } }); ``` ## About Base64 Encoding * `base64_encode()` is a PHP function * `btoa()` is a JavaScript function * Both perform Base64 encoding, but are used in different environments * For Node.js, use `Buffer.from(str).toString('base64')` * For React Native, use `import { encode } from 'base-64'` ```php PHP theme={"system"} $auth = base64_encode("username:password"); ``` ```javascript JavaScript theme={"system"} const auth = btoa("username:password"); ``` ```javascript Node.js theme={"system"} const auth = Buffer.from("username:password").toString('base64'); ``` ## Trouble with Authentication? If your server configuration doesn't properly handle the Authorization header, you can pass credentials as query parameters: ```http Customer Authentication theme={"system"} /wp-json/cocart/v2/cart?username=customer&password=secret ``` ```http WooCommerce REST API Keys theme={"system"} /wp-json/cocart/v2/sessions?consumer_key=123&consumer_secret=abc ``` However, these methods are less secure and should be used only as a fallback. ## Web storage & cookies There are two types of web storage: **LocalStorage** and **SessionStorage**. These were created as improvements to using Cookies since the storage capacity for web storage is much higher than Cookie storage. However, there are different pros and cons to each of these storage options. **LocalStorage** Anything stored in local web storage is persistent. This means that the data will persist until the data is explicitly deleted. Depending on the needs of your project, you might view this as a positive. However, you should be mindful of using LocalStorage, since any changes/additions to data will be available on all future visits to the webpage in question. We would not usually recommend using LocalStorage, although there may be a few exceptions to this. If you decide to use LocalStorage, it is good to know that it supports the same-origin policy, so all data stored here will only be available via the same origin. An added performance perk of using LocalStorage would be a resulting decrease in client-server traffic since the data does not have to be sent back to the server for every HTTP request. **SessionStorage** SessionStorage is similar to LocalStorage, but the key difference is that SessionStorage is not persistent. Once the window (or tab, depending on which browser you are using) that was used to write to SessionStorage is closed, the data will be lost. This is useful in restricting read access to your token within a user session. Using SessionStorage is normally more preferable than LocalStorage when thinking in terms of security. Like LocalStorage, the perks of same-origin policy support and decreased client-server traffic apply to SessionStorage as well. **Cookies** Cookies are the more traditional way to store session data. You can set an expiration time for each cookie, which would allow for ease of revocability and restriction of access. However, the client-server traffic would definitely increase when using cookies, since the data is being sent back to the server for every HTTP request. If you decide to use cookies, you need to protect against session hijacking. By default, cookies are sent in plaintext over HTTP, which makes their contents vulnerable to packet sniffing and/or man-in-the-middle attacks where attackers may modify your traffic. You should always enforce HTTPS to protect your data in transit. This will provide confidentiality, integrity (of the data), and authentication. However, if your web application or site is available both through HTTP and HTTPS, you will also want to use the ‘Secure’ flag on the cookie. This will prevent attackers from being able to send links to the HTTP version of your site to a user and listening in on the resulting HTTP request generated. Another secondary defense against session hijacking when using cookies would be to validate the user’s identity again before any high-impact actions are carried out. One other flag to consider for improving the security of your cookies would be the ‘HttpOnly’ flag. This flag tells the browser that the cookie in question shall only be accessible from the server specified. Any attempts made by client-side scripts would be forbidden by this flag, therefore helping to protect against most cross-site scripting (XSS) attacks. WooCommerce uses the cookie method natively for handling the cart session but CoCart does not. The session cookie prevented CoCart supporting guest customers and slowed down the performance of the API. [**Troubleshoot Authentication Issues →**](../knowledge-base/troubleshoot/authentication) # Frequently Asked Questions Source: https://docs.cocartapi.com/api-reference/faq We ask the most frequently asked questions for the API CoCart does not use or rely on any WordPress or WooCommerce cookies. Standard WordPress batch requests are handled via `https://your-store.com/wp-json/batch/v1` endpoint. For example adding multiple products to the cart request looks like: ```json theme={"system"} { "requests": [ { "method": "POST", "path": "/cocart/v2/cart/add-item", "body": { "id": "35", "quantity": "2" } }, { "method": "POST", "path": "/cocart/v2/cart/add-item", "body": { "id": "36", "quantity": "5" } } ] } ``` We have more available in our [support center](/knowledge-base/faq). # Introduction Source: https://docs.cocartapi.com/api-reference/introduction Welcome to the API Reference for CoCart. **Finding it hard to decouple WooCommerce from WordPress without hitting roadblocks?** CoCart is here to eliminate the hassle of creating your own REST API endpoints for WooCommerce and provides all the essential features for a powerful, headless eCommerce experience making it easy to decouple WooCommerce from WordPress. Want to try it out? [Setup a sandbox site](/api-reference/playground) to test it out. We highly recommend looking at our [community initiatives](/resources/community) to help your journey for support and networking. We make the assumption that you are comfortable with REST API's and understand the basics of WordPress and WooCommerce. Since they are both (including CoCart) are built in PHP, we recommend having some knowledge of it as well. Have a question, checkout our [Frequently Asked Questions](/api-reference/faq) or [contact support](mailto:support@cocartapi.com) if not already answered. ## Base url The base URL is where your WordPress is installed. All requests made to CoCart API is via your WordPress site url `https://example-store.com/wp-json/cocart/` ## Request/Response Format The default response format is in JSON. Requests with a message-body use plain JSON to set or update resource attributes. Successful requests will return a `200 OK` HTTP status. Some general information about response: * Resource IDs are returned as integers. * Other number values, such as price, item counts, are returned as integers or strings. * Blank fields may return as `null` instead of being returned as blank strings or omitted. ## Body Types There are different types of body types when making a request. Make sure when using either of these body types that you have the correct `Content-Type` for the header. | Body Type | Content-Type | | --------------------- | --------------------------------- | | form-data | application/json | | raw | application/json | | x-www-form-urlencoded | application/x-www-form-urlencoded | Using **raw** works best if you are passing an object of data for a `variation` or `cart_item_data`. Use [any of the tools available](/documentation/tools) to help test the API with if you are unsure. ## Errors Occasionally you might encounter errors when accessing the REST API. Here are the possible types: | Error Code | Error Type | | --------------------------- | ------------------------------------------------------------- | | `400 Bad Request` | Invalid request, e.g. using an unsupported HTTP method. | | `401 Unauthorized` | Authentication or permission error, e.g. incorrect login. | | `403 Forbidden` | Not allowed to process this action or have permission. | | `404 Not Found` | Requests to resources that don't exist or are missing. | | `405 Method Not Allowed` | A request method is not supported for the requested resource. | | `406 Not Acceptable` | Indicates that the server could not produce a response. | | `500 Internal Server Error` | Server error | > WP REST API error example ```json theme={"system"} { "code": "rest_no_route", "message": "No route was found matching the URL and request method", "data": { "status": 404 } } ``` > CoCart error example ```json theme={"system"} { "code": "cocart_clear_cart_failed", "message": "Clearing the cart failed!", "data": { "status": 406 } } ``` Errors return both an appropriate HTTP status code and response object which contains a `code`, `message` and `data` attribute. # Refresh Token Source: https://docs.cocartapi.com/api-reference/jwt/refresh-token api-reference/jwt/openapi.json post /cocart/jwt/refresh-token Generate a new JWT token using a refresh token # Validate Token Source: https://docs.cocartapi.com/api-reference/jwt/validate-token api-reference/jwt/openapi.json post /cocart/jwt/validate-token Validate an existing JWT token # CoCart Playground Source: https://docs.cocartapi.com/api-reference/playground Setup a WooCommerce store demo with CoCart to play around. Create reproducible WooCommerce testing environment with CoCart to test out the REST API right away. It generates a blueprint that: * Configures pretty permalinks * Installs WooCommerce * Sets up basic store information * Skips the onboarding wizard * Configures basic WooCommerce settings * Imports sample products * Installs CoCart, JWT Authentication and CORS support * Installs Safe SVG and Leira Letter Avatar plugins * Installs the Storefront theme The rest is up to you to play around with. Create a free CoCart Playground with WooCommerce to test the REST API. ## How it works: * A fresh new WordPress site is created for you. * You’ll be taken straight to the WordPress admin. * Use the provided information to help you test the API. ## What to expect from Playground: * The playground is valid for **5 days**. After that the site expires, all data will be erased and can no longer be accessed. * Test CoCart on a clean WordPress sandbox. * Don’t worry about issues with CORS. It’s already setup. * Try all our core features. No strings attached. Search, filter and return product data you need. Add products to cart either as a guest or a registered customer. * Push CoCart to its limits. Don’t worry about breaking anything, it’s just a demo site. Yes to all. You are the administrator of the playground. For more information about the WordPress Playground please visit [https://wordpress.org/playground/](https://wordpress.org/playground/) Yes, not everything can be setup for the Playground. Simply go to **WooCommerce -> Settings** and on the general tab, check "Enable tax rates and calculations" and press "Save changes". Then you can see a new tab called **Tax**. Yes, not everything can be setup for the Playground. Simply go to **WooCommerce -> Settings** and on the **Shipping** tab you can create shipping zones and apply the shipping methods. WordPress Playground is not stable and may have an issue creating an environment at times. If not succeeding, please consider [creating a sandbox instead](https://app.instawp.io/launch?t=cocart-demo-core-only\&d=v2). Sandbox sites are live for **only 5 days** and also include **CoCart Plus**. Some taxes and shipping options have also been configured. # Remove Item from Cart Source: https://docs.cocartapi.com/api-reference/v1/cart/delete-remove-item api-reference/v1/openapi-cart-v1.yaml delete /item Removes a specific item from the customer's cart. # Get Cart Source: https://docs.cocartapi.com/api-reference/v1/cart/get-cart api-reference/v1/openapi-cart-v1.yaml get /get-cart Gets the cart items added by the customer. # Get Cart for Customer Source: https://docs.cocartapi.com/api-reference/v1/cart/get-cart-customer api-reference/v1/openapi-cart-v1.yaml get /get-cart/customer/{id} Gets the persistent cart for the provided customer ID. # Get Cart in Session Source: https://docs.cocartapi.com/api-reference/v1/cart/get-cart-in-session api-reference/v1/openapi-cart-v1.yaml get /get-cart/{id} Gets the cart in session for the provided cart key. # Get Cart Items Count Source: https://docs.cocartapi.com/api-reference/v1/cart/get-count-items api-reference/v1/openapi-cart-v1.yaml get /count-items Returns the count of items in the customer's cart. # Get Cart Totals Source: https://docs.cocartapi.com/api-reference/v1/cart/get-totals api-reference/v1/openapi-cart-v1.yaml get /totals Retrieves the cart totals including subtotal, taxes, shipping, and discounts. # Remove a Coupon from Cart Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/delete-remove-coupon api-reference/v1/openapi-cart-v1.yaml delete /coupon Remove a coupon from the cart using the coupon code. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Applied Coupons in Cart Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-applied-coupons api-reference/v1/openapi-cart-v1.yaml get /coupon Retrieve a list of all coupons currently applied to the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Check Coupons in Cart Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-check-coupons api-reference/v1/openapi-cart-v1.yaml get /check-coupons Check if coupons applied to the cart are valid. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Cart Cross Sells Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-cross-sells api-reference/v1/openapi-cart-v1.yaml get /cross-sells Gets cross-sell products for the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Customer Details Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-customer api-reference/v1/openapi-cart-v1.yaml get /customer Retrieve customer details associated with the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Fees from Cart Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-fees api-reference/v1/openapi-cart-v1.yaml get /fees Retrieve a list of all fees applied to the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Payment Methods Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-payment-methods api-reference/v1/openapi-cart-v1.yaml get /payment-methods Retrieve available payment methods for the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Item Quantities in Cart Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-quantities api-reference/v1/openapi-cart-v1.yaml get /quantities Retrieve the quantities of items currently in the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Removed Items from Cart Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-removed-items api-reference/v1/openapi-cart-v1.yaml get /removed-items Retrieve a list of items that have been removed from the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Shipping Methods Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-shipping-methods api-reference/v1/openapi-cart-v1.yaml get /shipping-methods Gets available shipping methods for the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Coupon Discount Tax Totals Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-totals-discount-coupon-tax api-reference/v1/openapi-cart-v1.yaml get /totals/discount/coupon-tax Gets the discount tax totals per coupon. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Fee Total Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-totals-fee api-reference/v1/openapi-cart-v1.yaml get /totals/fee Gets the total fees applied to the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Fee Tax Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-totals-fee-tax api-reference/v1/openapi-cart-v1.yaml get /totals/fee/tax Gets the total fee tax applied to the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Shipping Total Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-totals-shipping api-reference/v1/openapi-cart-v1.yaml get /totals/shipping Gets the total shipping cost for the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Shipping Tax Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-totals-shipping-tax api-reference/v1/openapi-cart-v1.yaml get /totals/shipping/tax Gets the total shipping tax for the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Subtotal Tax Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-totals-subtotal-tax api-reference/v1/openapi-cart-v1.yaml get /totals/subtotal/tax Gets the subtotal tax of the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Total Tax Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-totals-tax api-reference/v1/openapi-cart-v1.yaml get /totals/tax Gets the total tax for the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Get Cart Total Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/get-totals-total api-reference/v1/openapi-cart-v1.yaml get /totals/total Gets the total amount for the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Apply a Fee Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/post-add-fee api-reference/v1/openapi-cart-v1.yaml post /fees Adds a fee to the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Apply a Coupon Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/post-apply-coupon api-reference/v1/openapi-cart-v1.yaml post /coupon Applies a coupon to the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Calculate Fees Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/post-calculate-fees api-reference/v1/openapi-cart-v1.yaml post /calculate/fees Calculates the cart fees. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Calculate Shipping Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/post-calculate-shipping api-reference/v1/openapi-cart-v1.yaml post /calculate/shipping Calculates shipping for the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Set Payment Method Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/post-set-payment-method api-reference/v1/openapi-cart-v1.yaml post /payment-methods Sets a payment method for the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Set Shipping Methods Source: https://docs.cocartapi.com/api-reference/v1/cart/plus/post-set-shipping-method api-reference/v1/openapi-cart-v1.yaml post /shipping-methods Sets a shipping method for the cart. This endpoint is available in [CoCart Plus](https://cocartapi.com/pricing/?ref=mintlify). # Add Item to Cart Source: https://docs.cocartapi.com/api-reference/v1/cart/post-add-item api-reference/v1/openapi-cart-v1.yaml post /add-item Adds a product item to the customer's cart. # Calculate cart totals Source: https://docs.cocartapi.com/api-reference/v1/cart/post-calculate api-reference/v1/openapi-cart-v1.yaml post /calculate Calculates the cart totals including taxes, shipping, and discounts. # Clear the cart Source: https://docs.cocartapi.com/api-reference/v1/cart/post-clear-cart api-reference/v1/openapi-cart-v1.yaml post /clear Removes all items from the customer's cart. # Update Item in Cart Source: https://docs.cocartapi.com/api-reference/v1/cart/post-update-item api-reference/v1/openapi-cart-v1.yaml post /item Updates the quantity of a specific item in the customer's cart. # Restore Item to Cart Source: https://docs.cocartapi.com/api-reference/v1/cart/put-restore-item api-reference/v1/openapi-cart-v1.yaml put /item OpenSpec file is incomplete! Review and correct to allow documentation to generate. # Error Codes Source: https://docs.cocartapi.com/api-reference/v1/error-codes Error codes returned by the CoCart API v1. | HTTP Code | Error Code | Error Message | | --------- | ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 401 | `cocart_cannot_read_cart` | Cannot read cart! | | 404 | `cocart_customer_missing` | Customer ID is required! | | 404 | `cocart_cart_key_missing` | Cart Key is required! | | 404 | `cocart_cart_in_session_not_valid` | Cart in session is not valid! | | 404 | `cocart_clear_cart_failed` | Clearing the cart failed! | | 404 | `cocart_product_id_required` | Product ID number is required! | | 405 | `cocart_product_id_not_numeric` | Product ID must be numeric! | | 405 | `cocart_quantity_not_numeric` | Quantity must be numeric! | | 404 | `cocart_product_does_not_exist` | Warning: This product does not exist! | | 403 | `cocart_product_sold_individually` | You cannot add another "%s" to your cart. | | 403 | `cocart_cannot_be_purchased` | Sorry, this product cannot be purchased. | | 404 | `cocart_product_out_of_stock` | You cannot add "%s" to the cart because the product is out of stock. %s is the product name | | 403 | `cocart_not_enough_in_stock` | You cannot add a quantity of %1$s: quantity requested for "`%3$s` remaining! | | 403 | `cocart_not_enough_stock_remaining` | You cannot add that amount to the cart — we have `%1$s` in stock and you already have `%2$s` in your cart. | | 403 | `cocart_not_ok_to_add_item` | This item can not be added to the cart. | | 403 | `cocart_cannot_add_to_cart` | You cannot add "`%s`" to your cart. %s is the product name | | 403 | `cocart_can_not_remove_item` | Unable to remove item from cart. | | 403 | `cocart_can_not_restore_item` | Unable to restore item to the cart. | | 403 | `cocart_can_not_update_item` | Unable to update item quantity in cart. | | 404 | `cocart_cart_item_key_required` | Cart item key is required! | | 404 | `cocart_no_items` | No items in cart. | | 404 | `cocart_item_not_in_cart` | Item specified does not exist in cart. | | 403 | `cocart_cannot_add_product_type_to_cart` | You cannot add "`%1$s`" to your cart as it is an "`%2$s`" product. %1$s: product name, %2$s: product type | | 400 | `cocart_invalid_variation_data` | Invalid value posted for `%1$s`. Allowed values: `%2$s` %1$s: Attribute name, %2$s: Allowed values | | 400 | `cocart_missing_variation_data` | Missing variation data for variable product. `%s` is a required field. %s: Attribute name. | | 400 | `cocart_missing_variation_data` | Missing variation data for variable product. `%s` are required fields. %s: Attribute name. | | 400 | `cocart_no_variation_found` | No matching variation found. | | 403 | `cocart_cart_invalid_parent_product` | This product cannot be added to the cart. | | 404 | `cocart_product_failed_validation` | Product did not pass validation! | | 403 | `cocart_product_sold_individually` | You cannot add another "`%s`" to your cart. | | 403 | `cocart_can_not_increase_quantity` | You can only have 1 `%s` in your cart. %s is the product name | # Get a Product Source: https://docs.cocartapi.com/api-reference/v1/products/get-product api-reference/v1/openapi-products-v1.yaml get /products/{id} Returns a single product. # Get a Product Attribute Source: https://docs.cocartapi.com/api-reference/v1/products/get-product-attribute api-reference/v1/openapi-products-v1.yaml get /products/attributes/{id} Returns a single product attribute. # Get a Product Attribute Term Source: https://docs.cocartapi.com/api-reference/v1/products/get-product-attribute-term api-reference/v1/openapi-products-v1.yaml get /products/attributes/{attribute_id}/terms/{id} Returns a single product attribute term. # Get Product Attribute Terms Source: https://docs.cocartapi.com/api-reference/v1/products/get-product-attribute-terms api-reference/v1/openapi-products-v1.yaml get /products/attributes/{attribute_id}/terms Returns a list of product attribute terms. # Get Product Attributes Source: https://docs.cocartapi.com/api-reference/v1/products/get-product-attributes api-reference/v1/openapi-products-v1.yaml get /products/attributes Returns a list of product attributes. # Get Product Categories Source: https://docs.cocartapi.com/api-reference/v1/products/get-product-categories api-reference/v1/openapi-products-v1.yaml get /products/categories Returns a list of product categories. # Get a Product Review Source: https://docs.cocartapi.com/api-reference/v1/products/get-product-review api-reference/v1/openapi-products-v1.yaml get /products/reviews/{id} Returns a single product review. # Get Product Reviews Source: https://docs.cocartapi.com/api-reference/v1/products/get-product-reviews api-reference/v1/openapi-products-v1.yaml get /products/reviews Returns a list of product reviews. # Get Product Tags Source: https://docs.cocartapi.com/api-reference/v1/products/get-product-tags api-reference/v1/openapi-products-v1.yaml get /products/tags Returns a list of product tags. # Get a Product Variation Source: https://docs.cocartapi.com/api-reference/v1/products/get-product-variation api-reference/v1/openapi-products-v1.yaml get /products/{product_id}/variations/{id} Returns a single product variation. # Get Product Variations Source: https://docs.cocartapi.com/api-reference/v1/products/get-product-variations api-reference/v1/openapi-products-v1.yaml get /products/{product_id}/variations Returns a list of product variations. # Get Products Source: https://docs.cocartapi.com/api-reference/v1/products/get-products api-reference/v1/openapi-products-v1.yaml get /products Returns a list of products. # Logout Source: https://docs.cocartapi.com/api-reference/v1/user/logout api-reference/v1/openapi-cart-v1.yaml post /logout Logs out the customer and clears their session. Originally this endpoint was used to log out a user and their cart session when relying on WooCommerce session cookie. While the endpoint is not needed to clear the users session anymore, you can still use it to clear any WordPress cookies that may have been set. # Get cart Source: https://docs.cocartapi.com/api-reference/v2/cart/get-cart api-reference/v2/openapi-v2-stable.yaml get /cart Get the full cart including all items, totals, and customer information. # Add Item to Cart Source: https://docs.cocartapi.com/api-reference/v2/cart/post-add-item api-reference/v2/openapi-v2-stable.yaml post /cart/add-item Adds a single product item to the customer's cart. # Add Items to Cart Source: https://docs.cocartapi.com/api-reference/v2/cart/post-add-items api-reference/v2/openapi-v2-stable.yaml post /cart/add-items Adds multiple product items to the customer's cart in a single request. # Calculate cart totals Source: https://docs.cocartapi.com/api-reference/v2/cart/post-calculate api-reference/v2/openapi-v2-stable.yaml post /cart/calculate Calculates the cart totals including taxes, shipping, and discounts. # Clear the cart Source: https://docs.cocartapi.com/api-reference/v2/cart/post-clear api-reference/v2/openapi-v2-stable.yaml post /cart/clear Removes all items from the customer's cart. # Variation Examples Source: https://docs.cocartapi.com/api-reference/v2/variation-examples Know all the combinations for variable products when adding to cart. ## Adding Variable Products to Cart When adding a variation from a variable product to the cart, there are several approaches you can take. Below are examples of each method and their outcomes. ### Method 1: No Attribute Data To make things clear from the start. Adding a variable product without attribute data will fail as the variation cannot be determined. This method is not recommended. ````json theme={"system"} { "id": "16", "quantity": "1" } ```json { "id": "16", "quantity": "1" } ```` **Response**: ```json theme={"system"} { "code": "cocart_no_variation_found", "message": "No matching variation found.", "data": { "status": 404 } } ``` ### Method 2: Using Attribute Data Note the lowercase "no" ```json theme={"system"} { "id": "16", "quantity": "1", "variation": { "attribute_pa_color": "green", "attribute_logo": "no" } } ``` **Response** ```json theme={"system"} { "code": "cocart_no_variation_found", "message": "No matching variation found.", "data": { "status": 404 } } ``` ```json theme={"system"} { "id": "16", "quantity": "1", "variation": { "attribute_pa_color": "blue", "attribute_logo": "No" } } ``` ### Method 3: Using Variation ID You can directly add a specific variation using its **ID**. ```json theme={"system"} { "id": "39", "quantity": "1" } ``` However, if you specify an invalid attribute with the variation ID you will receive an error. The error will provide the **allowed values**. ```json theme={"system"} { "id": "39", "quantity": "1", "variation": { "attribute_pa_color": "orange", "attribute_logo": "Yes" } } ``` **Response** ```json theme={"system"} { "code": "cocart_invalid_variation_data", "message": "Invalid value posted for Color. Allowed values: blue, green, red", "data": { "status": 400 } } ``` ### Method 4: Using Alternative Attribute Formats You can use attribute labels instead of slugs. ```json theme={"system"} { "id": "16", "quantity": "1", "variation": { "Color": "blue", "Logo": "Yes" } } ``` You can mix slugs and labels (note: label values must be exact for custom attributes). ```json theme={"system"} { "id": "16", "quantity": "1", "variation": { "pa_color": "blue", "Logo": "Yes" } } ``` ## Important Notes 1. Attribute values are case-sensitive 2. When using variation IDs, attribute data is optional 3. Custom attribute labels must match exactly 4. Values maybe limited to specific options 5. You can use either attribute slugs (`attribute_pa_color`) or labels (`Color`) # Batch Requests for the Cart Source: https://docs.cocartapi.com/documentation/batch-requests Learn how to batch request the cart To use the premium batch request for cart, you need [CoCart Plus or higher](https://cocartapi.com/pricing/). Otherwise feel free to [use the standard WordPress batch process](https://make.wordpress.org/core/2020/11/20/rest-api-batch-framework-in-wordpress-5-6/). Supports API v2 or higher. Make multiple cart requests and return 1 complete cart response. Sounds to good to be true but it is. The [standard batch processing](https://make.wordpress.org/core/2020/11/20/rest-api-batch-framework-in-wordpress-5-6/) that WordPress supports is too problematic for developers when it comes to using the cart data to present it. Seriously if you try it yourself, you would not want to use the standard way. We took away the pain of having to track and merge data together for you, so you can go about your programming with ease. It supports both authenticated users and guest customers. ## How do I use it? It’s very simple. Post your requests as you would do a standard WordPress batch request only you are using our special batch endpoint `wp-json/cocart/batch` instead. ```json theme={"system"} { "requests": [ { "method": "POST", "path": "/cocart/v2/cart/add-item", "body": { "id": "35", "quantity": "2" } }, { "method": "POST", "path": "/cocart/v2/cart/add-item", "body": { "id": "36", "quantity": "5" } } ] } ``` ## What about guest customers? Simply provide the cart key to identify the cart for the guest customer the same way you would for a singular cart endpoint. If you used the standard batch process, you would have to apply the cart key to each request, which we don’t recommend. In the following request examples, you would replace `` that identifies the guest customers cart before sending the request: ```bash cURL theme={"system"} curl -L 'https://example-store.com/wp-json/cocart/batch?cart_key=' \ -H 'Content-Type: application/json' \ -d '{ "requests": [ { "method": "POST", "path": "/cocart/v2/cart/add-item", "body": { "id": "35", "quantity": "2" } }, { "method": "POST", "path": "/cocart/v2/cart/add-item", "body": { "id": "36", "quantity": "5" } } ] }' ``` ```php PHP theme={"system"} 'https://example-store.com/wp-json/cocart/batch?cart_key=' CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ 'Authorization: Basic ' . base64_encode($username . ':' . $password) ] ]); $response = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); ``` ```javascript Javascript theme={"system"} ``` ## The results The results is one complete cart response (if all requests are successful). You should see multiple notices return for each of the requests. Will leave you to decide how you use them. # Contributing to Documentation Source: https://docs.cocartapi.com/documentation/contributing-to-docs Learn how to contribute to CoCart API documentation Thank you for your interest in improving the CoCart API documentation! This guide will help you understand how to contribute effectively. ## Overview The CoCart API documentation is built with [Mintlify](https://mintlify.com), a modern documentation platform that uses MDX (Markdown + JSX) files and is hosted publicly on GitHub at [cocart-headless/cocart-api-documentation](https://github.com/cocart-headless/cocart-api-documentation). ## Ways to Contribute You can help improve the documentation in several ways: Correct spelling mistakes, grammar issues, or technical inaccuracies Rewrite confusing sections to make them easier to understand Contribute code examples in different programming languages Create step-by-step guides for common use cases ## Getting Started ### Prerequisites Before you begin, make sure you have: * A [GitHub account](https://github.com/signup) * [Git](https://git-scm.com/downloads) installed on your computer * [Node.js](https://nodejs.org/) (v18 or higher) installed * Basic familiarity with Markdown and Git workflows ### Setting Up Your Development Environment 1. **Fork the repository** Visit the [documentation repository](https://github.com/cocart-headless/cocart-api-documentation) and click the "Fork" button in the top-right corner. 2. **Clone your fork** ```bash theme={"system"} git clone https://github.com/YOUR-USERNAME/cocart-api-documentation.git cd cocart-api-documentation ``` 3. **Install Mintlify CLI** ```bash theme={"system"} npm install -g mintlify ``` 4. **Start the development server** ```bash theme={"system"} mintlify dev ``` The documentation will be available at `http://localhost:3000`. If `mintlify dev` isn't working, try running `mintlify install` to reinstall dependencies. ## Documentation Structure Understanding the project structure will help you navigate and contribute effectively: ``` cocart-api-documentation/ ├── docs.json # Navigation and site configuration ├── api-reference/ # API endpoint documentation │ ├── v1/ # API v1 endpoints │ ├── v2/ # API v2 endpoints │ └── jwt/ # JWT authentication endpoints ├── documentation/ # User guides and features │ ├── developers/ # Developer resources │ └── guides/ # How-to guides ├── tutorials/ # Step-by-step tutorials ├── getting-started/ # Setup and quick start guides ├── cli-reference/ # CLI command documentation ├── knowledge-base/ # FAQ and troubleshooting └── resources/ # Community and support info ``` ### Key Files * **[docs.json](https://mintlify.com/docs.json)** - Controls navigation, theme, and site settings * **MDX files** - Content pages using Markdown with React components * **CLAUDE.md** - Project-specific contribution guidelines ## Writing Guidelines ### Frontmatter Requirements Every MDX file must include frontmatter with at least these fields: ```mdx theme={"system"} --- title: "Clear, Descriptive Page Title" description: "Concise summary for SEO and navigation (1-2 sentences)" --- ``` Optional frontmatter fields: ```mdx theme={"system"} --- title: "Page Title" sidebarTitle: "Shorter Sidebar Title" description: "Page description" icon: "icon-name" # Font Awesome icon tag: "NEW" # Badge: NEW, WIP, BETA, etc. --- ``` ### Writing Style Follow these style guidelines for consistency: * Use **second-person voice** ("you") when addressing the reader * Keep tone professional but friendly * Write in active voice * Be concise and direct **Good**: "You can authenticate using Basic Auth or JWT tokens." **Bad**: "Users are able to utilize either Basic Auth or JWT tokens for authentication purposes." * Include code examples for all procedural content * Add language tags to all code blocks * Test all code examples before submitting * Include both basic and advanced use cases where appropriate * Show examples in multiple languages when possible (JavaScript, PHP, cURL) ```javascript theme={"system"} const response = await fetch('https://example.com/wp-json/cocart/v2/cart'); const cart = await response.json(); ``` * Use **relative paths** for internal links: `[link text](/path/to/page)` * Use descriptive link text (avoid "click here") * Link to relevant sections for additional context **Good**: `See [Authentication](/api-reference/authentication) for more details.` **Bad**: `Click [here](https://docs.cocartapi.com/api-reference/authentication) for more information.` * Start procedural content with prerequisites * Use clear headings to organize content * Include "What You'll Learn" or "Overview" sections for tutorials * Add "Next Steps" or "What's Next" sections where appropriate ## Using Mintlify Components Mintlify provides special components to enhance your documentation: ### Callouts Use callouts to highlight important information: ```mdx theme={"system"} This is informational content that provides helpful context. This warns users about potential issues or important considerations. This offers helpful tips or best practices. This provides additional notes or clarifications. ``` ### Cards Create card layouts for organized content: ```mdx theme={"system"} Card description Another description ``` ### Accordions Use accordions for collapsible content: ```mdx theme={"system"} Content that can be expanded/collapsed More collapsible content ``` ### Code Groups Show code in multiple languages using CodeGroup: ```bash cURL theme={"system"} curl -X GET https://example.com/wp-json/cocart/v2/cart ``` ```javascript JavaScript theme={"system"} const response = await fetch('https://example.com/wp-json/cocart/v2/cart'); ``` ```php PHP theme={"system"} $response = wp_remote_get('https://example.com/wp-json/cocart/v2/cart'); ``` For more components and options, see the [Mintlify Components Documentation](https://mintlify.com/docs/content/components/accordions). ## Contribution Workflow ### Making Changes 1. **Create a new branch** ```bash theme={"system"} git checkout -b fix/improve-authentication-docs ``` Branch naming conventions: * `fix/short-description` - Bug fixes or corrections * `add/short-description` - New content * `refactor/short-description` - Reorganizing content * `update/short-description` - Updating existing content 2. **Make your changes** Edit MDX files in your preferred text editor. The local dev server will auto-reload as you make changes. 3. **Preview your changes** Check `http://localhost:3000` to see how your changes look before committing. 4. **Update navigation** (if adding new pages) Add your new page to [docs.json](docs.json) in the appropriate section: ```json theme={"system"} { "group": "Tutorials", "pages": [ "tutorials/existing-page", "tutorials/your-new-page" ] } ``` ### Committing Changes Follow these commit guidelines: * Subject line: 50 characters or less, imperative mood * Body: Wrap at 72 characters, explain what and why * No period at end of subject line ```bash theme={"system"} git commit -m "Fix typo in authentication tutorial Corrected the endpoint URL in the Basic Auth example. The previous URL was missing the /wp-json prefix." ``` The repository may have pre-commit hooks for validation. **Never** use `--no-verify` flag. Make small, atomic commits that each address one specific change. ### Submitting Your Contribution 1. **Push your branch to GitHub** ```bash theme={"system"} git push origin fix/improve-authentication-docs ``` 2. **Create a Pull Request** * Go to your fork on GitHub * Click "Compare & pull request" * Fill out the PR template with: * Clear description of your changes * Why the changes are needed * Any related issues 3. **Address review feedback** Maintainers may request changes. Make updates to your branch and push again: ```bash theme={"system"} git add . git commit -m "Address review feedback" git push origin fix/improve-authentication-docs ``` ## Updating docs.json The [docs.json](docs.json) file controls navigation and site configuration. When updating it: ### Navigation Structure The documentation has versioned navigation (stable and pre-release): ```json theme={"system"} { "navigation": { "versions": [ { "version": "stable", "default": true, "anchors": [...] }, { "version": "pre-release", "anchors": [...] } ] } } ``` ### Adding a New Page When you add a new page, include it in the appropriate tab and group: ```json theme={"system"} { "tab": "Tutorials", "groups": [ { "group": "Tutorials", "pages": [ "tutorials/existing-tutorial", "tutorials/your-new-tutorial" ] } ] } ``` Always validate your JSON syntax. Invalid JSON will break the entire documentation site. ### docs.json Schema Refer to the [Mintlify docs.json schema](https://mintlify.com/docs.json) for complete configuration options. ## Testing Your Changes Before submitting a pull request: All links work correctly and use relative paths Code examples have been tested and work as expected Frontmatter is present and correctly formatted No spelling or grammar errors Images have alt text Content follows the writing guidelines Navigation works correctly (if you modified docs.json) Local preview renders correctly ## Content Strategy When contributing content, keep these principles in mind: Document enough for user success - not too much, not too little Prioritize accuracy and usability over comprehensiveness Write content that remains relevant over time when possible Search for existing info before adding new content ## Common Mistakes to Avoid **Do NOT:** * Skip frontmatter on any MDX file * Use absolute URLs for internal links * Include untested code examples * Make assumptions - ask for clarification instead * Use `--no-verify` when committing * Modify changelog files directly (these are maintained by the CoCart team) ## Getting Help Need help with your contribution? * **Questions about content**: Ask in the [#documentation channel](https://cocartapi.com/community/?ref=mintlify) on Discord * **Technical issues with Mintlify**: Check the [Mintlify documentation](https://mintlify.com/docs/introduction) * **Report documentation issues**: Open an issue on [GitHub](https://github.com/cocart-headless/cocart-api-documentation/issues) ## Recognition Contributors are valued members of the CoCart community! Significant contributions may be recognized: * Listed in documentation contributors * Mentioned in release notes * Invited to join the documentation team ## Resources Official Mintlify documentation Learn about MDX syntax Join our Discord community Documentation repository ## What's Next? Ready to contribute? Here are some good starting points: 1. Look for pages tagged with "WIP" (work in progress) that need completion or reviewing before finalization and tagging as "NEW" 2. Check the [GitHub issues](https://github.com/cocart-headless/cocart-api-documentation/issues) for documentation tasks 3. Review recent changes to understand current documentation priorities 4. Start with small improvements like fixing typos before tackling larger contributions Thank you for helping make CoCart documentation better for everyone! # CORS for CoCart Source: https://docs.cocartapi.com/documentation/cors Depending on your setup, you may need to enable CORS to gain access For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. Only in a local environment does the REST API simulate CORS enabled. If you are getting a warning about the cross origin headers then you will need to set it up. If you simply want to enable but don't want to add any code snippets, you can simply [install CoCart CORS Support](https://wordpress.org/plugins/cocart-cors/) plugin. ## Enable CORS ```php theme={"system"} Each action hook is documented below with its description and usage example. ## Installation Hooks ### `cocart_init` Fires once the CoCart plugin has finished loading. Made available since v3.0.0 **Usage** ```php theme={"system"} add_action( 'cocart_init', function() { // Your code here }); ``` [Search `cocart_init` in repository](https://github.com/co-cart/co-cart/search?q=cocart_init\&type=code) *** ### `cocart_updated` Runs after CoCart has been updated. Made available since v1.2.0 **Usage** ```php theme={"system"} add_action( 'cocart_updated', function() { // Your code here }); ``` [Search `cocart_updated` in repository](https://github.com/co-cart/co-cart/search?q=cocart_updated\&type=code) *** ### `cocart_installed` Runs after CoCart has been installed. Made available since v1.2.0 **Usage** ```php theme={"system"} add_action( 'cocart_installed', function() { // Your code here }); ``` [Search `cocart_installed` in repository](https://github.com/co-cart/co-cart/search?q=cocart_installed\&type=code) *** ## Session Management ### `cocart_after_session_saved_data` Fires after session data is saved. Made available since v4.2.0 **Parameters** Customer ID. Cart data. Cart expiration. Cart source. **Usage** ```php theme={"system"} add_action( 'cocart_after_session_saved_data', function() { // Your code here }, 10 ); ``` [Search `cocart_after_session_saved_data` in repository](https://github.com/co-cart/co-cart/search?q=cocart_after_session_saved_data\&type=code) *** ### `cocart_load_cart_override` Manipulate the overriding cart before it is set in session. Made available since v2.1.0 **Usage** ```php theme={"system"} add_action( 'cocart_load_cart_override', function() { // Your code here }); ``` [Search `cocart_load_cart_override` in repository](https://github.com/co-cart/co-cart/search?q=cocart_load_cart_override\&type=code) *** ### `cocart_load_cart` Manipulate the merged cart before it is set in session. Made available since v2.1.0 **Usage** ```php theme={"system"} add_action( 'cocart_load_cart', function() { // Your code here }); ``` [Search `cocart_load_cart` in repository](https://github.com/co-cart/co-cart/search?q=cocart_load_cart\&type=code) *** ### `cocart_cart_loaded` Fires once a cart has loaded. Can be used to trigger a webhook. Made available since v3.8.0 **Parameters** The cart key. **Usage** ```php theme={"system"} add_action( 'cocart_cart_loaded', function() { // Your code here }, 10 ); ``` [Search `cocart_cart_loaded` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_loaded\&type=code) *** ## Cart Updates ### `cocart_update_cart_before_totals` Fires before the cart has updated via a callback, but before cart totals are re-calculated. Made available since v4.1.0 **Parameters** The request object. The cart controller. **Usage** ```php theme={"system"} add_action( 'cocart_update_cart_before_totals', function() { // Your code here }, 10 ); ``` [Search `cocart_update_cart_before_totals` in repository](https://github.com/co-cart/co-cart/search?q=cocart_update_cart_before_totals\&type=code) *** ### `cocart_update_cart_after_totals` Fires after the cart has updated via a callback and the cart totals are re-calculated. Made available since v4.1.0 **Parameters** The request object. The cart controller. **Usage** ```php theme={"system"} add_action( 'cocart_update_cart_after_totals', function() { // Your code here }, 10 ); ``` [Search `cocart_update_cart_after_totals` in repository](https://github.com/co-cart/co-cart/search?q=cocart_update_cart_after_totals\&type=code) *** ## Cart Items Management ### `cocart_item_added_updated_in_cart` Fires if item was added again to the cart but updated the quantity. Made available since v2.1.0 **Parameters** Item key of the item added again. Item added to cart again. New quantity of the item. **Usage** ```php theme={"system"} add_action( 'cocart_item_added_updated_in_cart', function() { // Your code here }, 10 ); ``` [Search `cocart_item_added_updated_in_cart` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_added_updated_in_cart\&type=code) *** ### `cocart_item_added_to_cart` Fires once an item has been added to cart. Made available since v2.1.0 **Parameters** Item key of the item added. Item added to cart. **Usage** ```php theme={"system"} add_action( 'cocart_item_added_to_cart', function() { // Your code here }, 10 ); ``` [Search `cocart_item_added_to_cart` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_added_to_cart\&type=code) *** ### `cocart_item_removed` Fires when an item is removed from the cart. Made available since v2.0.0 **Parameters** The cart item data. **Usage** ```php theme={"system"} add_action( 'cocart_item_removed', function() { // Your code here }, 10 ); ``` [Search `cocart_item_removed` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_removed\&type=code) *** ### `cocart_item_restored` Fires when an item is restored to the cart. Made available since v2.0.0 **Parameters** The cart item data. **Usage** ```php theme={"system"} add_action( 'cocart_item_restored', function() { // Your code here }, 10 ); ``` [Search `cocart_item_restored` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_restored\&type=code) *** ### `cocart_item_quantity_changed` Fires when the quantity of an item in the cart is changed. Made available since v2.0.0 **Parameters** Item key. Item data. **Usage** ```php theme={"system"} add_action( 'cocart_item_quantity_changed', function() { // Your code here }, 10 ); ``` [Search `cocart_item_quantity_changed` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_quantity_changed\&type=code) *** ## Cart Operations ### `cocart_before_cart_emptied` Triggers before the cart is emptied. Made available since v1.0.0 **Usage** ```php theme={"system"} add_action( 'cocart_before_cart_emptied', function() { // Your code here }); ``` [Search `cocart_before_cart_emptied` in repository](https://github.com/co-cart/co-cart/search?q=cocart_before_cart_emptied\&type=code) *** ### `cocart_cart_emptied` Triggers once the cart is emptied. Made available since v1.0.0 **Usage** ```php theme={"system"} add_action( 'cocart_cart_emptied', function() { // Your code here }); ``` [Search `cocart_cart_emptied` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_emptied\&type=code) *** ### `cocart_cart_cleared` Triggers once the cart is cleared. Made available since v1.0.0 **Usage** ```php theme={"system"} add_action( 'cocart_cart_cleared', function() { // Your code here }); ``` [Search `cocart_cart_cleared` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_cleared\&type=code) *** ### `cocart_get_cart` Fires when the cart is retrieved. Made available since v2.0.0 **Parameters** Cart contents. **Usage** ```php theme={"system"} add_action( 'cocart_get_cart', function() { // Your code here }, 10 ); ``` [Search `cocart_get_cart` in repository](https://github.com/co-cart/co-cart/search?q=cocart_get_cart\&type=code) *** ## Extensions ### `cocart_register_extension_callback` Fires when an extension callback is registered. Made available since v3.1.0 **Parameters** Instance of the CoCart\_Cart\_Extension class which exposes the CoCart\_Cart\_Extension::register() method. **Usage** ```php theme={"system"} add_action( 'cocart_register_extension_callback', function() { // Your code here }, 10 ); ``` [Search `cocart_register_extension_callback` in repository](https://github.com/co-cart/co-cart/search?q=cocart_register_extension_callback\&type=code) *** ## Product Reviews ### `cocart_insert_product_review` Fires after a comment is created via the REST API. Made available since v2.0.0 **Parameters** Inserted comment object. The request object. True when creating a comment, false when updating. **Usage** ```php theme={"system"} add_action( 'cocart_insert_product_review', function() { // Your code here }, 10 ); ``` [Search `cocart_insert_product_review` in repository](https://github.com/co-cart/co-cart/search?q=cocart_insert_product_review\&type=code) *** ## Deprecated ### `cocart_update_cart_before_totals` **Deprecated:** 4.1.0 Replaced with `cocart_update_cart_before_totals` hook. Fires after the cart has updated via a callback. Made available since v3.1.0 **Usage** ```php theme={"system"} add_action( 'cocart_update_cart_before_totals', function() { // Your code here }); ``` [Search `cocart_update_cart_before_totals` in repository](https://github.com/co-cart/co-cart/search?q=cocart_update_cart_before_totals\&type=code) *** # Contributing to CoCart Source: https://docs.cocartapi.com/documentation/developers/contributing See the many ways you can contribute to CoCart There are many ways you can contribute to make CoCart better: ## Ways to Contribute Help improve our documentation by fixing errors, adding examples, or writing tutorials Submit fixes, improvements, and enhancements to the CoCart codebase Translate CoCart into your language Help other users by answering questions in our Discord community Test open issues, pull requests, or beta versions and share your findings Report bugs and issues you encounter **Contributing to Documentation?** We have a dedicated guide for documentation contributions. See [Contributing to Documentation](/documentation/contributing-to-docs) for detailed instructions on how to improve our docs. ## Contributing Code If you wish to contribute code to CoCart, please read the information in the sections below. Then [fork](https://help.github.com/articles/fork-a-repo/) the CoCart repository, commit your changes, and [submit a pull request](https://help.github.com/articles/using-pull-requests/). ### License CoCart Core is licensed under the GPLv3+, and all contributions to the project will be released under the same license. You maintain copyright over any contribution you make, and by submitting a pull request, you are agreeing to release that contribution under the GPLv3+ license. ### Getting Help If you have questions about the process to contribute code or want to discuss details of your contribution, you can ask in the #support channel in the [CoCart community Discord](https://cocartapi.com/community/?ref=mintlify) server. ## Getting Started with Development ### Prerequisites Before you begin contributing code: 1. [Setup LocalWP](https://localwp.com/releases/) and create a new WordPress site 2. Install WooCommerce and configure it with: * Dummy products (WooCommerce provides sample data) * Shipping methods * Tax settings 3. Install CoCart and start experimenting with the API ## Coding Guidelines and Development 1. Ensure you stick to the [WordPress Coding Standards](https://make.wordpress.org/core/handbook/best-practices/coding-standards/php/) 2. Ensure you use **LF** line endings in your code editor. Use [EditorConfig](http://editorconfig.org/) if your editor supports it so that indentation, line endings and other settings are auto configured. ### Creating Branches Branch names should go by the following structure (anything in `{}` brackets is a placeholder). **short-slug** should be replaced with a short name that best describes the changes, do ask for confirmation if needed. * `refactor/{short-slug}` for refactors. * `test/{short-slug}` for changes that are only test updates or additions. * `fix/{short-slug}` for changes that fix a bug. Provide the issue number the fix is for and include that in the branch name. * `add/{short-slug}` for changes that are adding a new feature. ### Commits 1. Make sure each commit addresses an atomic unit of work that independently works. 2. Make sure the commit message has a subject line which includes a brief description of the change and (if needed), why it was necessary. Write the subject in the imperative, start with a verb, and do not end with a period. The subject line should be **no longer than 50 characters**. 3. There must be an empty line between the subject line and the rest of the commit message (if any). The commit body should be **no longer than 72 characters**. 4. The commit message should explain what caused the problem and what its consequences are (if helpful for understanding the changes). 5. The commit message should explain how the changes achieve the goal, but only if it isn't obvious. See [this post](https://chris.beams.io/posts/git-commit/) for more on this and follow all the applicable sections of the pull request template. Please avoid modifying the changelog directly or updating the .pot files. These will be updated by the CoCart team. ## Translating CoCart It is recommended to translate CoCart via the [translate.cocartapi.com](https://translate.cocartapi.com/?ref=mintlify). You can join and help by translating there. If any of the CoCart plugins are already **100% translated** for your language, join anyway! The language files are regularly updated with new strings that need translation and will likely be added soon. ## String localization guidelines 1. Use the plugins textdomain in all strings. 2. When using dynamic strings in `printf/sprintf`, if you are replacing more than 1 string, use numbered args. e.g. `Test %s string %s.` would be `Test %1$s string %2$s.` 3. Use sentence case. e.g. `Some Thing` should be `Some thing`. 4. Avoid HTML. If needed, insert the HTML using `sprintf`. For more information, see WP core document [i18n for WordPress Developers](https://codex.wordpress.org/I18n_for_WordPress_Developers). # Filters available in the core of CoCart Source: https://docs.cocartapi.com/documentation/developers/filters These filters let you control how CoCart operates for your store # Authentication & Security This category contains filters for managing authentication, security headers, CORS settings, and access permissions. `cocart_allow_origin` Filter allows you to change the allowed HTTP origin result. Made available since v2.5.1 **Parameters** Origin URL if allowed, empty string if not. **Usage** ```php theme={"system"} add_filter( 'cocart_allow_origin', function() { // Your code here }, 10 ); ``` [Search `cocart_allow_origin` in repository](https://github.com/co-cart/co-cart/search?q=cocart_allow_origin\&type=code) *** `cocart_auth_header` Filter allows you to change the authorization header. Made available since v4.1.0 **Parameters** Authorization header. **Usage** ```php theme={"system"} add_filter( 'cocart_auth_header', function() { // Your code here }, 10 ); ``` [Search `cocart_auth_header` in repository](https://github.com/co-cart/co-cart/search?q=cocart_auth_header\&type=code) *** `cocart_disable_all_cors` Modifies if the "Cross Origin Headers" are allowed. Set as false to enable support. Made available since v2.2.0 **Usage** ```php theme={"system"} add_filter( 'cocart_disable_all_cors', function() { // Your code here }); ``` [Search `cocart_disable_all_cors` in repository](https://github.com/co-cart/co-cart/search?q=cocart_disable_all_cors\&type=code) *** `cocart_install_capability` Filter the current users capabilities to install a CoCart plugin. Made available since v4.1.0 **Parameters** Capability level. **Usage** ```php theme={"system"} add_filter( 'cocart_install_capability', function() { // Your code here }, 10 ); ``` [Search `cocart_install_capability` in repository](https://github.com/co-cart/co-cart/search?q=cocart_install_capability\&type=code) *** `cocart_login_extras` Filter allows you to add extra information based on the current user. Made available since v3.8.1 **Parameters** The extra information. The current user. **Usage** ```php theme={"system"} add_filter( 'cocart_login_extras', function() { // Your code here }, 10 ); ``` [Search `cocart_login_extras` in repository](https://github.com/co-cart/co-cart/search?q=cocart_login_extras\&type=code) *** `cocart_send_nocache_headers` Send nocache headers on authenticated requests. Made available since v4.2.0 **Deprecated:** 4.3.11 No longer used. See `cocart_send_cache_control_patterns` filter instead to control which routes are not cached. **Parameters** Whether to send no-cache headers. **Usage** ```php theme={"system"} add_filter( 'cocart_send_nocache_headers', function() { // Your code here }, 10 ); ``` [Search `cocart_send_nocache_headers` in repository](https://github.com/co-cart/co-cart/search?q=cocart_send_nocache_headers\&type=code) *** # Cart Management & State This category contains filters for managing cart state, expiration, merging, and overall cart behavior. `cocart_cart_cleared_message` Filters message about the cart being cleared. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_cart_cleared_message', function() { // Your code here }, 10 ); ``` [Search `cocart_cart_cleared_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_cleared_message\&type=code) *** `cocart_cart_contents` Filter allows additional data to be returned for a specific item in cart. Made available since v2.0.0 **Parameters** Cart contents. Item key. Cart item. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_cart_contents', function() { // Your code here }, 10 ); ``` [Search `cocart_cart_contents` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_contents\&type=code) *** `cocart_cart_expiration` Filter allows you to change the amount of time before the cart has expired. Default is `(DAY_IN_SECONDS * 2)` = 2 Days - Previously 7 days. Made available since v2.1.0 **Parameters** Expiration. If user is logged in. **@since v4.4.0** **Usage** ```php theme={"system"} add_filter( 'cocart_cart_expiration', function( $expiration, $is_user_logged_in ) { // Extend cart expiration for logged-in users to 14 days. if ( $is_user_logged_in ) { return WEEK_IN_SECONDS * 2; } // Fallback to 2 days for guest users. return $expiration; }, 10, 2 ); ``` [Search `cocart_cart_expiration` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_expiration\&type=code) *** `cocart_cart_expiring` Filter allows you to change the amount of time before the cart starts to expire. Default is \`\`\`(DAY\_IN\_SECONDS \* 6)\`\` = 6 Days Made available since v2.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_cart_expiring', function() { // Your code here }); ``` [Search `cocart_cart_expiring` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_expiring\&type=code) *** `cocart_cart_items` Filter allows additional data to be returned for a specific item in cart. Made available since v2.1.0 **Parameters** Array of items in the cart. The item key currently looped. The cart item data. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_cart_items', function() { // Your code here }, 10 ); ``` [Search `cocart_cart_items` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_items\&type=code) *** `cocart_cart_source` Filter source of cart. Made available since v3.0.0 **Usage** ```php theme={"system"} add_filter( 'cocart_cart_source', function() { // Your code here }); ``` [Search `cocart_cart_source` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_source\&type=code) *** `cocart_clear_cart_failed_message` Filters message about the cart failing to clear. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_clear_cart_failed_message', function() { // Your code here }, 10 ); ``` [Search `cocart_clear_cart_failed_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_clear_cart_failed_message\&type=code) *** `cocart_cross_sells` Filters the cross sell items. Made available since v3.0.0 **Parameters** The request object. **Usage** ```php theme={"system"} add_filter( 'cocart_cross_sells', function() { // Your code here }, 10 ); ``` [Search `cocart_cross_sells` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cross_sells\&type=code) *** `cocart_empty_cart` Filter response for empty cart. Made available since v3.0.0 **Usage** ```php theme={"system"} add_filter( 'cocart_empty_cart', function() { // Your code here }); ``` [Search `cocart_empty_cart` in repository](https://github.com/co-cart/co-cart/search?q=cocart_empty_cart\&type=code) *** `cocart_filter_request_data` Filters additional requested data. Made available since v3.0.0 **Usage** ```php theme={"system"} add_filter( 'cocart_filter_request_data', function() { // Your code here }); ``` [Search `cocart_filter_request_data` in repository](https://github.com/co-cart/co-cart/search?q=cocart_filter_request_data\&type=code) *** `cocart_get_cart_item` Filters the cart item before it is returned. Made available since v3.0.0 **Parameters** Details of the item in the cart if it exists. Condition of item. Default: "add", Option: "add", "remove", "restore", "update". **Usage** ```php theme={"system"} add_filter( 'cocart_get_cart_item', function() { // Your code here }, 10 ); ``` [Search `cocart_get_cart_item` in repository](https://github.com/co-cart/co-cart/search?q=cocart_get_cart_item\&type=code) *** `cocart_merge_cart_content` Filter allows you to adjust the merged cart contents. Made available since v2.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_merge_cart_content', function() { // Your code here }); ``` [Search `cocart_merge_cart_content` in repository](https://github.com/co-cart/co-cart/search?q=cocart_merge_cart_content\&type=code) *** `cocart_return_cart_contents` Return cart content from session if set. Made available since v2.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_return_cart_contents', function() { // Your code here }); ``` [Search `cocart_return_cart_contents` in repository](https://github.com/co-cart/co-cart/search?q=cocart_return_cart_contents\&type=code) *** `cocart_return_cart_session_contents` Return cart content from session if set. Made available since v2.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_return_cart_session_contents', function() { // Your code here }); ``` [Search `cocart_return_cart_session_contents` in repository](https://github.com/co-cart/co-cart/search?q=cocart_return_cart_session_contents\&type=code) *** `cocart_return_empty_cart` Filter response for empty cart. Made available since v2.0.8 **Usage** ```php theme={"system"} add_filter( 'cocart_return_empty_cart', function() { // Your code here }); ``` [Search `cocart_return_empty_cart` in repository](https://github.com/co-cart/co-cart/search?q=cocart_return_empty_cart\&type=code) *** # Cart Items & Operations This category contains filters for cart item data, operations like adding/removing items, and item-specific messages. `cocart_can_not_remove_item_message` Filters message about can not remove item. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_can_not_remove_item_message', function() { // Your code here }, 10 ); ``` [Search `cocart_can_not_remove_item_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_can_not_remove_item_message\&type=code) *** `cocart_can_not_restore_item_message` Filters message about can not restore item. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_can_not_restore_item_message', function() { // Your code here }, 10 ); ``` [Search `cocart_can_not_restore_item_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_can_not_restore_item_message\&type=code) *** `cocart_cart_item_data` Filter allows you to alter the remaining cart item data. Made available since v3.0.0 **Parameters** The cart item data. Generated ID based on the product information when added to the cart. **Usage** ```php theme={"system"} add_filter( 'cocart_cart_item_data', function() { // Your code here }, 10 ); ``` [Search `cocart_cart_item_data` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_item_data\&type=code) *** `cocart_cart_item_key_required_message` Filters message about cart item key required. Made available since v2.1.0 **Parameters** Message. Status of which we are checking the item key. **Usage** ```php theme={"system"} add_filter( 'cocart_cart_item_key_required_message', function() { // Your code here }, 10 ); ``` [Search `cocart_cart_item_key_required_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_item_key_required_message\&type=code) *** `cocart_cart_item_name` Filter allows the product name of the item to change. Made available since v3.0.0 **Parameters** Product name. The product object. The cart item data. The item key generated based on the details of the item. **Usage** ```php theme={"system"} add_filter( 'cocart_cart_item_name', function() { // Your code here }, 10 ); ``` [Search `cocart_cart_item_name` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_item_name\&type=code) *** `cocart_cart_item_removed_message` Filter message about item removed from the cart. Made available since v2.1.0 **Parameters** Message. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_cart_item_removed_message', function() { // Your code here }, 10 ); ``` [Search `cocart_cart_item_removed_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_item_removed_message\&type=code) *** `cocart_cart_item_restored_message` Filters message about item restored. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_cart_item_restored_message', function() { // Your code here }, 10 ); ``` [Search `cocart_cart_item_restored_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_item_restored_message\&type=code) *** `cocart_cart_item_restored_title` Re-calculate totals now an item has been restored. Made available since v2.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_cart_item_restored_title', function() { // Your code here }); ``` [Search `cocart_cart_item_restored_title` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_item_restored_title\&type=code) *** `cocart_cart_item_title` Filter allows the product title of the item to change. Made available since v3.0.0 **Parameters** Product title. The product object. The cart item data. The item key generated based on the details of the item. **Usage** ```php theme={"system"} add_filter( 'cocart_cart_item_title', function() { // Your code here }, 10 ); ``` [Search `cocart_cart_item_title` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_item_title\&type=code) *** `cocart_item_added` Filter allows additional data to be returned. Made available since v2.0.0 **Parameters** Item added to cart. Item key of the item added. **Usage** ```php theme={"system"} add_filter( 'cocart_item_added', function() { // Your code here }, 10 ); ``` [Search `cocart_item_added` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_added\&type=code) *** `cocart_item_product` Filter allows you to alter the item product data returned. Made available since v2.0.0 **Parameters** The product object. The cart item data. The item key currently looped. **Usage** ```php theme={"system"} add_filter( 'cocart_item_product', function() { // Your code here }, 10 ); ``` [Search `cocart_item_product` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_product\&type=code) *** `cocart_item_removed_message` Filters message about item removed from cart. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_item_removed_message', function() { // Your code here }, 10 ); ``` [Search `cocart_item_removed_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_removed_message\&type=code) *** `cocart_item_restored_message` Filters message about item already restored to cart. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_item_restored_message', function() { // Your code here }, 10 ); ``` [Search `cocart_item_restored_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_restored_message\&type=code) *** `cocart_item_thumbnail` Filters the item thumbnail ID. Made available since v2.0.0 **Parameters** Product thumbnail ID. Cart item. Item key. **Usage** ```php theme={"system"} add_filter( 'cocart_item_thumbnail', function() { // Your code here }, 10 ); ``` [Search `cocart_item_thumbnail` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_thumbnail\&type=code) *** `cocart_item_thumbnail_size` Filters the thumbnail size of the product image. Made available since v2.0.0 **Parameters** Determines if the item in the cart is removed. **Usage** ```php theme={"system"} add_filter( 'cocart_item_thumbnail_size', function() { // Your code here }, 10 ); ``` [Search `cocart_item_thumbnail_size` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_thumbnail_size\&type=code) *** `cocart_item_thumbnail_src` Filters the source of the product thumbnail. Made available since v2.1.0 **Parameters** URL of the product thumbnail. Cart item. Item key. **Usage** ```php theme={"system"} add_filter( 'cocart_item_thumbnail_src', function() { // Your code here }, 10 ); ``` [Search `cocart_item_thumbnail_src` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_thumbnail_src\&type=code) *** `cocart_update_cart_validation` Filter allows you to determine if the updated item in cart passed validation. Made available since v2.1.0 **Parameters** True by default. Item key. Product data of the item in cart. The requested quantity to change to. **Usage** ```php theme={"system"} add_filter( 'cocart_update_cart_validation', function() { // Your code here }, 10 ); ``` [Search `cocart_update_cart_validation` in repository](https://github.com/co-cart/co-cart/search?q=cocart_update_cart_validation\&type=code) *** `cocart_update_item` Filters the update status. Made available since v2.0.1 **Parameters** Status response. Cart item. Quantity. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_update_item', function() { // Your code here }, 10 ); ``` [Search `cocart_update_item` in repository](https://github.com/co-cart/co-cart/search?q=cocart_update_item\&type=code) *** # Product Validation & Messages This category contains filters for product validation, stock checking, quantity limits, and related error messages. `cocart_add_to_cart_quantity` Filters the quantity for specified products. Made available since v2.1.0 **Parameters** The original quantity of the item. The product ID. The variation ID. The variation data. The cart item data. **Usage** ```php theme={"system"} add_filter( 'cocart_add_to_cart_quantity', function() { // Your code here }, 10 ); ``` [Search `cocart_add_to_cart_quantity` in repository](https://github.com/co-cart/co-cart/search?q=cocart_add_to_cart_quantity\&type=code) *** `cocart_add_to_cart_sold_individually_found_in_cart` Quantity for sold individual products can be filtered. Made available since v2.0.13 **Usage** ```php theme={"system"} add_filter( 'cocart_add_to_cart_sold_individually_found_in_cart', function() { // Your code here }); ``` [Search `cocart_add_to_cart_sold_individually_found_in_cart` in repository](https://github.com/co-cart/co-cart/search?q=cocart_add_to_cart_sold_individually_found_in_cart\&type=code) *** `cocart_add_to_cart_sold_individually_quantity` Quantity for sold individual products can be filtered. Made available since v2.0.13 **Usage** ```php theme={"system"} add_filter( 'cocart_add_to_cart_sold_individually_quantity', function() { // Your code here }); ``` [Search `cocart_add_to_cart_sold_individually_quantity` in repository](https://github.com/co-cart/co-cart/search?q=cocart_add_to_cart_sold_individually_quantity\&type=code) *** `cocart_can_not_increase_quantity_message` Filters message about product not being allowed to increase quantity. Made available since v1.0.0 **Parameters** Message. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_can_not_increase_quantity_message', function() { // Your code here }, 10 ); ``` [Search `cocart_can_not_increase_quantity_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_can_not_increase_quantity_message\&type=code) *** `cocart_can_not_update_item_message` Filters message about can not update item. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_can_not_update_item_message', function() { // Your code here }, 10 ); ``` [Search `cocart_can_not_update_item_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_can_not_update_item_message\&type=code) *** `cocart_cannot_add_product_type_to_cart_message` Filters message about product type that cannot be added to the cart. Made available since v2.1.0 **Parameters** Message. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_cannot_add_product_type_to_cart_message', function() { // Your code here }, 10 ); ``` [Search `cocart_cannot_add_product_type_to_cart_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cannot_add_product_type_to_cart_message\&type=code) *** `cocart_cart_item_required_stock_is_not_enough` Allows filter if product have enough stock to get added to the cart. Made available since v2.1.0 **Parameters** If have enough stock. The product object. Cart item values. **Usage** ```php theme={"system"} add_filter( 'cocart_cart_item_required_stock_is_not_enough', function() { // Your code here }, 10 ); ``` [Search `cocart_cart_item_required_stock_is_not_enough` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_item_required_stock_is_not_enough\&type=code) *** `cocart_invalid_variation_data_message` Filters message about invalid variation data. Made available since v2.1.0 **Parameters** Message. Attribute Label. Allowed values. **Usage** ```php theme={"system"} add_filter( 'cocart_invalid_variation_data_message', function() { // Your code here }, 10 ); ``` [Search `cocart_invalid_variation_data_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_invalid_variation_data_message\&type=code) *** `cocart_missing_variation_data_message` Filters message about missing variation data. Made available since v2.1.0 **Parameters** Message. Number of missing attributes. List of missing attributes. **Usage** ```php theme={"system"} add_filter( 'cocart_missing_variation_data_message', function() { // Your code here }, 10 ); ``` [Search `cocart_missing_variation_data_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_missing_variation_data_message\&type=code) *** `cocart_product_can_not_add_another_message` Filters message about product not being allowed to add another. Made available since v3.0.0 **Parameters** Message. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_product_can_not_add_another_message', function() { // Your code here }, 10 ); ``` [Search `cocart_product_can_not_add_another_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_product_can_not_add_another_message\&type=code) *** `cocart_product_cannot_add_to_cart_message` Filters message about product cannot be added to cart. Made available since v2.1.0 **Parameters** Message. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_product_cannot_add_to_cart_message', function() { // Your code here }, 10 ); ``` [Search `cocart_product_cannot_add_to_cart_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_product_cannot_add_to_cart_message\&type=code) *** `cocart_product_cannot_be_added_message` Filters message about product that cannot be added to cart. Made available since v3.0.0 **Parameters** Message. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_product_cannot_be_added_message', function() { // Your code here }, 10 ); ``` [Search `cocart_product_cannot_be_added_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_product_cannot_be_added_message\&type=code) *** `cocart_product_cannot_be_purchased_message` Filters message about product unable to be purchased. Made available since v2.1.0 **Parameters** Message. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_product_cannot_be_purchased_message', function() { // Your code here }, 10 ); ``` [Search `cocart_product_cannot_be_purchased_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_product_cannot_be_purchased_message\&type=code) *** `cocart_product_does_not_exist_message` Filters message about product does not exist. Made available since v2.1.0 **Parameters** Message. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_product_does_not_exist_message', function() { // Your code here }, 10 ); ``` [Search `cocart_product_does_not_exist_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_product_does_not_exist_message\&type=code) *** `cocart_product_failed_validation_message` Filters message about product failing validation. Made available since v1.0.0 **Parameters** Message. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_product_failed_validation_message', function() { // Your code here }, 10 ); ``` [Search `cocart_product_failed_validation_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_product_failed_validation_message\&type=code) *** `cocart_product_is_out_of_stock_message` Filters message about product is out of stock. Made available since v2.1.0 **Parameters** Message. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_product_is_out_of_stock_message', function() { // Your code here }, 10 ); ``` [Search `cocart_product_is_out_of_stock_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_product_is_out_of_stock_message\&type=code) *** `cocart_product_not_enough_stock_message` Filters message about product not having enough stock. Made available since v3.1.0 **Parameters** Message. The product object. Quantity remaining. **Usage** ```php theme={"system"} add_filter( 'cocart_product_not_enough_stock_message', function() { // Your code here }, 10 ); ``` [Search `cocart_product_not_enough_stock_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_product_not_enough_stock_message\&type=code) *** `cocart_quantity_maximum_allowed` Filters the products maximum quantity allowed to be purchased. Made available since v3.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_quantity_maximum_allowed', function() { // Your code here }); ``` [Search `cocart_quantity_maximum_allowed` in repository](https://github.com/co-cart/co-cart/search?q=cocart_quantity_maximum_allowed\&type=code) *** `cocart_quantity_minimum_requirement` Filters the minimum quantity requirement the product allows to be purchased. Made available since v3.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_quantity_minimum_requirement', function() { // Your code here }); ``` [Search `cocart_quantity_minimum_requirement` in repository](https://github.com/co-cart/co-cart/search?q=cocart_quantity_minimum_requirement\&type=code) *** `cocart_skip_woocommerce_item_validation` Filter the item to skip product validation as it is added to cart. Made available since v3.0.0 **Parameters** Whether to validate the product or not. Contains the product data of the product to add to cart. The product ID. **Usage** ```php theme={"system"} add_filter( 'cocart_skip_woocommerce_item_validation', function() { // Your code here }, 10 ); ``` [Search `cocart_skip_woocommerce_item_validation` in repository](https://github.com/co-cart/co-cart/search?q=cocart_skip_woocommerce_item_validation\&type=code) *** # Session & Customer Management This category contains filters for session handling, customer data, and cart loading behavior. `cocart_disable_load_cart` Filter checks if **Load Cart** feature is disabled. Made available since v3.0.0 **Returns**: `bool` **Usage** ```php theme={"system"} add_filter( 'cocart_disable_load_cart', function() { // Your code here }); ``` [Search `cocart_disable_load_cart` in repository](https://github.com/co-cart/co-cart/search?q=cocart_disable_load_cart\&type=code) *** `cocart_load_cart_query_name` Filter allows developers to add more white labelling when loading the cart via web. Made available since v2.8.2 **Parameters** Default is 'cocart-load-cart'. **Usage** ```php theme={"system"} add_filter( 'cocart_load_cart_query_name', function() { // Your code here }, 10 ); ``` [Search `cocart_load_cart_query_name` in repository](https://github.com/co-cart/co-cart/search?q=cocart_load_cart_query_name\&type=code) *** `cocart_requested_cart_key` Filter allows the cart key to be overridden. Developer Note: Really only here so I don't have to create a new session handler to inject a customer ID with the POS Support Add-on. Made available since v4.2.0 **Usage** ```php theme={"system"} add_filter( 'cocart_requested_cart_key', function() { // Your code here }); ``` [Search `cocart_requested_cart_key` in repository](https://github.com/co-cart/co-cart/search?q=cocart_requested_cart_key\&type=code) *** `cocart_set_customer_id` Filter allows to set the customer ID. Made available since v4.1.0 **Parameters** Current user ID. **Usage** ```php theme={"system"} add_filter( 'cocart_set_customer_id', function() { // Your code here }, 10 ); ``` [Search `cocart_set_customer_id` in repository](https://github.com/co-cart/co-cart/search?q=cocart_set_customer_id\&type=code) *** # Product Data & Display This category contains filters for product information display, pricing, metadata, and attributes. `cocart_prepare_money_disable_decimals` This filter allows you to disable the decimals. If set to "True" the decimals will be set to "Zero". Made available since v2.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_prepare_money_disable_decimals', function() { // Your code here }); ``` [Search `cocart_prepare_money_disable_decimals` in repository](https://github.com/co-cart/co-cart/search?q=cocart_prepare_money_disable_decimals\&type=code) *** `cocart_prepare_product_attribute` Filter a attribute item returned from the API. Allows modification of the product attribute data right before it is returned. Made available since v2.1.0 **Parameters** The response object. The original attribute object. The request object. **Usage** ```php theme={"system"} add_filter( 'cocart_prepare_product_attribute', function() { // Your code here }, 10 ); ``` [Search `cocart_prepare_product_attribute` in repository](https://github.com/co-cart/co-cart/search?q=cocart_prepare_product_attribute\&type=code) *** `cocart_prepare_product_object` Filter the data for a response. Made available since v2.1.0 **Parameters** The response object. The product object. The request object. **Usage** ```php theme={"system"} add_filter( 'cocart_prepare_product_object', function() { // Your code here }, 10 ); ``` [Search `cocart_prepare_product_object` in repository](https://github.com/co-cart/co-cart/search?q=cocart_prepare_product_object\&type=code) *** `cocart_price_no_html` Filters the string of price markup. Made available since v2.1.0 **Parameters** Price HTML markup. Formatted price. Pass on the args. Price as float to allow plugins custom formatting. Since 3.2.0. Original price as float, or empty string. Since 5.0.0. **Usage** ```php theme={"system"} add_filter( 'cocart_price_no_html', function() { // Your code here }, 10 ); ``` [Search `cocart_price_no_html` in repository](https://github.com/co-cart/co-cart/search?q=cocart_price_no_html\&type=code) *** `cocart_product_title` Filters the product title in cart. Made available since v2.1.0 **Parameters** Product title. The product object. Cart item. Item key. **Usage** ```php theme={"system"} add_filter( 'cocart_product_title', function() { // Your code here }, 10 ); ``` [Search `cocart_product_title` in repository](https://github.com/co-cart/co-cart/search?q=cocart_product_title\&type=code) *** `cocart_products_add_to_cart_rest_url` Filters the REST URL shortcut for adding the product to cart. Made available since v3.1.0 **Parameters** REST URL for adding product to the cart. The product object. Product type. Product ID. **Usage** ```php theme={"system"} add_filter( 'cocart_products_add_to_cart_rest_url', function() { // Your code here }, 10 ); ``` [Search `cocart_products_add_to_cart_rest_url` in repository](https://github.com/co-cart/co-cart/search?q=cocart_products_add_to_cart_rest_url\&type=code) *** `cocart_products_get_price_range` Filters the products price range. Made available since v3.1.0 **Parameters** The current product price range. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_products_get_price_range', function() { // Your code here }, 10 ); ``` [Search `cocart_products_get_price_range` in repository](https://github.com/co-cart/co-cart/search?q=cocart_products_get_price_range\&type=code) *** `cocart_products_get_safe_meta_data` Filter allows you to control what remaining product meta data is safe to return. Made available since v3.11.0 **Parameters** Safe meta. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_products_get_safe_meta_data', function() { // Your code here }, 10 ); ``` [Search `cocart_products_get_safe_meta_data` in repository](https://github.com/co-cart/co-cart/search?q=cocart_products_get_safe_meta_data\&type=code) *** `cocart_products_ignore_private_meta_keys` Filter allows you to ignore private meta data for the product to return. When filtering, only list the meta key! Made available since v3.11.0 **Parameters** Ignored meta keys. The product object. **Usage** ```php theme={"system"} add_filter( 'cocart_products_ignore_private_meta_keys', function() { // Your code here }, 10 ); ``` [Search `cocart_products_ignore_private_meta_keys` in repository](https://github.com/co-cart/co-cart/search?q=cocart_products_ignore_private_meta_keys\&type=code) *** `cocart_products_variable_empty_price` Filter the variable products empty prices. Made available since v3.1.0 **Parameters** Empty array. The project object. **Usage** ```php theme={"system"} add_filter( 'cocart_products_variable_empty_price', function() { // Your code here }, 10 ); ``` [Search `cocart_products_variable_empty_price` in repository](https://github.com/co-cart/co-cart/search?q=cocart_products_variable_empty_price\&type=code) *** # System Environment & Status This category contains filters for system environment detection, staging sites, and general status information. `cocart_does_product_allow_price_change` Filter which products that can be allowed to override the price if not all. Made available since v4.1.0 **Parameters** Allow price change. Cart item. The request object. **Usage** ```php theme={"system"} add_filter( 'cocart_does_product_allow_price_change', function() { // Your code here }, 10 ); ``` [Search `cocart_does_product_allow_price_change` in repository](https://github.com/co-cart/co-cart/search?q=cocart_does_product_allow_price_change\&type=code) *** `cocart_is_rest_api_request` Filters the REST API requested. Made available since v2.1.0 **Parameters** True if CoCart REST API is requested. **Usage** ```php theme={"system"} add_filter( 'cocart_is_rest_api_request', function() { // Your code here }, 10 ); ``` [Search `cocart_is_rest_api_request` in repository](https://github.com/co-cart/co-cart/search?q=cocart_is_rest_api_request\&type=code) *** `cocart_return_default_response` **See Also:** * `cocart_{$endpoint}_response` Filter decides if the responses return as default or use the modified response which is filtered by the rest base. Made available since v3.0.0 **Usage** ```php theme={"system"} add_filter( 'cocart_return_default_response', function() { // Your code here }); ``` [Search `cocart_return_default_response` in repository](https://github.com/co-cart/co-cart/search?q=cocart_return_default_response\&type=code) *** `cocart_totals_calculated_message` Filters message about cart totals have been calculated. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_totals_calculated_message', function() { // Your code here }, 10 ); ``` [Search `cocart_totals_calculated_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_totals_calculated_message\&type=code) *** # Admin & Plugin Management This category contains filters for plugin administration, updates, submenus, and overall plugin configuration. `cocart_enable_setup_wizard` See if we need the setup wizard or not. Made available since v3.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_enable_setup_wizard', function() { // Your code here }); ``` [Search `cocart_enable_setup_wizard` in repository](https://github.com/co-cart/co-cart/search?q=cocart_enable_setup_wizard\&type=code) *** `cocart_get_plugins_for_cocart` Filter allows you to get plugins which "maybe" are for CoCart. Made available since v4.3.0 **Parameters** Array of plugins that "maybe" are for CoCart. Array of plugins installed. **Usage** ```php theme={"system"} add_filter( 'cocart_get_plugins_for_cocart', function() { // Your code here }, 10 ); ``` [Search `cocart_get_plugins_for_cocart` in repository](https://github.com/co-cart/co-cart/search?q=cocart_get_plugins_for_cocart\&type=code) *** `cocart_get_plugins_with_header` Filter allows you to get the plugins that have a valid value for a specific header. Made available since v4.3.0 **Parameters** Array of plugins matched with header. Plugin header to search for. Array of plugins installed. **Usage** ```php theme={"system"} add_filter( 'cocart_get_plugins_with_header', function() { // Your code here }, 10 ); ``` [Search `cocart_get_plugins_with_header` in repository](https://github.com/co-cart/co-cart/search?q=cocart_get_plugins_with_header\&type=code) *** `cocart_in_plugin_update_message` Filter allows you to change the upgrade notice. Made available since v4.3.0 **Usage** ```php theme={"system"} add_filter( 'cocart_in_plugin_update_message', function() { // Your code here }); ``` [Search `cocart_in_plugin_update_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_in_plugin_update_message\&type=code) *** `cocart_register_submenu_page` Hook to register submenu\_pages class handlers The array element should be 'submenu\_page\_slug' => array( 'class\_name' => array(), 'data' => array() ) Made available since v3.10.0 **Parameters** Array of submenu pages. **Usage** ```php theme={"system"} add_filter( 'cocart_register_submenu_page', function() { // Your code here }, 10 ); ``` [Search `cocart_register_submenu_page` in repository](https://github.com/co-cart/co-cart/search?q=cocart_register_submenu_page\&type=code) *** `cocart_show_plugin_search` Filter if **CoCart Plugin Suggestions** should be active. Made available since v4.1.0 **Parameters** True if CoCart Plugin Suggestions is active. **Usage** ```php theme={"system"} add_filter( 'cocart_show_plugin_search', function() { return false; }); ``` [Search `cocart_show_plugin_search` in repository](https://github.com/co-cart/co-cart/search?q=cocart_show_plugin_search\&type=code) *** # API Schema & Parameters This category contains filters that control API schema definitions, query parameters, and how data is structured in API responses. `cocart_add_item_query_parameters` Filters the query parameters for adding item to cart. This filter allows you to extend the query parameters without removing any default parameters. Made available since v3.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_add_item_query_parameters', function() { // Your code here }); ``` [Search `cocart_add_item_query_parameters` in repository](https://github.com/co-cart/co-cart/search?q=cocart_add_item_query_parameters\&type=code) *** `cocart_add_items_query_parameters` Extends the query parameters. Dev Note: Nothing needs to pass so your safe if you think you will remove any default parameters. Made available since v3.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_add_items_query_parameters', function() { // Your code here }); ``` [Search `cocart_add_items_query_parameters` in repository](https://github.com/co-cart/co-cart/search?q=cocart_add_items_query_parameters\&type=code) *** `cocart_cart_items_schema` Extend the cart schema properties for items. This filter allows you to extend the cart schema properties for items without removing any default properties. Made available since v3.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_cart_items_schema', function() { // Your code here }); ``` [Search `cocart_cart_items_schema` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_items_schema\&type=code) *** `cocart_cart_query_parameters` Extend the query parameters for the cart. This filter allows you to extend the query parameters without removing any default parameters. Made available since v3.1.0 **Usage** ```php theme={"system"} add_filter( 'cocart_cart_query_parameters', function() { // Your code here }); ``` [Search `cocart_cart_query_parameters` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_query_parameters\&type=code) *** `cocart_prevent_wc_admin_note_created` Filter to prevent note from being created. Made available since v3.2.0 **Parameters** False by default. Arguments to create the note. **Usage** ```php theme={"system"} add_filter( 'cocart_prevent_wc_admin_note_created', function() { // Your code here }, 10 ); ``` [Search `cocart_prevent_wc_admin_note_created` in repository](https://github.com/co-cart/co-cart/search?q=cocart_prevent_wc_admin_note_created\&type=code) *** `cocart_store_index` Filters the API store index data. This contains the data describing the API. This includes information about the store, routes available on the API, and a small amount of data about the site. Made available since v2.1.0 **Parameters** Response data. **Usage** ```php theme={"system"} add_filter( 'cocart_store_index', function() { // Your code here }, 10 ); ``` [Search `cocart_store_index` in repository](https://github.com/co-cart/co-cart/search?q=cocart_store_index\&type=code) *** # Product Reviews This category contains filters for managing product reviews, their processing, and related queries. `cocart_pre_insert_product_review` Filters a review before it is inserted via the REST API. Allows modification of the review right before it is inserted via `wp_insert_comment()`. Returning a *WP\_Error* value from the filter will short circuit insertion and allow skipping further processing. Made available since v2.1.0 **Parameters** The prepared review data for `wp_insert_comment()`. Full details about the request. **Usage** ```php theme={"system"} add_filter( 'cocart_pre_insert_product_review', function() { // Your code here }, 10 ); ``` [Search `cocart_pre_insert_product_review` in repository](https://github.com/co-cart/co-cart/search?q=cocart_pre_insert_product_review\&type=code) *** `cocart_prepare_product_review` Filter product reviews object returned from the REST API. Made available since v2.1.0 **Parameters** The response object. Product review object used to create response. The request object. **Usage** ```php theme={"system"} add_filter( 'cocart_prepare_product_review', function() { // Your code here }, 10 ); ``` [Search `cocart_prepare_product_review` in repository](https://github.com/co-cart/co-cart/search?q=cocart_prepare_product_review\&type=code) *** `cocart_preprocess_product_review` Filters a review after it is prepared for the database. Allows modification of the review right after it is prepared for the database. Made available since v2.1.0 **Parameters** The prepared review data for `wp_insert_comment`. The request object. **Usage** ```php theme={"system"} add_filter( 'cocart_preprocess_product_review', function() { // Your code here }, 10 ); ``` [Search `cocart_preprocess_product_review` in repository](https://github.com/co-cart/co-cart/search?q=cocart_preprocess_product_review\&type=code) *** `cocart_product_review_collection_params` Filter collection parameters for the reviews controller. This filter registers the collection parameter, but does not map the collection parameter to an internal *WP\_Comment\_Query* parameter. Use the `cocart_product_review_query` filter to set *WP\_Comment\_Query* parameters. Made available since v2.1.0 **Parameters** JSON Schema-formatted collection parameters. **Usage** ```php theme={"system"} add_filter( 'cocart_product_review_collection_params', function() { // Your code here }, 10 ); ``` [Search `cocart_product_review_collection_params` in repository](https://github.com/co-cart/co-cart/search?q=cocart_product_review_collection_params\&type=code) *** `cocart_product_review_query` Filters arguments, before passing to WP\_Comment\_Query, when querying reviews via the REST API. Made available since v2.1.0 **Parameters** Array of arguments for *WP\_Comment\_Query*. The request object. **Usage** ```php theme={"system"} add_filter( 'cocart_product_review_query', function() { // Your code here }, 10 ); ``` [Search `cocart_product_review_query` in repository](https://github.com/co-cart/co-cart/search?q=cocart_product_review_query\&type=code) *** # Shipping & Packages This category contains filters for shipping packages, methods, and shipping-related calculations. `cocart_available_shipping_packages` Filter allows you to alter the shipping packages returned. Made available since v4.1.0 **Parameters** Available shipping packages. Chosen shipping method. **Usage** ```php theme={"system"} add_filter( 'cocart_available_shipping_packages', function() { // Your code here }, 10 ); ``` [Search `cocart_available_shipping_packages` in repository](https://github.com/co-cart/co-cart/search?q=cocart_available_shipping_packages\&type=code) *** `cocart_shipping_package_details_array` Filter allows you to change the package details. Made available since v3.0.0 **Parameters** Product names. Package details. **Usage** ```php theme={"system"} add_filter( 'cocart_shipping_package_details_array', function() { // Your code here }, 10 ); ``` [Search `cocart_shipping_package_details_array` in repository](https://github.com/co-cart/co-cart/search?q=cocart_shipping_package_details_array\&type=code) *** `cocart_shipping_package_name` Filters the package name for the shipping method. Made available since v3.0.0 **Parameters** Shipping name. **Usage** ```php theme={"system"} add_filter( 'cocart_shipping_package_name', function() { // Your code here }, 10 ); ``` [Search `cocart_shipping_package_name` in repository](https://github.com/co-cart/co-cart/search?q=cocart_shipping_package_name\&type=code) *** # Error Messages & Notifications This category contains filters for various error messages and user notifications throughout the cart system. `cocart_can_not_remove_item_message` Filters message about can not remove item. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_can_not_remove_item_message', function() { // Your code here }, 10 ); ``` [Search `cocart_can_not_remove_item_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_can_not_remove_item_message\&type=code) *** `cocart_can_not_restore_item_message` Filters message about can not restore item. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_can_not_restore_item_message', function() { // Your code here }, 10 ); ``` [Search `cocart_can_not_restore_item_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_can_not_restore_item_message\&type=code) *** `cocart_cart_item_key_required_message` Filters message about cart item key required. Made available since v2.1.0 **Parameters** Message. Status of which we are checking the item key. **Usage** ```php theme={"system"} add_filter( 'cocart_cart_item_key_required_message', function() { // Your code here }, 10 ); ``` [Search `cocart_cart_item_key_required_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_cart_item_key_required_message\&type=code) *** `cocart_item_not_in_cart_message` Filters message about cart item key required. Made available since v2.1.0 **Parameters** Message. Method. **Usage** ```php theme={"system"} add_filter( 'cocart_item_not_in_cart_message', function() { // Your code here }, 10 ); ``` [Search `cocart_item_not_in_cart_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_item_not_in_cart_message\&type=code) *** `cocart_no_items_in_cart_message` Filters message about no items in the cart. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_no_items_in_cart_message', function() { // Your code here }, 10 ); ``` [Search `cocart_no_items_in_cart_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_no_items_in_cart_message\&type=code) *** `cocart_no_items_message` Filters message about no items in cart. Made available since v2.1.0 **Parameters** Message. **Usage** ```php theme={"system"} add_filter( 'cocart_no_items_message', function() { // Your code here }, 10 ); ``` [Search `cocart_no_items_message` in repository](https://github.com/co-cart/co-cart/search?q=cocart_no_items_message\&type=code) *** # Functions available in the core of CoCart Source: https://docs.cocartapi.com/documentation/developers/functions Extend support for CoCart with these useful functions in your projects ## `cocart_maybe_show_results()` Checks if the session table exists before returning results. Helps prevents any fatal errors or crashes should debug mode be enabled. **Returns**: `boolean Returns true or false if the session table exists.` * **Since**: 4.2.0 Introduced. * **Defined in**: [`includes/cocart-core-functions.php`](https://github.com/co-cart/co-cart/blob/trunk/includes/cocart-core-functions.php#L90) *** ## `cocart_count_carts_expiring()` Counts how many carts are going to expire within the next 6 hours. **Returns**: `int Number of carts expiring.` * **Since**: 4.2.0 Introduced. * **Defined in**: [`includes/cocart-core-functions.php`](https://github.com/co-cart/co-cart/blob/trunk/includes/cocart-core-functions.php#L146) *** ## `cocart_count_carts_active()` Counts how many carts are active. **Returns**: `int Number of carts active.` * **Since**: 4.2.0 Introduced. * **Defined in**: [`includes/cocart-core-functions.php`](https://github.com/co-cart/co-cart/blob/trunk/includes/cocart-core-functions.php#L177) *** ## `cocart_count_carts_expired()` Counts how many carts have expired. **Returns**: `int Number of carts expired.` * **Since**: 4.2.0 Introduced. * **Defined in**: [`includes/cocart-core-functions.php`](https://github.com/co-cart/co-cart/blob/trunk/includes/cocart-core-functions.php#L207) *** ## `cocart_carts_source_web()` Counts how many carts were created via the web. **Returns**: `int Number of carts created via the web.` * **Since**: 4.2.0 Introduced. * **Defined in**: [`includes/cocart-core-functions.php`](https://github.com/co-cart/co-cart/blob/trunk/includes/cocart-core-functions.php#L237) *** ## `cocart_carts_source_headless()` Counts how many carts were created via CoCart API. **Returns**: `int Number of carts created via CoCart API.` * **Since**: 4.2.0 Introduced. * **Defined in**: [`includes/cocart-core-functions.php`](https://github.com/co-cart/co-cart/blob/trunk/includes/cocart-core-functions.php#L267) *** ## `cocart_carts_source_other()` Counts how many carts were the source is other or unknown. **Returns**: `int Number of carts created via other or unknown.` * **Since**: 4.2.0 Introduced. * **Defined in**: [`includes/cocart-core-functions.php`](https://github.com/co-cart/co-cart/blob/trunk/includes/cocart-core-functions.php#L297) *** ## `cocart_get_min_max_price_meta_query()` Get min/max price meta query args. | Parameter | Type | Description | | --------- | ------- | ---------------------------------- | | `$args` | `array` | Min price and max price arguments. | **Returns**: `array` * **Since**: 3.4.1 Introduced. * **Defined in**: [`includes/cocart-rest-functions.php`](https://github.com/co-cart/co-cart/blob/trunk/includes/cocart-rest-functions.php#L520) *** # Action hooks available in JWT Authentication Source: https://docs.cocartapi.com/documentation/developers/jwt/actions Trigger an action when these hooks are called Download the [JWT Authentication for CoCart](https://wordpress.org/plugins/cocart-jwt-authentication/) plugin to use these hooks. Each action hook is documented below with its description and usage example. ## Token Events ### `cocart_jwt_token_generated` Made available since v2.1.0 Fires when a new JWT token is generated after successful authentication. ```php theme={"system"} add_action( 'cocart_jwt_token_generated', function( $token, $user ) { // Log token generation error_log("New token generated for user: {$user->ID}"); }, 10, 2 ); ``` ### `cocart_jwt_auth_token_refreshed` Made available since v2.1.0 Fires when a token is refreshed using a refresh token. ```php theme={"system"} add_action( 'cocart_jwt_auth_token_refreshed', function( $token, $user ) { // Track token refresh events error_log("Token refreshed for user: {$user->ID}"); }, 10, 2 ); ``` ### `cocart_jwt_auth_token_validated` Made available since v2.1.0 Fires when a token is successfully validated. ```php theme={"system"} add_action( 'cocart_jwt_auth_token_validated', function( $decoded ) { // Access validated token data $user_id = $decoded->data->user->id; error_log("Token validated for user: {$user_id}"); } ); ``` ## Token Management ### `cocart_jwt_auth_token_deleted` Made available since v2.1.0 Fires when a token is deleted. ```php theme={"system"} add_action( 'cocart_jwt_auth_token_deleted', function( $user_id ) { $user = get_user_by( 'id', $user_id ); // Cleanup after token deletion error_log("Token for {$user->display_name} has been deleted"); }, 10, 2 ); ``` ## Authentication Events ### `cocart_jwt_auth_authenticated` Made available since v3.0.0 Fires when a user is authenticated via JWT token. ```php theme={"system"} add_action( 'cocart_jwt_auth_authenticated', function( $user ) { // Send admin notification for VIP customers if ( in_array( 'vip_customer', $user->roles ) ) { wp_mail( get_option( 'admin_email' ), 'VIP Customer Login', "VIP customer {$user->display_name} has logged in via API." ); } // Track API usage analytics $usage_count = get_user_meta( $user->ID, 'api_usage_count', true ); update_user_meta( $user->ID, 'api_usage_count', intval( $usage_count ) + 1 ); } ); ``` > All actions follow WordPress coding standards and can be used with the standard add\_action() function. The examples above show practical implementations for each action. # Filters available in JWT Authentication Source: https://docs.cocartapi.com/documentation/developers/jwt/filters Control how JWT Authentication operates when tokens are created Download the [JWT Authentication for CoCart](https://wordpress.org/plugins/cocart-jwt-authentication/) plugin to use these filters. Each filter is documented below with its description and usage example. ## Authentication filters ### `cocart_jwt_auth_issued_at` Made available since v2.0.0 Allows you to change the token issuance timestamp (iat claim) for token timing synchronization. ```php theme={"system"} add_filter( 'cocart_jwt_auth_issued_at', function( $timestamp ) { // Add a 5-minute buffer return $timestamp + (5 * MINUTE_IN_SECONDS); } ); ``` ### `cocart_jwt_auth_issuer` Made available since v2.0.0 Allows you to change the token issuer (iss claim) for multi-site setups or custom API endpoints. ```php theme={"system"} add_filter( 'cocart_jwt_auth_issuer', function( $issuer ) { return 'https://api.yoursite.com'; } ); ``` ### `cocart_jwt_auth_not_before` Made available since v2.0.0 Allows you to set when the token becomes valid (nbf claim) for token activation control. ```php theme={"system"} add_filter( 'cocart_jwt_auth_not_before', function( $time, $issued_at ) { // Token becomes valid 5 minutes after issuance return $issued_at + (5 * MINUTE_IN_SECONDS); }, 10, 2); ``` ### `cocart_jwt_auth_expire` Made available since v2.0.0 Allows you to customize when the token will expire (exp claim) based on roles or conditions. ```php theme={"system"} add_filter( 'cocart_jwt_auth_expire', function( $expiration, $issued_at ) { // Set expiration to 2 days return 2 * DAY_IN_SECONDS; }, 10, 2); ``` ### `cocart_jwt_auth_algorithm` Made available since v2.0.0 vAllows you to change the algorithm used for token signing. ```php theme={"system"} add_filter( 'cocart_jwt_auth_algorithm', function( $algorithm ) { return 'RS256'; // Use RSA SHA-256 instead of default HS256 }); ``` ### `cocart_jwt_auth_token_user_data` Made available since v2.2.0 Allows additional user data to be applied to the payload before the token is generated. ```php theme={"system"} add_filter( 'cocart_jwt_auth_token_user_data', function( $data, $user ) { return array_merge( $data, array( 'role' => $user->roles[0], 'display_name' => $user->display_name, 'email' => $user->user_email ) ); }, 10, 2); ``` ## Refresh Token Filters ### `cocart_jwt_auth_refresh_token_generation` Made available since v2.0.0 Allows you to change how refresh tokens are generated. ```php theme={"system"} add_filter( 'cocart_jwt_auth_refresh_token_generation', function( $token ) { return md5( uniqid() . time() ); // Use MD5 for token generation }); ``` ### `cocart_jwt_auth_refresh_token_expiration` Made available since v2.0.0 Allows you to customize refresh token lifetime based on roles or conditions. ```php theme={"system"} add_filter( 'cocart_jwt_auth_refresh_token_expiration', function( $expiration ) { return 60 * DAY_IN_SECONDS; // Set to 60 days }); ``` ## Token Management ### `cocart_jwt_auth_revoke_tokens_on_email_change` Made available since v2.3.0 Allows you to control token revocation on email changes. ```php theme={"system"} add_filter( 'cocart_jwt_auth_revoke_tokens_on_email_change', function( $should_revoke, $user_id ) { return true; // Always revoke tokens on email change. }, 10, 2); ``` ### `cocart_jwt_auth_revoke_tokens_on_password_change` Made available since v2.3.0 Allows you to control token revocation on password changes for security policies. ```php theme={"system"} add_filter( 'cocart_jwt_auth_revoke_tokens_on_password_change', function( $should_revoke, $user_id ) { return $user_id !== 1; // Don't revoke tokens for admin user }, 10, 2); ``` ### `cocart_jwt_auth_revoke_tokens_on_after_password_reset` Made available since v2.3.0 Allows you to control token revocation on password reset for security policies. ```php theme={"system"} add_filter( 'cocart_jwt_auth_revoke_tokens_on_after_password_reset', function( $should_revoke, $user_id ) { return true; // Always revoke tokens after password reset. }, 10, 2); ``` ### `cocart_jwt_auth_revoke_tokens_on_profile_update` Made available since v2.3.0 Allows you to control token revocation on profile update. ```php theme={"system"} add_filter( 'cocart_jwt_auth_revoke_tokens_on_profile_update', function( $should_revoke, $user_id ) { return true; // Always revoke tokens on profile change. }, 10, 2); ``` ### `cocart_jwt_auth_revoke_tokens_on_delete_user` Made available since v2.3.0 Allows you to control token revocation when a user is deleted. ```php theme={"system"} add_filter( 'cocart_jwt_auth_revoke_tokens_on_delete_user', function( $should_revoke, $user_id ) { return true; // Always revoke tokens when user is deleted. }, 10, 2); ``` ### `cocart_jwt_auth_revoke_tokens_on_wp_logout` Made available since v2.3.0 Allows you to control token revocation when a user logs out. ```php theme={"system"} add_filter( 'cocart_jwt_auth_revoke_tokens_on_wp_logout', function( $should_revoke, $user_id ) { return true; // Always revoke tokens on logout. }, 10, 2); ``` > All filters follow WordPress coding standards and can be used with the standard add\_filter() function. The examples above show practical implementations for each filter. ### `cocart_jwt_auth_token_prefix` Made available since v2.5.0 This prefix is used to identify the token type. It can be useful if you want to use different token types or to avoid conflicts with other JWT implementations. > It is **NOT required** to use a prefix, but it can help to distinguish tokens from different sources or implementations so use a unique prefix. ```php theme={"system"} add_filter( 'cocart_jwt_auth_token_prefix', function( $prefix ) { return 'cocart_'; }, 10, 2); ``` ### `cocart_jwt_auth_max_user_tokens` Made available since v3.0.0 Allows changing the maximum number of tokens a user can have. Default is 5 tokens. ```php theme={"system"} add_filter( 'cocart_jwt_auth_max_user_tokens', function( $max_tokens, $user ) { // Allow administrators to have more tokens if ( in_array( 'administrator', $user->roles ) ) { return 20; } // Limit regular users to 3 tokens return 3; }, 10, 2); ``` # API Permissions Source: https://docs.cocartapi.com/documentation/force-permissions Learn how to restrict access to certain CoCart routes. When using a REST-API, sometimes you don’t want all the routes to be accessible to everyone. Restricting access to certain routes can help you maintain better control over your operations. This guide, we help enforce permissions and restrict access to specific CoCart API routes. One clear example is that you maybe don’t want to support guest customers on your store, so you need to restrict all the public routes. Forcing API permissions doesn’t mean that only administrators or shop managers can access them. This means that the routes cannot be used unless the API is requested while being authenticated. Authentication is not forced by user role. ## How do you force API permission? It’s actually pretty easy. All you need to do is apply a filter based on the method of the routes you want to force permission on. There are no parameters required. Just return an array of the API routes you wish to force permission on. Filter name: `cocart_api_permission_check_{method}` Replace `{method}` with `get`, `post`, `put`, `delete` or `options`. ```php theme={"system"} add_filter( 'cocart_api_permission_check_get', function() { return array( 'v1/count-items', 'v2/cart/items/count', 'v2/cart/totals', 'v2/store' ); } ); ``` That’s it. # Guiding Principles Source: https://docs.cocartapi.com/documentation/guides/guiding-principles The following principles should be considered when extending, creating, or updating endpoints in CoCart ## Routes should be designed around resources with a single type of schema Routes should be designed around resources (nouns) rather than operations (verbs). Routes should also return only one type of data defined by their Schema. For example: | Route | Resource type | Expected data | | ---------------------- | ------------- | --------------------------- | | `cocart/v2/cart` | Cart | A cart object | | `cocart/v2/cart/items` | Cart Item | A list of cart item objects | | `cocart/v2/products` | Product | A list of product objects | | `cocart/v2/products/1` | Product | A product object | There are 2 notable exceptions to this rule in the CoCart API; *Errors* and *Cart Operations*. ### Error Handling Errors, including validation errors, should return an error response code (4xx or 5xx) and a [`WP_Error`](https://developer.wordpress.org/reference/classes/wp_error/) object. Error messages should be localized, but do not need to be written with language aimed at customers (clients should use the given error code to create customer-facing notices as needed). Error codes should have the prefix `cocart_`. ### Cart Operations Some endpoints are designed around operations to avoid clients needing to make multiple round trips to the API. This is purely for convenience. An example would be the `cocart/v2/cart/add-item` endpoint which accepts a quantity and product ID, but returns a full cart object, rather than just an updated list of items. ## Exposed data must belong to the current user or be non-sensitive Resources, including customer and order data, should reflect only the current session. Do not return data for other customers as this would be a breach of privacy and security issue. Store data such as settings (for example, store currency) is permitted in responses, but private or sensitive data must be avoided. Allowing more extensive access to data must be authenticated. Data returned from the API should not be [escaped](https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/) (this is left to the client rendering it), but it should be sanitized. For example, HTML should be run through [`wp_kses_post`](https://developer.wordpress.org/reference/functions/wp_kses_post/). It is the client’s responsibility to properly escape data that comes from the API, but we should try to avoid returning data that is potentially unsafe. ## Collections of resources should be paginated Large volumes of data should be paginated to avoid overwhelming the server. For example, returning a collection of products. * Use the response Headers `X-WP-Total`, `X-WP-TotalPages`, and `Link` to indicate available resources. * Use parameters `page` and `per_page` to retrieve certain pages. * The maximum allowed value for `per_page` is 100. ## API Responses should use standard HTTP status codes When returning content, use a valid HTTP response code such as: * `200 OK` for successful responses (this is the default response code). * `201 Created` when creating a resource, for example, adding a new cart item or applying a new coupon. * `204 No Content` for successful deletes. * `400 Bad Request` when a required parameter is not set. * `403 Forbidden` when a request is not allowed, for example, if the provided security nonce is invalid. * `404 Not Found` if a resource does not exist. * `409 Conflict` if a resource cannot be updated, for example, if something in the cart is invalid and removed during the request. A note on `DELETE` requests, a common pattern in the WordPress REST API is to return the deleted object. [A full list of HTTP status codes can be found here.](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) ## Breaking changes should be avoided where possible The CoCart API establishes a contract between itself and API consumers via the use of Schema. This contract should not be broken unless absolutely necessary. If a breaking change were necessary, a new version of the CoCart API would need to be released. A breaking change is anything that changes the format of existing Schema, removes a Schema property, removes an existing route, or makes a backwards-incompatible change to anything public that may already be in use by consumers. Breaking changes can be avoided by [deprecating existing properties](http://json-schema.org/draft/2019-09/json-schema-validation.html#rfc.section.9.3) rather than removing them, or [deprecating routes](https://datatracker.ietf.org/doc/html/rfc8594) and replacing them with a different route if major changes are needed. Non-breaking changes are always permitted without the need to increase the API version. Some examples of these include: * Adding new properties to schema * Adding new routes, endpoints, methods * Adding optional request parameters * Re-ordering response fields The version will not increase for bug fixes unless the scope of the bug causes a backwards-incompatible change. Fixes would not be rolled back to past API versions with the exception of security issues that require backporting. # How to Update CoCart Source: https://docs.cocartapi.com/documentation/guides/updating-cocart Each release provides an improvement, new features, issues fixed, compatibility, even tighten security to make CoCart do what it needs to do for your headless store. ## Updating CoCart ### Automatic - one click update The CoCart plugin can be updated via the "Plugins" page found in your WordPress website admin area. Updates will appear when available and can be applied by simply clicking on the *update now* link. ### Manual update You may also apply plugin updates manually by copying and pasting the plugin files into your `wp-content/plugins` folder. You can download any free CoCart plugin files from the WordPress plugin directory and any premium CoCart plugin files from your customer portal. There is no loss or change to data whilst modifying the plugin’s files making it safe to delete and re-upload the plugin folder. ### Backups While running a headless website is not the same as a regular WordPress website, it is still important to backup the infrastructure that allows you to run it. #### Automatic backups The most efficient and reliable approach is to use an automated site backup service. There are many available that provide such a service. Some of the most popular ones include: * [UpdraftPlus](https://updraftplus.com/) * [BackupBuddy](https://ithemes.com/backupbuddy/) * [VaultPress](https://jetpack.com/support/backup/) * [WP Time Capsule](https://wptimecapsule.com/) * [BlogVault](https://blogvault.net/) #### Manual backups To do things manually, there are two parts to backing up your store: * Backup your database! There are multiple ways to do this, see the Codex for your options to back up your content. Both manual and plugin options exist. * Using SFTP head to your wp-content folder to backup your theme and plugin files. ### CoCart data update notice If you have configured CoCart to process database updates manually then you may be prompted with a notice to upgrade the database. The logic to check if a **database upgrade** is required will run in the admin area after a new version number is detected, therefore, it is fully compatible with both the update methods listed above. **Update CoCart Database** starts the process of updating your database to match the plugin version you installed or updated to. The database organizes, contains, and stores your customers cart in session. It is an essential process. Once the update process starts, you can view the progress which will take you to the **Scheduled Actions** section and show the pending actions for the update. Once it is completed, the next time you view an admin page you will see the dismissible update complete banner. # Load Cart Source: https://docs.cocartapi.com/documentation/load-cart Learn to load a guest cart session securely This feature is not part of the REST API. Do not treat it as such! This feature is designed to transfer the cart over to the web version of your store. It allows the guest customer to continue shopping or checkout what they already have in the cart added via your headless application. It's handy if you have not yet worked with payment gateway like *Stripe* to handle the headless checkout. You can choose to override the cart (if anything is set) or merge the cart items together. If a customer is logged in via the web version of your store then **WooCommerce** will then merge any items in the cart together with the items the guest customer has in cart. FYI: It does not matter if your customer is logged in or not already via the web version of your store. Only the cart data will be set. Customer details are **not transferred**. ## Query properties | Query | Type | Description | | ------------------ | ------ | ------------------------------------------------------------------------------------------------- | | `cocart-load-cart` | string | Set the cart key of the cart you wish to load. **mandatory** | | `notify` | bool | Set as true to notify customers once arrived on the web version of your store. *Default is false* | | `keep-cart` | bool | Set as false to merge cart data. *Default is true* | To load the cart from session on your web store, you must use the properties above to query your website. You can query any page you prefer your customer to land on as the cart is loaded in the background. `https://example-store.com/checkout/?cocart-load-cart=bbfa8e97ac9cff4c861d62a109e83bb6` If the same item already exists in cart and you are merging the two carts together, that item will not change. It will not increase or decrease the quantity if the cart item key are the same. ### FAQ Use the notice property to try loading the cart session again. This can be used also to debug why but normally this is because of two things. 1. The cart key was incorrect 2. The cart session has expired and is no longer in the database under that cart key. Use this filter to change the name. ```php theme={"system"} If you do not need or want to use WooCommerce native checkout then disable using this filter. ```php theme={"system"} # Rate Limiting Source: https://docs.cocartapi.com/documentation/rate-limiting Control and prevent abuse from excessive calls. Rate Limiting is only available with [CoCart Plus](https://cocartapi.com/pricing/). Popular stores can become the targets of malicious actors. One example of known abusive patterns is making many requests in a very short timeframe to try to overwhelm the store. Rate limiting is opt-in and is intended for advanced merchants and platforms. ## What it does? Rate limiting is to prevent abuse on endpoints from excessive calls and performance degradation on the machine running the store. Limiting is based on user ID for registered users (logged in) and IP address for guest users (unauthenticated requests). It also offers standard support for running behind a proxy, load balancer, etc. This is also optional and is disabled by default. The rate limiting uses a modified `wc_rate_limit` table with an additional remaining column for tracking the request count in any given request window. ## Limit information A default maximum of 25 requests can be made within a 10-second time frame. These can be changed through `cocart_api_rate_limit_options` filter. ## Methods restricted by Rate Limiting `POST`, `PUT`, `PATCH`, and `DELETE` ## Enable Rate Limiting Developers can enable rate limiting using the `cocart_api_rate_limit_options` filter. ```php theme={"system"} add_filter( 'cocart_api_rate_limit_options', function() { return [ 'enabled' => RateLimits::ENABLED, // enables/disables Rate Limiting. Default: false 'proxy_support' => RateLimits::PROXY_SUPPORT, // enables/disables Proxy support. Default: false 'limit' => RateLimits::LIMIT, // limit of request per timeframe. Default: 25 'seconds' => RateLimits::SECONDS, // timeframe in seconds. Default: 10 ]; } ); ``` ## Supporting Proxies Like any mechanism that restricts usage to counter potential abuse of an API, this is a sensitive feature that should be used carefully. In a scenario where a store is behind another service layer (a proxy, load balancer, etc.), the developer should enable standard proxy support through the Otherwise rate limiting might be wrongly triggered and group-limit requests. ## Proxy support For the `proxy_support` option to work properly, service layers (load balancer, cache service, CDNs, etc.) must be passing the originating IP supported through standard IP forwarding headers, namely: * `X_REAL_IP`|`CLIENT_IP` *Custom popular implementations that simplify obtaining the origin IP for the request* * `X_FORWARDED_FOR` *De-facto standard header for identifying the originating IP, [Documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For)* * `X_FORWARDED` *[Documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded), [RFC 7239](https://datatracker.ietf.org/doc/html/rfc7239)* This is disabled by default. ## Limit usage information observability Current limit information can be observed via custom response headers: * `RateLimit-Limit` *Maximum requests per time frame.* * `RateLimit-Remaining` *Requests available during current time frame.* * `RateLimit-Reset` *Unix timestamp of next time frame reset.* * `RateLimit-Retry-After` *Seconds until requests are unblocked again. Only shown when the limit is reached.* ### Response headers example ```http theme={"system"} RateLimit-Limit: 5 RateLimit-Remaining: 0 RateLimit-Reset: 1654880642 RateLimit-Retry-After: 28 ``` ## Tracking Abuses Developers can use the `cocart_api_rate_limit_exceeded` action to track and handle instances of API abuse: ```php theme={"system"} add_action( 'cocart_api_rate_limit_exceeded', function ( $offending_ip ) { /* Custom tracking implementation */ } ); ``` ## Testing Guide ### Without proxy support 1. Enable Rate Limiting by using the [options filter](#enable-rate-limiting). 2. In a short window, keep making API requests. 3. Check that RateLimit-xxx headers change on each request. 4. Check that once you've hit the limit, an error response is returned. You can modify the limits using the [options filter](#enable-rate-limiting) to make it easier to test. ### With proxy support, do the same as before and 1. Enable proxy support 2. Make your requests with one of the following request headers containing always the same IP address: * X-Real-IP or Client-IP * [X-Forwarded-For](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For) * [Forwarded](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded) ### User Facing Testing 1. Enable Rate Limiting by using the [options filter](#enable-rate-limiting). 2. Try to apply a coupon or access `/wp-json/cocart/v2/coupon` beyond current limits (currently 25 requests under 10 seconds) 3. Ensure you get presented with an error "Too many requests. Please wait xx seconds before trying again." # Resources Source: https://docs.cocartapi.com/documentation/resources These resources may extend your capability of going headless with WordPress. ## CoCart for Developers We have over 200+ filters and action hooks in the core of CoCart alone. Find them logged under the "Developers" section on the side. Each filter and action hook is linked for further reference. ### Cart Enhanced This free add-on is not supported by the CoCart API reference. Enhances the cart response returned with additional product details and more. [Download here](https://wordpress.org/plugins/cocart-get-cart-enhanced/) ### JWT Authentication Authenticate via a simple JWT Token. This JWT authentication is designed for customer users and requires basic authentication used first. [Download here](https://wordpress.org/plugins/cocart-jwt-authentication/) ### Beta Tester Run bleeding edge versions of CoCart from the GitHub repository. This will replace your installed version of CoCart with the latest tagged pre-release on GitHub – use with caution, and not on production sites. You have been warned. [Download here](https://github.com/co-cart/cocart-beta-tester) ## WordPress REST-API If you are looking for any of WordPress core REST API routes, go to [https://developer.wordpress.org/rest-api/](https://developer.wordpress.org/rest-api/) for their API reference. ## Other Plugins The plugins below may be useful to you to extend the capability of going headless with WordPress. ### WP-REST-API V2 Menus This plugin extends the WordPress REST API with new routes for WordPress registered menus. [Download here](https://wordpress.org/plugins/wp-rest-api-v2-menus/) ### REST API Toolbox Allows tweaking of several REST API settings. [Download here](https://wordpress.org/plugins/rest-api-toolbox/) ### REST API Log Log all REST API requests and responses. Great for debugging. [Download here](https://wordpress.org/plugins/wp-rest-api-log/) ### Query Monitor A developer tools panel for WordPress. It enables debugging of database queries, PHP errors, hooks and actions, block editor blocks, enqueued scripts and stylesheets, HTTP API calls, and more. [Download here](https://wordpress.org/plugins/query-monitor/) ### Disable REST API Why recommend this? Because you may not want all REST API's registered on your WordPress site exposed or simply don't use them. The most comprehensive plugin for controlling access to the WordPress REST API. Useful to disable routes you are not using. [Download here](https://wordpress.org/plugins/disable-json-api/) We developed our own security plugin designed specifically for the REST API to provide a firewall from bad requests and protection for data exposed without authentication such as the index listing the routes available. **List of Features** * Hides all sensitive details from the `wp-json` index. * Deny access to any API route if the `user-agent` is not trust worthy or a bot. * Block use of any API route in an iFrame. * Rate limiting for any route. * Anonymous user data returned if accessed without authentication. * CORs support. * Permissions callback override for any route and method. [Get your API secure](#) # Security Source: https://docs.cocartapi.com/documentation/security Security is the most important part of creating a headless store. By default, CoCart cannot be found in WordPress REST API index under namespaces or routes. Don't be alarmed. This doesn't mean CoCart is not active on your site, we simply hide CoCart from any outsider trying to see if you are running it. Most developers don't like the index of the REST API exposing these details so we made sure at least CoCart is not shown automatically. We developed our own security plugin designed specifically for the REST API to provide a firewall from bad requests and protection for data exposed without authentication such as the index listing the routes available. **List of Features** * Hides all sensitive details from the `wp-json` index. * Deny access to any API route if the `user-agent` is not trust worthy or a bot. * Block use of any API route in an iFrame. * Rate limiting for any route. * Anonymous user data returned if accessed without authentication. * CORs support. * Permissions callback override for any route and method. [Get your API secure](#) ## Authentication header If you want to change the authorization header used for authenticating users with CoCart. Use filter `cocart_auth_header` to fetch the authorization value from it. ```php theme={"system"} add_filter( 'cocart_auth_header', function( $auth_header ) { $custom_header = isset( $_SERVER['HTTP_X_MY_CUSTOM_AUTH'] ) ? sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_MY_CUSTOM_AUTH'] ) ) : ''; return ! empty( $custom_header ) ? $custom_header : $auth_header; }, 10, 1); ``` # Tools Source: https://docs.cocartapi.com/documentation/tools Tools to help you develop. ## Local Environments When preparing the WordPress side of your headless store locally, using either one of these desktop applications will help you to create new WordPress sites on your computer with the click of a few buttons. They takes care of configuring *PHP*, *MySQL* and basic configuration of WordPress to connect to the database. Some may provides one-click support for enabling *XDebug*, allow access to your WordPress site using *WP-CLI*, and more. All you need out of the box. Quickly spin up a local environment from: * [LocalWP](https://localwp.com/) - **Recommend** * [DevKinsta](https://kinsta.com/devkinsta/) * [Lando](https://docs.lando.dev/plugins/wordpress/v/stable/) * [MAMP](https://codex.wordpress.org/Installing_WordPress_Locally_on_Your_Mac_With_MAMP) * [XAMP](https://www.apachefriends.org) * [Laravel Valet](https://laravel.com/docs/valet) When setting up your WordPress environment, please check that they match the [server requirements](https://woocommerce.com/document/server-requirements/) that WooCommerce ask for in order to run CoCart. ## Tools Some useful tools you can use to access the API include: * [Postman](https://www.getpostman.com/) - A multi platform REST API GUI client (using Google Chrome or installing the app on Mac OS X or Windows). * [Insomnia](https://insomnia.rest/) - Similar to Postman using an app on Mac OS X, Windows or Ubuntu. * [Bruno](https://www.usebruno.com/) - Bruno is a Git-integrated, fully offline, and open-source API client. * [Hoppscotch](https://hoppscotch.io/) - A fast and beautiful API request builder (web alternative to Postman). * [ExtendsClass](https://extendsclass.com/rest-client-online.html) - Another web HTTP client. * [CocoaRestClient](https://mmattozzi.github.io/cocoa-rest-client/) - A Mac OS X GUI client for interacting with the API. * [Paw HTTP Client](https://itunes.apple.com/us/app/paw-http-client/id584653203?mt=12) - Another HTTP client for Mac OS X. * [Hookbin](https://hookbin.com/) - Another tool to test web hooks. # WP-CLI for CoCart Source: https://docs.cocartapi.com/documentation/wp-cli CoCart offers the ability to manage the plugin via the command-line, using WP CLI. Before you make any changes, always take a backup of your site. This keeps your data safe if anything goes wrong. ## Core Commands WP-CLI commands where introduced since v3 All CoCart related commands are grouped into wp cocart command. | Command | Description | | ---------------------- | ------------------------------------------------- | | `wp cocart update` | Updates the CoCart database. | | `wp cocart version` | Returns the version of CoCart installed. | | `wp cocart db-version` | Returns the database version of CoCart installed. | ## Plus Commands | Command | Description | | ------------------------ | ------------------------------------------------------ | | `wp cocart plus version` | Returns the version of CoCart Plus you have installed. | ## Plugin Slugs Use the following slugs to manage CoCart plugins with WP-CLI. The slugs are used in the command line to identify the specific plugin you want to work with. | Plugin | Plugin Slug | | ------------------------- | ----------------------------- | | CoCart Core (Legacy) | cart-rest-api-for-woocommerce | | CoCart Core | cocart | | CoCart Plus | cocart-plus | | CoCart JWT Authentication | cocart-jwt-authentication | ## Frequently Asked Questions WP-CLI is a powerful set of command-line tools for managing WordPress installations in the terminal saving you time and effort. You can update plugins, configure multisite installations, and much more, all without using a web browser. To update a plugin using WP-CLI, first go to your WordPress directory in the terminal. Then type the command `wp plugin update `, replacing **plugin-slug** with the name of the plugin you want to update. This will update the plugin to its latest version. Not all CoCart plugins are available for installation via WP-CLI as they are not hosted on the WordPress plugin directory. Other plugins must be installed manually by downloading them. WP-CLI helps you manage plugins much faster by using simple commands in the terminal. You do not need to log in to the WordPress dashboard or click many buttons. It can save time, reduce mistakes, and make it easier to manage many sites. WP-CLI is useful for both beginners and advanced users. For more information about WP-CLI visit the official site [https://wp-cli.org/](https://wp-cli.org/) # Quick Start Source: https://docs.cocartapi.com/getting-started/core/quick-start Learn how to create a cart This tutorial uses a REST client for the examples, we will walk through the following steps in order to achieve placing items in the cart. The screenshots are from [Postman](https://www.postman.com/), but you can also use other REST clients like [Insomnia](https://insomnia.rest/) if you want. RESTful requests are a standardized way for applications to communicate with servers over the internet. These requests use different methods to perform specific actions: * **GET**: Fetch information from the server. * **POST**: Creates information to the server. * **PUT**: Updates existing information on the server. * **DELETE**: Deleting information from the server. **Let's get started** Normally you would need to decide if the cart we are managing is for a guest customer or a registered customer. For this tutorial we will focus on a guest customers. They have no identification on your store so it helps to start at the beginning. ## Fetch all available products Next, we need to know the ID of the product we want to order. For this example, I decided to go with the product named *Beanie with Logo*, one of the sample products in WooCommerce core. To list all available products, we make the following request: First, we need to know the ID of the product we want that can be used to add the item to the cart. I can get a list of products from `/wp-json/cocart/v2/products`. This returns products in JSON format and shows product IDs and pricing information: Requesting available products in store ## Add a product to the cart We can then pick which product we’d like to add to the cart, and go ahead and add it via the `/wp-json/cocart/v2/cart/add-item` route. This will either add the item to the cart, returning the new updated cart object, or return an error response if something went wrong. In comparison to the previous **GET** requests, adding a product to the cart requires a **POST** request. After making the request, we can see that the desired product had been added to the cart: Cart response along with the added item We can also see that the first shipping rate is selected by default. Of course, it’s possible placing multiple products as well as one product multiple times to the cart. To add multiple products to the cart, simply call the `/wp-json/cocart/v2/cart/add-item` endpoint with various products. To add one product multiple times to the cart, simply adjust the quantity parameter of the `/wp-json/cocart/v2/cart/add-item` endpoint. We recommend using the batch endpoint `/wp-json/cocart/batch` when possible to help with the performance of the API as well as provide one complete cart response. Once the item is added to the cart, a cart session is created and a new cart key (randomly generated) is assigned. This session stores the information about the cart items, shipping options, discounts applied, the totals and the customers information provided etc. ## Collecting and tracking the cart key There are two ways you can get the cart key. The first is via the cart response where you see `cart_key`. The second is via the returned response headers. There you will need to look for `CoCart-API-Cart-Key`. In this case the cart key is `{cart_key}`. This cart key is what we need to keep track of the cart session for the guest customer. The reason for that is because we don't rely on WooCommerce session cookie to store the cart key for us. Doing this allows more freedom for developers and control on how they want to build their headless store. Not using the same cart key for the guest customer will lead to several cart sessions being created with no way of getting the previous cart session back the next time you add a product or update the cart. Once you get the `cart_key`, you must store it somewhere in your application. It can be: * **Browser Storage** * using a cookie * LocalStorage (with encryption) * SessionStorage (for temporary sessions) * **Storage Libraries** * [localForage](https://www.npmjs.com/package/localforage) - Offline storage with fallbacks * [PouchDB](https://pouchdb.com/) - Offline-first database * **Native Storage** * [SQLite](https://www.sqlite.org/) - For mobile applications * [Hive](https://docs.hivedb.dev/) - For Flutter applications * Secure Keychain/Keystore for mobile platforms ## Adding customer information With the item now in the cart, we can attempt to add customer information using the `/wp-json/cocart/v2/cart/update?cart_key=&namespace=update-customer` endpoint. Notice that I placed the cart key as global parameter. You can apply the cart key via the headers to if you prefer. This endpoint requires a billing and shipping address. The payload we send looks something like this: ```json theme={"system"} { "first_name": "Anakin", "last_name": "Skywalker", "email": "thatisnomoon@space.com", "phone": "01908672354", "company": "Darth Vadar LTD", "address_1": "70 The Crescent", "address_2": "", // Only if needed. "city": "BELFAST", "state": "", // Only if needed. "country": "GB", "postcode": "BT90 2PU" } ``` Customers may want to provide a different address other than the billing address provided. Extend the fields with a `s_` prefix in front to identify the field is for shipping. Followed by setting the field `ship_to_different_address` as **true**. ```json theme={"system"} { "first_name": "Anakin", "last_name": "Skywalker", "email": "thatisnomoon@space.com", "phone": "01908672354", "company": "Darth Vadar LTD", "address_1": "70 The Crescent", "city": "BELFAST", "country": "GB", "postcode": "BT90 2PU", "s_first_name": "Sith", "s_last_name": "Lord", "s_address_1": "515 Cherry Drive", "s_city": "San Pablo", "s_state": "CA", "s_postcode": "94806", "s_country": "US", "s_company": "Galaxy Ruler LLC", "ship_to_different_address": true } ``` A different shipping address can only be applied if you have [CoCart Plus](https://cocartapi.com/pricing/) installed. We don't yet have the option to create an order via an API but we do provide the option to load the cart session to the native WooCommerce store to continue the checkout procedure there. We will have the checkout API available in the future. ## Load cart into store 123 ## Resources * Get Cart Info (/cocart/v2/cart) * Add Item to Cart (/cocart/v2/cart/add-item) * List Products (/cocart/v2/products) ## Further Reading * [Technical Documentation](/overview/standards) * [Guiding principles](/documentation/developers/guides/guiding-principles) ## Thoughts & feedback We hope you found this tutorial helpful! If you’ve got any questions or there’s another tutorial topic you’re keen to see, feel free to drop a comment or reach out in the [CoCart Community in Discord](https://cocartapi.com/community/?ref=mintlify). Your feedback helps us create content that better serves you. Thanks for reading! # Install CoCart Source: https://docs.cocartapi.com/getting-started/core/setup Follow one of many the ways to install CoCart ### Before you start It’s important that your [server requirements](https://woocommerce.com/document/server-requirements/) meet the minimum that WooCommerce ask for in order to run CoCart. If you already have WooCommerce installed and your store filled with products ready to sell. Congrats, you meet the requirements to install CoCart and can now start decoupling. ### Upload Install We don't host the latest core version of CoCart with WordPress.org for security reasons. Please download from us to make sure you are using an official copy. [Download CoCart Core](https://cocartapi.com/download/) Once you have the plugin downloaded, log in to your WordPress dashboard, navigate to the ‘Plugins’ menu and press ‘Add New’. Then press ‘Upload Plugin’. You will either be redirected to a new page or the upload field will simple appear at the top allowing you to upload the plugin. Once the file is selected, press ‘Install Now’. Once the plugin is installed. Press ‘Activate Plugin’. ### Install via FTP [Download CoCart Core](https://cocartapi.com/download/) Open your FTP program of choice and login to your FTP server. Access where your WordPress plugins folder is stored and upload the folder of the plugin that is in the zip file and put it in the plugins directory. Now log in to your WordPress dashboard, navigate to the ‘Plugins’ menu and press ‘Activate’ where CoCart is listed. ### Alternative Source: GitHub Versions of CoCart core below v5 will not have two versions, only a single zip file and will be labelled e.g. `cart-rest-api-for-woocommerce-v4.3.16.zip` Every release of CoCart core since v5 has two versions of the plugin compiled added as a release asset either as a `.zip` or `.tar.gz` format. ###### Examples * e.g. Regular zip - `cocart-core-v5.0.zip` * e.g. [GitHub Updater](https://github.com/afragen/git-updater) supported zip - `cocart-core-github-v5.0.zip` On the [releases page](https://github.com/co-cart/co-cart/releases), look under the “assets” section of the release you would like to install and download the compiled format that works best for you. Once you have downloaded the plugin, follow the installation instructions. ## Prerequisites Before using CoCart, ensure your WordPress permalinks are configured to any setting except "Plain". This configuration is essential for accessing the REST API using standard endpoint URIs (e.g. `cocart/v2/products`). Configure this under **Settings > Permalinks**. With these settings in place, you're ready to begin using CoCart. ## WooCommerce Dependency CoCart requires an active WooCommerce installation to function. If WooCommerce is not installed or is deactivated, CoCart will automatically disable itself during activation to prevent technical issues. You'll see a prompt to install or activate WooCommerce if needed. # Advanced Configuration Source: https://docs.cocartapi.com/getting-started/jwt/advanced-configuration Take security to the next level with JWT Authentication. ## Using RSA Keys (RS256) By default, CoCart JWT uses HS256 (HMAC SHA-256) for token signing. You can switch to RS256 (RSA SHA-256) for enhanced security, especially in distributed systems. **1. Generate RSA Keys** First, generate a private/public key pair: ```bash theme={"system"} # Generate private key openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048 # Generate public key openssl rsa -pubout -in private.key -out public.key ``` **2. Configure Keys** Add these filters to a custom must-use plugin: ```php theme={"system"} // Set the algorithm to RS256 add_filter( 'cocart_jwt_auth_algorithm', function( $algorithm ) { return 'RS256'; }); // Set the private key for token signing. add_filter( 'cocart_jwt_auth_secret_private_key', function( $key ) { return file_get_contents( ABSPATH . 'path/to/private.key' ); }); // Set the public key for token validation. add_filter( 'cocart_jwt_auth_secret_public_key', function( $key ) { return file_get_contents( ABSPATH . 'path/to/public.key' ); }); ``` Store your keys securely and never commit them to version control. Consider using environment variables or WordPress constants in `wp-config.php` to store the key paths. **1. Key Storage Example** A secure way to configure keys using constants: ```php theme={"system"} // In wp-config.php define( 'COCART_JWT_AUTH_PRIVATE_KEY_PATH', '/secure/path/private.key' ); define( 'COCART_JWT_AUTH_PUBLIC_KEY_PATH', '/secure/path/public.key' ); // In your code add_filter( 'cocart_jwt_auth_secret_private_key', function( $key ) { return file_get_contents( COCART_JWT_AUTH_PRIVATE_KEY_PATH ); }); add_filter( 'cocart_jwt_auth_secret_public_key', function( $key ) { return file_get_contents( COCART_JWT_AUTH_PUBLIC_KEY_PATH ); }); ``` **4. Using Key Strings Directly** Alternatively, you can use the RSA key strings directly in your code: ```php theme={"system"} add_filter( 'cocart_jwt_auth_algorithm', function( $algorithm ) { return 'RS256'; }); add_filter( 'cocart_jwt_auth_secret_private_key', function( $key ) { return << While using key strings directly in code is possible, it’s recommended to store them in secure environment variables or files for better security and key management. ## Benefits of RS256 * **Asymmetric Encryption**: Different keys for signing and verification. * **Better Security**: Private key can be kept secret on the authentication server. * **Scalability**: Public key can be distributed to multiple verification servers. * **Standard Compliance**: Widely used in enterprise applications. # Core Concepts Source: https://docs.cocartapi.com/getting-started/jwt/concepts JSON Web Tokens are an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. In WordPress REST API authentication: ## JSON Web Tokens (JWT) JWTs consist of three parts: Header, Payload, and Signature, each base64-encoded and separated by dots. Tokens carry all necessary information, reducing database queries and improving performance. Digital signatures ensure token integrity and authenticity using cryptographic algorithms. Can include custom claims for additional user data or permissions. ## Token Types CoCart JWT Authentication implements a dual-token system for enhanced security. The system uses two distinct types of tokens: ### Access Tokens Short-lived tokens used for API authentication. They: * Carry user identity and permissions * Are included in the Authorization header for API requests * Have configurable expiration times * Are validated on each request ### Refresh Tokens Long-lived tokens used to maintain user sessions. They: * Are used to obtain new access tokens * Are stored securely in the database * Implement secure token rotation * Help maintain persistent authentication ## Token Lifecycle Understanding how tokens are managed throughout their lifetime: Tokens are generated upon successful authentication with user credentials. Each API request validates the token’s signature, expiration, and claims. Access tokens are renewed using refresh tokens before expiration. Tokens can be invalidated for security events or user actions. ## Rate Limiting Rate limiting is a security feature that helps protect your API from abuse by limiting the number of requests. For JWT, we force enable this feature when refreshing a client's token and validating within a specific time window. Rate limiting is only supported if you have [CoCart Plus](https://cocartapi.com) installed. ### How It Works Each request is tracked based on the client’s IP address. Requests are counted within a configurable time window. (default: 1 minute) * For refresh token, limits are exceeded to `10` requests per minute per IP. * For validating token, limits are exceeded to `2` requests per minute per IP. Then requests are blocked with a 429 (Too Many Requests) response. After the time window expires, the request count resets automatically. ### Rate Limit Headers CoCart Plus includes standard rate limit headers in API responses: #### `X-RateLimit-Limit` integer Maximum number of requests allowed in the current time window. #### `X-RateLimit-Remaining` integer Number of requests remaining in the current time window. #### `X-RateLimit-Reset` timestamp Unix timestamp when the current time window expires. #### `Retry-After` integer Seconds to wait before making another request. (only present when rate limited) ### Default Limits Different endpoints have different rate limits to balance security and usability: * **Token Validation**: 10 requests per minute per token * * Higher limit for API operations * * Applies to protected endpoints * **Token Refresh**: 2 requests per minute per refresh token * * Moderate limit for token renewal * * Prevents refresh token abuse # Quick Start Source: https://docs.cocartapi.com/getting-started/jwt/quick-start This guide assumes you have already installed and configured CoCart JWT Authentication. If not, please follow the [setup guide](/getting-started/jwt/setup) first. In the following request examples below, you would replace ``, ``, `` and `` with your credentials before sending the request. ## Authentication Flow ### 1. Get a Token To authenticate a user and get a JWT token: ```bash cURL theme={"system"} curl -X POST \ https://your-store.com/wp-json/cocart/v2/login \ -H "Content-Type: application/json" \ -d '{"username": "", "password": ""}' ``` ```php PHP theme={"system"} 'https://your-store.com/wp-json/cocart/v2/login', CURLOPT_RETURNTRANSFER => true, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_HTTPHEADER => [ 'Accept: application/json', 'Authorization: Basic ' . base64_encode( . ':' . ) ] ]); $response = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); ``` ```javascript JavaScript theme={"system"} const auth = btoa(':'); fetch('https://your-store.com/wp-json/cocart/v2/login', { method: 'POST', headers: { 'Accept': 'application/json', 'Authorization': `Basic ${auth}` } }); ``` ```json theme={"system"} { "user_id": "123", "first_name": "John", "last_name": "Smith", "display_name": "john", "role": "Customer", "avatar_urls": {}, "email": "users@emailaddress.xyz", "extras": { "jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOlwvXC9jb2NhcnRhcGkubG9jYWwiLCJpYXQiOjE3Mzk3NTEzNzIsIm5iZiI6MTczOTc1MTM3MiwiZXhwIjoxNzQwNjE1MzcyLCJkYXRhIjp7InVzZXIiOnsiaWQiOjEsInVzZXJuYW1lIjoic2ViYXN0aWVuIiwiaXAiOiIxMjcuMC4wLjEiLCJkZXZpY2UiOiJIVFRQX1hfVUNCUk9XU0VSX0RFVklDRV9VQSJ9LCJzZWNyZXRfa2V5IjoiYmFuYW5hIn19.aBuyRwAtvGb6SI4BB_MN4NYN01jqVZN4PPnd1jfW2UA", "jwt_refresh": "90efc95f1d85e465951d10c309897629524b7fc1b40dfab75ed68f7c8540468a05b8b26995685821f52cf736edb566f3317432288af4c6e4edc281f6ab7af371" }, "dev_note": "Don't forget to store the users login information in order to authenticate all other routes with CoCart." } ``` If you require to pass the user-agent header when making requests. Applying it when logging in must be done for the token to remain valid. If you decide to pass the user-agent header after, then the token will no longer be valid and you will have to request a new one. ### 2. Use the Token Make authenticated requests using the token. Here’s an example using Cart endpoint to get the current user’s cart: ```bash cURL theme={"system"} curl -X GET 'https://your-store.com/wp-json/cocart/v2/cart' \ -H 'Authorization: Bearer ' ``` ```php PHP theme={"system"} '; $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => 'https://your-store.com/wp-json/cocart/v2/cart', CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ 'Authorization: Bearer ' . $token ] ]); $cart = curl_exec($ch); curl_close($ch); ``` ```javascript JavaScript theme={"system"} const token = await getToken(); const cart = await fetch('https://your-store.com/wp-json/cocart/v2/cart', { headers: { 'Authorization': `Bearer ${token}` } }); ``` ### 3. Refresh Token When the access token expires, use the refresh token to get a new one: ```bash cURL theme={"system"} curl -X POST \ https://your-site.com/wp-json/cocart/jwt/refresh-token \ -H "Content-Type: application/json" \ -d '{"refresh_token": ""}' ``` ```php PHP theme={"system"} '; $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => 'https://your-store.com/wp-json/cocart/jwt/refresh-token', CURLOPT_RETURNTRANSFER => true, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_HTTPHEADER => [ 'Authorization: Bearer ' . $token ] ]); $cart = curl_exec($ch); curl_close($ch); ``` ```javascript JavaScript theme={"system"} const token = await refreshToken(); const cart = await fetch('https://your-store.com/wp-json/cocart/jwt/refresh-token', { method: 'POST', headers: { 'Authorization': `Bearer ${token}` } }); ``` ```json theme={"system"} { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOlwvXC9jb2NhcnRhcGkubG9jYWwiLCJpYXQiOjE3NDA1MTE5NDgsIm5iZiI6MTc0MDUxMTk0OCwiZXhwIjoxNzQxMzc1OTQ4LCJkYXRhIjp7InVzZXIiOnsiaWQiOjEsInVzZXJuYW1lIjoic2ViYXN0aWVuIiwiaXAiOiIxMjcuMC4wLjEiLCJkZXZpY2UiOiJIVFRQX1hfVUNCUk9XU0VSX0RFVklDRV9VQSJ9LCJzZWNyZXRfa2V5IjoiYmFuYW5hIn19.zHEHjVLE0Rrr7yY4z51bjhnm5ndkbR6J1nDzJNOZTK0", "refresh_token": "7dfc00d346277468b975a22768f861702b056e20f7cd84675b4dd4c0eb1148f034ae2610c548458a55213d62ea6034006466919166841e5f6797caeac5bd5e27" } ``` Remember to never expose your JWT secret key or store tokens in plain text. Always use secure storage methods appropriate for your platform. ### 4. Validate Token To keep check of a valid token: ```bash cURL theme={"system"} curl -X POST \ https://your-site.com/wp-json/cocart/jwt/validate-token \ -H "Authorization: Bearer YOUR-JWT-TOKEN" ``` **Successful** ```json theme={"system"} { "message": "Token is valid." } ``` **Invalid Token** ```json theme={"system"} { "code": "cocart_authentication_error", "message": "Authentication failed.", "data": { "status": 401 } } ``` # Setup Source: https://docs.cocartapi.com/getting-started/jwt/setup Learn how to setup JWT Authentication for CoCart. Make sure you have downloaded the [JWT Authentication for CoCart](https://wordpress.org/plugins/cocart-jwt-authentication/) plugin and installed it. ## Secret Key Configuration Add the following code to your **wp-config.php** file: ```php theme={"system"} define( 'COCART_JWT_AUTH_SECRET_KEY', 'YOUR-UNIQUE-SECRET-KEY' ); ``` Never share or commit your secret key. Keep it secure and unique for each environment. ## Enable PHP HTTP Authorization Header ### Shared Hosts Most shared hosting providers have disabled the **HTTP Authorization Header** by default. To enable this option you'll need to edit your **.htaccess** file by adding the following: ```apache theme={"system"} RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1] ``` or ```apache theme={"system"} RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] ``` ### WPEngine To enable this option you'll need to edit your **.htaccess** file by adding the following outside of IfModule: ```apache theme={"system"} SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 ``` Example of what that looks like. ```apache theme={"system"} # BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1] SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 # END WordPress ``` ## How It Works CoCart JWT Authentication implements a secure OAuth 2.0 compliant authentication flow. Here's how the authentication process works in your WordPress application: Client authenticates the login endpoint via Authorization header using the basic method to obtain JWT tokens. Use the JWT token to authenticate any REST API requests via Authorization header using bearer method. Use refresh token to obtain new access tokens without re-authentication via the refresh-token endpoint. Validate the token in the background of your application from time to time to check the users authentication session is still valid. ## Security Best Practices CoCart JWT Authentication comes with built-in security features to protect your WordPress application. Here are the key security measures you should be aware of: Automatic token revocation on password/email changes. Automatic token revocation on user deletion. Automatic token revocation on user logout. Configurable token expiration times. Secure refresh token rotation. # License Activation Source: https://docs.cocartapi.com/getting-started/license-activation Enter your CoCart license key to activate your license. > Dev Note: Needs to be completed with some additional updates for new license system. Once CoCart is installed you should see a new menu item named **CoCart** in your WordPress dashboard, plus the following notification that prompts you to activate your license for CoCart: This notification will ask you to enter your license key. Go to **CoCart > Updates** or click the **Activate License** link. This should bring up the license activation screen: Here you enter your license key. Copy your CoCart license key provided and paste it into the license field. Click **Save Changes**. Your license should now be active: Confirmation that you have activated your license. That’s it! You will now automatically receive updates for CoCart when they become available. After purchasing, you will receive a unique license key via email and your [Polar account](https://polar.sh/cocartheadless/portal/request) with your purchase. No, local and staging installations do not count against your license limit. You can use CoCart on as many local or staging sites as you like without affecting your active site limit. The following URLs are considered local or staging sites and will not count against your active site limit. **Local URLs**: * 192.168.x.x * 127.0.0.1 * localhost (includes) * .local (top-level domain) * .test (top-level domain) * .wip (top-level domain) * .docksal (docksal) * .docksal.site (docksal) * .dev.cc (ServerPress) * .lndo.site (Lando) **Staging URLs**: * .staging.kinsta.com (Kinsta.com) * .kinsta.cloud (Kinsta.com) * .stage.site (Dreampress) * .newspackstaging.com (Newspack) * .pantheonsite.io (Pantheon) * .flywheelsites.com (Flywheel) * .flywheelstaging.com (Flywheel) * .cloudwaysapps.com (Cloudways) * .azurewebsites.net (Azure) * .wpserveur.net (WPServeur) * -liquidwebsites.com (Liquidweb) * .myftpupload.com (Go Daddy) * .sg-host.com (Singapore Web Hosting) * .platformsh.site (Platform.sh) * .wpstage.net (WP Stagecoach) You can also always deactivate the license key from your site from your WordPress dashboard under CoCart > Updates, and activate it on another site. # Install CoCart Plus Source: https://docs.cocartapi.com/getting-started/plus/setup You can purchase CoCart Plus via cocartapi.com/pricing/ ### Download Plugin Once you have purchased a license for CoCart Plus, you will find the plugin under your [Customer Account](https://polar.sh/cocartheadless/portal/request) where you purchased. ### Upload Install Once the plugin is downloaded, log in to your WordPress dashboard, navigate to the ‘Plugins’ menu and press ‘Add New’. Then press ‘Upload Plugin’. You will either be redirected to a new page or the upload field will simple appear at the top allowing you to upload the plugin. Once the file is selected, press ‘Install Now’. Once the plugin is installed. Press ‘Activate Plugin’. ### Install via FTP Open your FTP program of choice and login to your FTP server. Access where your WordPress plugins folder is stored and upload the folder of the plugin that is in the zip file and put it in the plugins directory. Now log in to your WordPress dashboard, navigate to the ‘Plugins’ menu and press ‘Activate’ where CoCart is listed. # WordPress Setup Source: https://docs.cocartapi.com/getting-started/wordpress-setup The best way to host your WordPress site for headless store. Deciding on the best way to host and configure your WordPress site for headless store can be a daunting task. There are many options available, and it can be difficult to know which one is right for you. This guide will help you understand the different options available and specify the best ones for your needs. ## The different types of hosting available There are many different types of hosting available, but the most common ones are: * Shared hosting * VPS hosting * Dedicated hosting * Managed WordPress hosting Each type of hosting has its own pros and cons, and the best one for you will depend on your needs. ## The pros and cons of each type of hosting ### Shared hosting Shared hosting is the most common type of hosting. It is also the cheapest option, making it a good choice for small businesses and personal websites. However, shared hosting has some drawbacks. Because you are sharing a server with other websites, your website may be slower and less reliable than if you were on a dedicated server. Additionally, you may have limited control over your server environment, which can make it difficult to customize your website. ### VPS hosting VPS (Virtual Private Server) hosting is a step up from shared hosting. With VPS hosting, you have your own virtual server that is isolated from other websites. This means that your website will be faster and more reliable than with shared hosting. However, VPS hosting is more expensive than shared hosting, and it requires more technical knowledge to set up and manage. If you are not comfortable managing your own server, VPS hosting may not be the best option for you. ### Dedicated hosting Dedicated hosting is the most expensive option, but it also offers the most control and flexibility. With dedicated hosting, you have your own physical server that is not shared with any other websites. This means that you can customize your server environment to meet your specific needs. However, dedicated hosting is also the most complex option, and it requires a lot of technical knowledge to set up and manage. If you are not comfortable managing your own server, dedicated hosting may not be the best option for you. ### Managed WordPress hosting Managed WordPress hosting is a specialized type of hosting that is designed specifically for WordPress websites. With managed WordPress hosting, your website is hosted on a server that is optimized for WordPress, and you have access to a team of experts who can help you with any issues you may have. This type of hosting is more expensive than shared hosting, but it can save you time and hassle in the long run. If you are not comfortable managing your own server, managed WordPress hosting may be the best option for you. ## Taking advantage of the WordPress Configuration File The WordPress configuration file **wp-config.php** is located at the root of WordPress and allows you to customize your WordPress installation. By taking advantage of the WordPress configuration file, you can improve the performance and reliability of your website, and make it easier to manage. For running a headless WordPress setup, we will be looking at a few options that will help improve the performance of your WordPress site and reduce the number of database calls when accessing the REST API. ### WP\_SITEURL **Site URL** is the address where your WordPress site is installed. It should include the **https\://** part and should not have a slash **/** at the end. **Recommend**: If you are using a subdirectory for your WordPress installation, you should set the site URL to the root of your site. This will allow you to access your site from the root URL without having to include the subdirectory in the URL. ```php theme={"system"} define( 'WP_HOME', 'https://example.com/wordpress' ); ``` [More information](https://developer.wordpress.org/advanced-administration/wordpress/wp-config/#wp-siteurl) ### WP\_HOME **Home** is the address where you want your visitors to access your site. It should include the **https\://** part and should not have a slash **/** at the end. **Recommend**: If you are using a subdirectory for your WordPress installation, you should set the home URL to the root of your site. This will allow you to access your site from the root URL without having to include the subdirectory in the URL. ```php theme={"system"} define( 'WP_HOME', 'https://example.com/wordpress' ); ``` [More information](https://developer.wordpress.org/advanced-administration/wordpress/wp-config/#blog-address-url) ### Memory Limit Having enough memory for WooCommerce is a must, even for smaller stores. We recommend setting the memory limit to at least **128M**. ```php theme={"system"} define( 'WP_MAX_MEMORY_LIMIT', '128M' ); ``` [More information](https://developer.wordpress.org/advanced-administration/wordpress/wp-config/#increasing-memory-allocated-to-php) ### Disable File Edits Once your site is live, you should disable the ability to edit files from the WordPress admin. This will prevent any unauthorized changes to your site. ```php theme={"system"} define( 'DISALLOW_FILE_EDIT', true ); ``` ### Disable Updates Having updates running in the background can cause issues with your site on production. For piece of mind, we recommend you disable updates. ```php theme={"system"} define( 'AUTOMATIC_UPDATER_DISABLED', true ); ``` [More information](https://developer.wordpress.org/advanced-administration/wordpress/wp-config/#disable-plugin-and-theme-update-and-installation) ### Debugging WordPress Debugging WordPress is essential for identifying and resolving issues. However, it is important to disable debugging on production sites to prevent exposing sensitive information. While working on your headless site, we recommend this simple configuration to enable debugging. It will log errors to a file instead of displaying them on the screen. This is especially useful where you may not have direct access to the server logs. ```php theme={"system"} define( 'WP_DEBUG', true ); if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) { // Enable Debug logging to the /wp-content/debug.log file define( 'WP_DEBUG_LOG', true ); // Disable display of errors and warnings define( 'WP_DEBUG_DISPLAY', false ); @ini_set( 'display_errors', 0 ); } ``` [More information](https://developer.wordpress.org/advanced-administration/wordpress/wp-config/#wp-debug) ## Setting up CORS to allow the frontend to access the REST API When using CoCart with a decoupled frontend, you will encounter CORS (Cross-Origin Resource Sharing) issues. CORS is a security feature implemented by web browsers to prevent malicious websites from making requests to other domains. To resolve CORS issues, you need to configure your server to allow requests from your frontend domain. This is done by setting the **Access-Control-Allow-Origin** header in your server's response. Simply set this filter `cocart_disable_all_cors` to `false` to enable CORS. ```php theme={"system"} Please see the getting started section for [CoCart setup](/getting-started/core/setup). Being based on the WordPress REST-API, it’s extremely easy to get started. REST (Representational State Transfer) is an architectural style for building web services that communicate over HTTP, similar to how web browsers interact with servers. It provides a standardized way for applications to exchange data and perform operations. Recommend reading the [REST API handbook](https://developer.wordpress.org/rest-api/) for more information. CoCart reads the WooCommerce data and exposes it safely in the REST API. This allows the use of most WooCommerce hooks to provide a wider array of support for most WooCommerce extensions out of the box. A headless store allows you to separate the front-end and back-end of your eCommerce application. This means you can use any technology stack for the front-end while still leveraging WooCommerce's powerful capabilities. Benefits include: * Flexibility in choosing front-end technologies. * Improved performance and user experience. * Easier integration with third-party services. * Enhanced scalability and maintainability. While it is possible to use the same domain for both WordPress and the headless store. It is recommended to use a subdomain or a different domain for the headless store to avoid conflicts and ensure better performance. We have a [WordPress setup guide](/getting-started/wordpress-setup) that provides our recommendations for setting up a headless store with CoCart. Yes. Just install CoCart and activate it on the sites you want to use CoCart. The base URL to access the REST API will be based on your network configuration type. CoCart is designed to be completely open to customization via **filters** and **action hooks**. CoCart does it's best to work out of the box with [WooCommerce extensions](/plugins/woocommerce-extensions) but we know that is not going to be always the case. If there is a compatibility issue with a plugin that you would like to work with CoCart. We would be happy to hear about it. Take a look at our [tested and verified list](/plugins/woocommerce-extensions) for extensions that work with CoCart. We also have a list of [incompatible plugins](/plugins/incompatible) that don't work with CoCart. With over 50,000 plugins available in the WordPress directory, WooCommerce’s marketplace and others out there in the WordPress abyss, some conflicts may arise. In the unusual circumstance that such an issue occurs, we will always do our utmost to try and resolve those conflicts through our friendly support. ## Performance CoCart does not slow down your WordPress site. We take performance seriously. CoCart was designed so you can have faster stores in your framework of choice. No. CoCart only creates one database table to handle session management as we use our own session handler. If you're familiar with WooCommerce, you may be wondering why using a custom session handler at all instead of the WooCommerce default session handler? A number of reasons but the ones that really matter are. * The default session handler only supports cookies. * The default session handler has no support for concurrent requests. * The default session handler **does not support guest customers without cookies**. * The default session handler **does not store additional session data to help you**. * The default session handler **does not allow support for POS capability** (coming soon). * More consistent with modern web. ## Support A TypeScript SDK is currently in the works. If you have a specific language that you would like an SDK for, please [contact us](mailto:support@cocartapi.com) to let us know or simply [make a feature request](https://cocartapi.com/suggest-a-feature/?ref=mintlify). Yes. [View roadmap](https://cocartheadless.featurebase.app/roadmap/status). You can get help either [via email](mailto:support@cocartapi.com) or [via our Discord server](https://cocartapi.com/community/). Please read our [support policy](https://cocartapi.com/support-policy/) on what is and what is not supported. That would be found at [WooCommerce.com](https://woocommerce.com). Please read our [support policy](https://cocartapi.com/support-policy/) on what is and what is not supported. Like WordPress itself, CoCart is also under constant, active development. That means that as the API evolves, you’ll be able to utilise the improvements introduced without major disruptions to your store and your development processes. ## Contribute Absolutely. Visit our translation site, [register an account](http://translate.cocartapi.com/wp-login.php?action=register) if you haven't already. Select the project you want to help translate, pick the language and start translating. If the language you’d like to translate the plugin into isn’t available yet, please [ask via email](mailto:support@cocartapi.com) with the subject **Requesting Translation Set** and let us know which one so a translation set can be created. Please view [opening issues](/resources/opening-issues) section for more information. We have more available in our [support center](/knowledge-base/faq). # CoCart: Decoupling WooCommerce for the modern storefront Source: https://docs.cocartapi.com/overview/introduction CoCart is a developer-first REST API to decouple WooCommerce on the frontend. ## What is CoCart? CoCart is the REST-API extension for WooCommerce designed specifically for developers and designers who want the power of a top tier eCommerce platform without the limitations of traditional WordPress themes and plugins. Build the modern and scalable storefront of your dreams with confidence independent of WordPress using frameworks like **Astro**, **React**, **Vue**, or **Next.js**, gaining complete control over your customers experience no matter what your store sells. ### Problems We Solve Seamlessly separate your frontend from WordPress, allowing for greater flexibility and customization. Efficient handling of requests to ensure fast and reliable interactions, even under heavy load. Comprehensive documentation and a supportive community to assist you in building your ideal storefront. Get started with CoCart in minutes, by downloading and installing our plugin on your WordPress site. Learn about CoCart's core standards for the REST API ## Core Features CoCart utilizes WooCommerce’s Data Stores API and mirrors most WooCommerce hooks, ensuring broad compatibility with numerous extensions right from the start. No cookie blockage. Secure cart key solution for database-based session management designed for headless. No Admin API Keys required. Basic authentication for customers are handled depending on your store needs for preferred login: * Username and Password * Email and Password * Phone Number and Password. Can be followed by JWT authentication. Addressing CORS issues in decoupled setups, CoCart grants you control over the origin to address any CORS issues when decoupling. [View CORS section](/documentation/learn/cors) for more info. Search products by name, ID, or SKU; filter and retrieve necessary product data with or without authentication, allowing different results based on role type i.e. Membership, Wholesale and more. Our system minimizes the need for multiple requests to verify item and coupon validity in your cart. It efficiently checks stock, calculates totals and fees, ensuring real-time accuracy so your responses are consistently up-to-date. Empower your customers to set their price, encouraging support with flexible payment options that broaden your paying audience. Batch multiple cart requests at once for efficiency and faster responses. [View Bulk Requests section](/documentation/learn/batch-requests) for more info ## Integration options These SDKs are still in development so in the mean time please refer to our [API Reference](/reference/core) for direct API calls. ### Native SDKs For web and Node.js applications For WordPress, Laravel, and other PHP applications ## Why Choose CoCart? Focus on building your unique storefront with an API designed specifically for WooCommerce to be decoupled. CoCart offers a developer-first approach, ensuring you have the tools and flexibility needed to create a seamless shopping experience. ### Community and Support CoCart is built in the open with full transparency and a growing community of developers and contributors. Access comprehensive documentation to help you every step of the way. GPL 3.0 license with full transparency on GitHub Feature requests, roadmap, and issues - all in the open ### Future-Proof Your Store Stay ahead with a solution designed to evolve with the latest web technologies and eCommerce trends. ### Get Started Today Ready to take your WooCommerce store to the next level? [Install CoCart now](/getting-started/core/setup) and start building the modern storefront you've always envisioned. # Roadmap Source: https://docs.cocartapi.com/overview/roadmap Understand what is currently being prioritized and what we are planning to build in the near future. We use community feedback to plan our roadmap, and we also encourage contributors to submit their ideas on [Discord](https://cocartapi.com/community/?ref=mintlify) so that we can discuss them with the community. You are also welcome to [submit ideas on the feedback board](https://cocartheadless.featurebase.app/?createPost=true). Feel free to vote/comment on any of them listed if any of them are important to you. [View roadmap](https://cocartheadless.featurebase.app/roadmap/) # Security Policy Source: https://docs.cocartapi.com/overview/security-policy An overview of CoCart Security Policy Full details of the CoCart Security Policy can be found on [cocartapi.com/security-policy/](https://cocartapi.com/security-policy/). ## Supported Versions The CoCart Headless Security Team believes in Responsible Disclosure by alerting the security team immediately and privately of any potential vulnerabilities. If a critical vulnerability is found in any of the current versions of a CoCart plugin, we may opt to backport any patches to previous versions. ### Core | Version | Supported | | -------- | --------- | | 5.0.x | Yes | | 4.6.x | Yes | | 4.5.x | Yes | | 4.4.x | Yes | | 4.3.x | Yes | | 4.2.x | No | | 4.1.x | No | | 4.0.x | No | | \< 4.0.0 | No | ### Plus | Version | Supported | | -------- | --------- | | 2.0.x | Yes | | 1.6.x | Yes | | 1.5.x | Yes | | \< 1.4.x | No | ### JWT Authentication | Version | Supported | | -------- | --------- | | 2.5.x | Yes | | 2.4.x | Yes | | 2.3.x | Yes | | 2.2.x | Yes | | 2.1.x | Yes | | 2.0.x | Yes | | \< 1.0.x | No | ## Reporting a Vulnerability **For responsible disclosure of security issues, please submit your report based on instructions found on [cocartapi.com/security-policy/](https://cocartapi.com/security-policy/).** Our most critical targets are: * CoCart Core [repository](https://github.com/co-cart/co-cart) * CoCart Plus * CoCart JWT Authentication [repository](https://raw.githubusercontent.com/cocart-headless/cocart-jwt-authentication) * cocartapi.com -- the primary marketplace and marketing site. ## Guidelines We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines: * Pen-testing Production: * Please **setup a local environment** instead whenever possible. Most of our code is open source (see above). * If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC. * **Don't automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels. * Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability. # Standards Source: https://docs.cocartapi.com/overview/standards Learn about CoCart's core standards for the REST API CoCart API provides public Rest API endpoints for the development of customer-facing cart, ~~checkout~~, and product functionality. It follows many of the patterns used in the [WordPress REST API](https://developer.wordpress.org/rest-api/key-concepts/). Example of a valid API request using cURL: ```http theme={"system"} curl "https://example-store.com/wp-json/cocart/v2/products" ``` Possible uses of the CoCart API include: * Obtaining a list of products to display that can be searched or filtered * Adding products to the cart and returning an updated cart object for display * Obtaining shipping rates for a cart * Collecting a customers's addresses ## Versioning CoCart API will be safely versioned using root path versioning, in the format `/v{major}`. For example, `/cocart/v2/cart`. The current supported WordPress REST API integration for CoCart is version `v2`. ## CoCart API Namespace Resources in the CoCart API are all found within the `cocart/v2` namespace, and since this API extends the WordPress API, accessing it requires the `/wp-json/` base. Examples: ``` GET /wp-json/cocart/v2/products GET /wp-json/cocart/v2/cart ``` The API uses JSON to serialize data. You don’t need to specify .json at the end of an API URL. If you want to change the CoCart API Namespace, we have an add-on in the works that will do just that. Please show interest by contacting support to be on waitlist. ## Versioning Strategy The main principles of the strategy are: 1. All breaking changes will be bundled into a new version 2. Deprecations for existing versions whenever a new version is announced is 6 months 3. In order to provide quicker adoption of new changes, they will be released on on ongoing basis 4. All API responses will contain the version of CoCart core via the returned header `CoCart-Version` if you have `WP_DEBUG` enabled which will be set to the current version of the plugin you are using. Should there be any fundamental requirement changes that require an API breaking change, we will notify via a blog post. ## Breaking Changes Breaking changes are any changes that require developer resources to maintain existing functionality. This includes resources used for investigation into the changes that need to be made, determination of features/endpoints being deprecated and final implementation of all these changes. A list of breaking changes are things like: * Removing a param from the API request/response * Modifying the name for any params or endpoints * Adding/changing optional or required params (e.g., making a customers name a required field in the request) We won’t make breaking changes to existing API endpoints for API versions lower than `v2`. If breaking changes are necessary that changes the data in the response, we’ll release a new major version. We may deprecate APIs that have been replaced by a newer version. When doing so, we will expect developers to manage a transition to the new resources within the deprecation timeline of old ones. Changes we do not consider to be breaking: * Adding new endpoints * Adding optional query parameters to API endpoints * Adding new properties to existing API responses * Reordering properties in existing API responses It is important that clients are built to be robust to these changes. **Deprecation**: Deprecated versions will be unsupported and it is recommended that developers cease to use these APIs. **Sunset**: Once an API is sunset, the corresponding set of endpoints will no longer be accessible via the API. ## Requirements and limitations * This is an unauthenticated API. It does not require API keys or authentication tokens for access. * All API responses return JSON-formatted data. * Data returned from the API is reflective of the current user (customer). Sessions are token based. * CoCart API cannot be used to look up other customers and orders by ID; only data belonging to the current user. * Likewise, CoCart API cannot be used to write store data e.g. settings. For more extensive access, use the authenticated [WooCommerce REST API](https://woocommerce.github.io/woocommerce-rest-api-docs/#introduction). * Endpoints that do allow writes, for example, updating the current customer address, require a cart key or user ID by authentication. * CoCart API is render-target agnostic and should not make assumptions about where content will be displayed. For example, returning HTML would be discouraged unless the data type itself is HTML. ## Pagination If collections contain many results, they may be paginated. When listing resources you can pass the following parameters: | Parameter | Description | | --------- | ---------------------------------------------------------------------------------- | | page | Current page of the collection. Defaults to 1. | | per\_page | Maximum number of items to be returned in result set. Defaults to 10. Maximum 100. | Large queries can hurt site performance, so `per_page` is capped at **100 records**. If you wish to retrieve more than 100 records, for example to build a client-side list of all available categories, you may make multiple API requests and combine the results within your application. In the example below, we list 20 products per page and return page 2. ```http theme={"system"} curl "https://example-store.com/wp-json/cocart/v2/products?page=2&per_page=20" ``` Additional pagination headers are also sent back to help determine how much more data is available. | Header | Description | | --------------- | ------------------------------------------------------------------- | | X-WP-Total | The total number of items in the collection. | | X-WP-TotalPages | The total number of pages in the collection. | | Link | Contains links to other pages; next, prev, and up where applicable. | ## Status Codes The following table gives an overview of how the API functions generally behave. | Request type | Description | | ------------ | ----------------------------------------------------------------------------------------------------------- | | `GET` | Access one or more resources and return `200 OK` and the result as JSON. | | `POST` | Return `201 Created` if the resource is successfully created and return the newly created resource as JSON. | | `PUT` | Return `200 OK` if the resource is modified successfully. The modified result is returned as JSON. | | `DELETE` | Returns `204 No Content` if the resource was deleted successfully. | The following table shows the possible return codes for API requests. | Status Code | Description | | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | | `200 OK` | The request was successful, the resource(s) itself is returned as JSON. | | `201 Created` | The POST request was successful and the resource is returned as JSON. | | `204 No Content` | The server has successfully fulfilled the request and that there is no additional content to send in the response payload body. | | `400 Bad Request` | A required attribute of the API request is missing. | | `401 Unauthorized` | Authentication or permission error, e.g. incorrect login. | | `403 Forbidden` | Not allowed to process this action or have permission. | | `404 Not Found` | A resource could not be accessed, for example it doesn't exist. | | `405 Method Not Allowed` | A request method is not supported for the requested resource. | | `406 Not Acceptable` | Indicates that the server could not produce a response. | | `500 Internal Server Error` | While handling the request something went wrong server-side. | ## Route Handling Typically, routes handle the following types of requests: * `GET` requests to read product, cart, or checkout data. * `POST` and `PUT` requests to update cart and checkout data. * `DELETE` requests to remove cart data. * `OPTIONS` requests to retrieve the JSON schema for the current route. Ideally, your server should be configured to accept these types of API requests (`POST`, `PUT` and `DELETE`), but if not you can use the [`_method`](https://developer.wordpress.org/rest-api/using-the-rest-api/global-parameters/#_method-or-x-http-method-override-header) property. ## Response Headers CoCart returns specific and required headers for the API to function and help manage data control. ### Global Headers If you have `WP_DEBUG` set to true, the version of the core of CoCart will return. In addition a timestamp header is also introduced. * `CoCart-Version: 4.6.3` * `CoCart-Timestamp: time()` ### Cart Headers For the Cart API, three important headers return for managing the cart session. Use them to help track the cart session. * Cart Key: `CoCart-API-Cart-Key: ` * Cart Expiring: `CoCart-API-Cart-Expiring: ` * Cart Expiration: `CoCart-API-Cart-Expiration: ` ### CORS Headers When CORS is enabled, the following headers will return. * `Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE` * `Access-Control-Allow-Credentials: true` * `Vary: Origin` * `Access-Control-Max-Age: 600` - This caches the result of preflight requests (600 is the upper limit for Chromium). * `X-Robots-Tag: noindex` * `X-Content-Type-Options: nosniff` Allowed preflight requests and any allowed origins will return: * `Access-Control-Allow-Origin: *` ### Cache Control * `Expires: Thu, 01-Jan-70 00:00:01 GMT` * `Cache-Control: no-cache, must-revalidate, max-age=0, no-store` // If the API is authenticated it will extend by adding `private` at the end. * `Pragma: no-cache` The products API additionally returns the last modified header with the date of the product it was last updated. * `Last-Modified: Thu, 29-July-25 14:05:30 GMT` ## Dates Datetime fields in the APIs conform to the **[ISO 8601](https://en.wikipedia.org/wiki/ISO_8601)** date and time format in UTC. For example: `2025-03-22T11:56:48.520641Z`. ## Country Codes Countries are identified in the APIs using **[ISO 3166-1 Alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)** codes. For example: `GB` and `US`. ## Currency Currency are identified in the APIs using **[ISO-4217](http://en.wikipedia.org/wiki/ISO_4217)** codes. This is a three-letter string like `USD` or `EUR`. The value of a currency is represented by your WooCommerce store settings on the **General** tab. Most currencies have a “precision” of two (like USD: \$1.23). * `AED`, `VEF`, `PKR`, `IDR`, `HKD`, `QAR`, `PHP`, `NZD`, `INR`, `EUR`, `ARS`, `THB`, `MXN`, `EGP`, `DZD`, `SAR`, `LBP`, `COP`, `TRY`, `SGD`, `MAD`, `AUD`, `USD`, `MYR`, `CAD`, `BRL`, `GBP`. The following currencies don’t use a decimal: * `VND`, `KRW`, `CLP`, `JPY` And these use three decimal places: * `KWD`, `IQD`, `BHD`, `TND` It is important that you set the currency correctly for the API to return price values correctly. # Backers Source: https://docs.cocartapi.com/resources/backers Development of CoCart is made possible thanks to these awesome backers! You can become a backer by becoming a CoCart Sponsor or support by [purchasing a CoCart license](https://cocartapi.com/pricing/?ref=mintlify). All sponsors will be listed in the [BACKERS.md](https://github.com/co-cart/co-cart/blob/development/BACKERS.md) file. CoCart helps you contract work and you'd love to support its development further. **Reward**: Your name will be in **BACKERS.md** file. You're a small team of developers and CoCart provides what you need. You'd love to support its development further so it can be more awesome. **Reward**: Your names will be in **BACKERS.md** file. CoCart saves you time and money for your clients. You'd love to keep it maintained and support its development further. **Reward**: Your company logo will be in CoCart's **README.md** and **CoCart's** website. CoCart saves you time and money for your major clients. You'd love to keep it maintained and support its development further. **Reward**: Your company logo will be placed higher in CoCart's **README.md** and **CoCart's** website. You will also get some stickers. **Reward**: Your company logo will be placed at the very top above all other sponsors in CoCart's [README](https://github.com/co-cart/co-cart/blob/development/README.md) and on [CoCart's website](https://cocartapi.com/). You will also get some shiny stickers. # Community Source: https://docs.cocartapi.com/resources/community CoCart community initiatives Join the community discussions on GitHub. Join the community on Discord to chat with us and fellow CoCart users. Current issues that are being worked on. Issues have a status label to identify it's progress. Create a bug report to help improve CoCart. Publish your headless store for others to see. **Contact us** with a link to the store. Share feature requests and integration requests. Learn about the latest features and updates from CoCart. Follow us on **X/Twitter** to get notified when we release new features # Opening Issues Source: https://docs.cocartapi.com/resources/opening-issues Opening issues is a crucial step in open-source, as issues keep projects stable and help maintainers understand the needs of the community. To help us maintain a stable project, please observe the following guidelines and general rules: ## Open issues for bugs only We ask that **issues are only opened for bugs**, and not for questions. Questions should be asked in [Discussions](https://github.com/co-cart/co-cart/discussions) or on [Discord](https://cocartapi.com/community/?ref=mintlify). While you may open a request for a feature. It would be best to ask in [Discussions](https://github.com/co-cart/co-cart/discussions) first to see if such a feature is possible. ## Include a proper reproduction To ensure your issue can be addressed, please **include a proper reproduction**. Please avoid: * Setting the link to the reproduction pointing to our repository * Providing a code snippet that does not sufficiently reproduce the issue Failing to include a proper reproduction may require extra back-and-forth between you and us, slow the process of fixing the issue for you and others, and make it harder to check if the issue has been fixed on a new release. ## Test the latest version before opening an issue Before opening an issue regarding a bug, please test with the latest stable version. If the bug is fixed, you can still open an issue, and we will tag it with Fixed under the trunk branch so others will know it has been fixed. If you do find that the bug was introduced in a specific version, and an older version didn’t have the issue then you should mention that this is a regression and in what versions it was introduced. ## Conclusion Now that you are ready, click below to open an issue! Thank you so much for contributing. Current issues that are being worked on. Issues have a status label to identify it's progress. Create a bug report to help improve CoCart. # Support Policy Source: https://docs.cocartapi.com/resources/support-policy # Mix and Match Products for WooCommerce Source: https://docs.cocartapi.com/api-reference/plugins/wc-mix-and-match-products Allows customers to create their own product bundles. Selling cases of wine? A dozen donuts? Fruit baskets? Six-packs of T-shirts? [Mix and Match Products](https://woocommerce.com/products/woocommerce-mix-and-match-products/) is ideal for offering similar products in bulk containers. Perfect for encouraging customers to buy in bulk without forcing them to buy items that don’t interest them. Mix and Match Products supports CoCart since v1.10.0 ## Add item to cart Add a container with the customers selected items and quantity. ```bash cURL theme={"system"} curl -X POST https://your-store.com/wp-json/cocart/v2/cart/add-item \ -H "Content-Type: application/json" \ -d '{ "id": "1102", "quantity": "2", "item_data": { "mnm_config": [ { "product_id": 987, "quantity": 1 }, { "product_id": 1001, "quantity": 2 }, { "product_id": 1003, "quantity": 3 } ] } }' ``` # Name Your Price for WooCommerce Source: https://docs.cocartapi.com/api-reference/plugins/wc-name-your-price Allow customers to define the product price. Also useful for accepting user-set donations. The [Name Your Price](https://woocommerce.com/products/name-your-price/) plugin extension lets you be flexible in what price you are willing to accept for selected products. You can use this plugin to accept donations or to take a new approach to selling products. You can suggest a price to your customers and optionally enforce a minimum acceptable price, or leave it entirely in the hands of the customer. Name Your Price supports CoCart since v3.1.0 ## Add item to cart Apply the customers requested price for the product when adding item to cart. ```bash cURL theme={"system"} curl -X POST https://your-store.com/wp-json/cocart/v2/cart/add-item \ -H "Content-Type: application/json" \ -d '{ "id": "129", "quantity": "1", "item_data": { "nyp": 24 } }' ``` # Remove item from cart Source: https://docs.cocartapi.com/api-reference/v2/cart/delete-item-by-key api-reference/v2/openapi-v2-stable.yaml delete /cart/item/{item_key} Removes a specific item from the customer's cart. By default returns the updated cart contents. Set return_status=true to get just a removal message. # Get Cart Items Count Source: https://docs.cocartapi.com/api-reference/v2/cart/get-items-count api-reference/v2/openapi-v2-stable.yaml get /cart/items/count Returns the count of items in the customer's cart. # Get Cart Totals Source: https://docs.cocartapi.com/api-reference/v2/cart/get-totals api-reference/v2/openapi-v2-stable.yaml get /cart/totals Get the carts totals. This endpoint will be deprecated in the future. Recommend getting the totals from the main **cart** endpoint. # Update cart Source: https://docs.cocartapi.com/api-reference/v2/cart/post-cart-update api-reference/v2/openapi-v2-stable.yaml post /cart/update Updates multiple cart items or properties at once. # Update Item in Cart Source: https://docs.cocartapi.com/api-reference/v2/cart/post-item-by-key api-reference/v2/openapi-v2-stable.yaml post /cart/item/{item_key} Updates the quantity or other properties of a specific item in the customer's cart. By default returns the updated cart contents. Set return_status=true to get a status message with quantity info. # Restore Item to Cart Source: https://docs.cocartapi.com/api-reference/v2/cart/put-item-by-key api-reference/v2/openapi-v2-stable.yaml put /cart/item/{item_key} Restores a previously removed item back to the customer's cart. By default returns the updated cart contents. Set return_item=true to get just the restored item details. # Get a Single Product Source: https://docs.cocartapi.com/api-reference/v2/products/get-product api-reference/v2/openapi-v2-stable.yaml get /products/{id} Gets a single product by ID or SKU. # Get a Product Attribute by ID Source: https://docs.cocartapi.com/api-reference/v2/products/get-product-attribute-by-id api-reference/v2/openapi-v2-stable.yaml get /products/attributes/{id} Gets a single product attribute by ID. # Get a Product Attribute Term by ID Source: https://docs.cocartapi.com/api-reference/v2/products/get-product-attribute-term api-reference/v2/openapi-v2-stable.yaml get /products/attributes/{attribute_id}/terms/{id} Gets a single term for a specific product attribute. # Get a Product Attributes Terms Source: https://docs.cocartapi.com/api-reference/v2/products/get-product-attribute-terms api-reference/v2/openapi-v2-stable.yaml get /products/attributes/{id}/terms Gets terms for a specific product attribute. # Get Product Attributes Source: https://docs.cocartapi.com/api-reference/v2/products/get-product-attributes api-reference/v2/openapi-v2-stable.yaml get /products/attributes Gets a list of product attributes. # Get Product Categories Source: https://docs.cocartapi.com/api-reference/v2/products/get-product-categories api-reference/v2/openapi-v2-stable.yaml get /products/categories Gets a list of product categories. # Get Product Category by ID Source: https://docs.cocartapi.com/api-reference/v2/products/get-product-category-by-id api-reference/v2/openapi-v2-stable.yaml get /products/categories/{id} Gets a single product category by ID. # Get a Product Review Source: https://docs.cocartapi.com/api-reference/v2/products/get-product-review api-reference/v2/openapi-v2-stable.yaml get /products/reviews/{id} # Get Product Reviews Source: https://docs.cocartapi.com/api-reference/v2/products/get-product-reviews api-reference/v2/openapi-v2-stable.yaml get /products/reviews Gets a list of product reviews. # Get Product Category by ID Source: https://docs.cocartapi.com/api-reference/v2/products/get-product-tag-by-id api-reference/v2/openapi-v2-stable.yaml get /products/categories/{id} Gets a single product category by ID. # Get Product Tags Source: https://docs.cocartapi.com/api-reference/v2/products/get-product-tags api-reference/v2/openapi-v2-stable.yaml get /products/tags Gets a list of product tags. # Get a Product Variation Source: https://docs.cocartapi.com/api-reference/v2/products/get-product-variation api-reference/v2/openapi-v2-stable.yaml get /products/{id}/variations/{variation_id} Gets a single variation for a variable product. # Get a Products Variations Source: https://docs.cocartapi.com/api-reference/v2/products/get-product-variations api-reference/v2/openapi-v2-stable.yaml get /products/{id}/variations Gets variations for a variable product. # Get Products Source: https://docs.cocartapi.com/api-reference/v2/products/get-products api-reference/v2/openapi-v2-stable.yaml get /products Gets a list of products with optional filtering and pagination. # Delete a Session Source: https://docs.cocartapi.com/api-reference/v2/sessions/delete-session api-reference/v2/openapi-v2-stable.yaml delete /sessions/{id} Deletes a specific cart session by session key. # Get a Session Source: https://docs.cocartapi.com/api-reference/v2/sessions/get-session api-reference/v2/openapi-v2-stable.yaml get /sessions/{id} Gets a specific cart session by session key. # Retrieve Sessions Source: https://docs.cocartapi.com/api-reference/v2/sessions/get-sessions api-reference/v2/openapi-v2-stable.yaml get /sessions Gets a list of cart sessions for administrative purposes. # Store Source: https://docs.cocartapi.com/api-reference/v2/store/get-store api-reference/v2/openapi-v2-stable.yaml get /store Gets general store information including routes and configuration. Both the version and routes only return when `WP_DEBUG` is set to `true`. # Login User Source: https://docs.cocartapi.com/api-reference/v2/user/post-login api-reference/v2/openapi-v2-stable.yaml post /login Logs in a user and creates a session. # Logout User Source: https://docs.cocartapi.com/api-reference/v2/user/post-logout api-reference/v2/openapi-v2-stable.yaml post /logout Logs out the current user and destroys the session. Originally this endpoint was used to log out a user and their cart session when relying on WooCommerce session cookie. While the endpoint is not needed to clear the users session anymore, you can still use it to clear any WordPress cookies that may have been set. # CoCart Core v4 Source: https://docs.cocartapi.com/breaking-changes/core-v4 These breaking changes affect how CoCart handles cart sessions. Since the cart key is provided in both the cart response and returned headers. Saving the cart key in your own cookie or local storage is recommended. CoCart core v4.2 introduced a significant architectural change to how cart sessions are managed. * **Cart keys** are now the primary method for identifying cart sessions for both guest and authenticated users. **No more WooCommerce session cookies when using the API**. * All session management handled by CoCart makes it more reliable for headless and decoupled WooCommerce stores. This change helps with the confusion of needing to pass along the session cookie or reading the cookie to extract the cart key and help with user switching much better. We got mixed feedback for before this change, so by removing the cookie the session handler relied on before, the developer has better control over it. **Developer Impact** * If you previously relied on WooCommerce’s session cookies with CoCart, you must now use the cart key returned. * All custom integrations, middleware, or client apps must store and send the cart key with every relevant API request. ## Versions not to install * `4.0.0` - Was missing a required class. `4.0.1` fixes that. * `4.2.0` - A deprecated function was causing a fatal error. Fixed with `4.2.1` * `4.3.1` - Hot fix in `4.3.2` corrected issues that affected CoCart since `4.2.0` and patches were applied to previous versions to prevent roll update issues for those who had not updated automatically. ## Deprecations We advise that you update on staging or local to check if you have used any of our experimental functions and filters that were added to the session handler to see if any have been deprecated. You can also see the list of deprecations below. * Removed the legacy API that CoCart started with. * Removed support for stores running lower than WooCommerce version 4.5 * User switching removed. Never worked 100%. Mainly added for internal debugging purposes. * No longer use `cocart_override_cart_item` filter. Recommend using `cocart_item_added_to_cart` action hook instead. * No longer user `cocart_cart_updated` hook. Replaced with `cocart_update_cart_before_totals` hook. * Removed the need to support web host "Pantheon" by filtering the cookie name. * Removed our session abstract `CoCart_Session` that extended `WC_Session`. Any remaining functions have moved to a refreshed session handler. * Function `CoCart_Session_Handler::destroy_cookie()` no longer used. * Function `CoCart_Session_Handler::cocart_setcookie()` no longer used. * Function `CoCart_Session_Handler::get_cart()` no longer used. * Filter `cocart_cookie` no longer used. Use `woocommerce_cookie` instead. * Filter `cocart_cookie_httponly` no longer used. * Filter `cocart_cookie_supported` no longer used. * Filter `cocart_set_cookie_options` no longer used. * Filter `cocart_cart_use_secure_cookie` no longer used. Use `wc_session_use_secure_cookie` instead. * Filter `cocart_is_cart_data_valid` no longer used. * Returned headers `X-CoCart-API-Timestamp` and `X-CoCart-API-Version` no longer used. # JWT Authentication Source: https://docs.cocartapi.com/cli-reference/cli-jwt These commands are strictly designed to help with your development. ## Clean up tokens Cleans up expired JWT tokens. ```bash theme={"system"} wp cocart jwt cleanup [--batch-size=] [--force] ``` ### Arguments Number of users to process per batch (default: 100) (Optional) Force cleanup of all tokens (Optional) **Examples:** ```bash theme={"system"} wp cocart jwt cleanup --batch-size=50 wp cocart jwt cleanup --force ``` ## View token details Displays details of a JWT token in a table. ```bash theme={"system"} wp cocart jwt view ``` ### Arguments The JWT token to view **Example:** ```bash theme={"system"} wp cocart jwt view eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOlwvXC9jb2NhcnRhcGkubG9jYWwiLCJpYXQiOjE3Mzk3NTEzNzIsIm5iZiI6MTczOTc1MTM3MiwiZXhwIjoxNzQwNjE1MzcyLCJkYXRhIjp7InVzZXIiOnsiaWQiOjEsInVzZXJuYW1lIjoic2ViYXN0aWVuIiwiaXAiOiIxMjcuMC4wLjEiLCJkZXZpY2UiOiJIVFRQX1hfVUNCUk9XU0VSX0RFVklDRV9VQSJ9LCJzZWNyZXRfa2V5IjoiYmFuYW5hIn19.aBuyRwAtvGb6SI4BB_MN4NYN01jqVZN4PPnd1jfW2UA ``` ## Lists tokens Lists all active JWT tokens. ```bash theme={"system"} wp cocart jwt list [--page=] [--per-page=] ``` ### Arguments Page number to display (default: 1) Number of tokens to display per page (default: 20) **Example:** ```bash theme={"system"} wp cocart jwt list --page=2 --per-page=10 ``` ## Create token Generates a new JWT token for a user. ```bash theme={"system"} wp cocart jwt create --user= [--user-agent=] ``` ### Arguments The user ID, email, or login to generate the token for The User Agent to override the server User Agent (optional) **Examples:** ```bash theme={"system"} wp cocart jwt create --user=123 wp cocart jwt create --user=admin@example.com --user-agent="Custom User Agent" ``` ## Destroy tokens Destroys JWT tokens for a specific user. ```bash theme={"system"} wp cocart jwt destroy [--pat=] [--force] ``` ### Arguments The user ID, email, or login to destroy tokens for Specific PAT token ID to destroy (optional) Force destroy without confirmation (optional) **Examples:** ```bash theme={"system"} wp cocart jwt destroy 1 wp cocart jwt destroy admin@example.com --force wp cocart jwt destroy username --pat=pat_abc123 ``` # Introduction Source: https://docs.cocartapi.com/cli-reference/introduction Welcome to the CLI Reference for CoCart. ## What is CoCart CLI? CoCart CLI (COCART-CLI) offers an efficient way to manage carts via the command line. This tool is an add-on and leverages the capabilities of the CoCart REST API. This means that most tasks achievable through the REST API can also be performed via the command line. ## Frequently Asked Questions CoCart CLI is an add-on that is part of CoCart Pro tier. You will find it as one of the benefits in your account. Simply download and install the plugin. CoCart CLI is a part of WP-CLI specifically designed for CoCart. While WP-CLI deals with general WordPress management, COCART-CLI focuses on CoCart-specific tasks. ## Troubleshooting This error often occurs if your user role doesn’t have the necessary permissions. Ensure you’re using an account with administrative privileges. Check for typos and verify the command syntax with –help. If the issue persists, consult the Command Reference or seek support from the CoCart community. # Code snippets added the right way Source: https://docs.cocartapi.com/knowledge-base/adding-code How to apply any CoCart filter or action hook the safe way The best way to apply changes to your WordPress site is to add them in parts/snippets without touching any files in a plugin or the theme your using. Editing other PHP file carries the risk of breaking the rest of the code in the file and also opens you to the potential that the code will be lost when you update. There are several functionality plugins available in the WordPress.org repository. The instructions below explain how to install and use a plugin called **[Code Snippets](https://wordpress.org/plugins/code-snippets/)**. 1. Go to Plugins → Add New, search **Code Snippets** and install and activate the plugin. This will add a Snippets item to your wp-admin dashboard menu. 2. Navigate to Snippets → Add New. 3. Enter a title. 4. Paste or type your code in the Code field. 5. Click "Save Changes and Activate". *** Install via **WP-CLI command**. ```bash theme={"system"} wp plugin install code-snippets --activate ``` If you have set a priority on the filter/hook. It is best that you set the **priority** at the same level. You also want to set/leave it on "Run snippet everywhere". # Cart Key Source: https://docs.cocartapi.com/knowledge-base/cart-key ## What is a Cart Key? A cart key is what identifies the cart stored in session along with it's cart data and expiration. The cart key by default, will be a random set of letters and numbers or if the Cart API request is authenticated, it will relate to the user ID of the authenticator instead. If you try to identify a registered user via the cart key then you will be asked to authenticate as that user instead. ## Finding the Cart Key You can find the cart key returned in the cart response called `cart_key` and via the returned headers called `CoCart-API-Cart-Key` once the first API request has been made. Once you have the cart key, you can then use it to set the `cart_key` as a global parameter with any of the Cart API routes to load that cart. Without the cart key set for other Cart API routes, any requests made will not be applied to the appropriate cart session. This is partially important when adding, updating or removing items to and from the cart as such. The same for coupons, fees and other cart related requests made. The cart\_key parameter is a global parameter so it must be queried rather than being added as part of the body data you send with the API request you make. Otherwise it will not update the appropriate cart. Should you fail to do so correctly will lead to adding items stored in their own individual cart session which you will not be able to recover from previous requests. ## Creating a Cart Key Manually You can create your own cart key but, it cannot be longer than **42 characters** as that is the limit for storing the key in the database. ### HTTP request /wp-json/cocart/v2/cart?cart\_key=mycartkey123 If you do create your own cart key, it is best that you do so when adding the first item to the cart in order to update the correct cart from the start. # Support Source: https://docs.cocartapi.com/knowledge-base/contact-us We love to support customers, quickly. Reach out anytime. Thank you for reaching out and helping us make CoCart & our docs better. We greatly appreciate it! Join the community discussions on GitHub. Join the community on Discord to chat with us and fellow CoCart users. Open a new issue for a bug report to help improve CoCart. Tell us about the feature you would like. ## Email You can reach us at [support@cocartapi.com](mailto:support@cocartapi.com) # Frequently Asked Questions Source: https://docs.cocartapi.com/knowledge-base/faq A collection of answers to your possible questions. At CoCart, we're here to help. You'll find instant answers to nearly every question by searching our knowledge base. If you still need help, please [contact us](mailto:support@cocartapi.com) for personal support. ## Pre-Sale Questions No. But you can try the latest version of CoCart [online for free by creating a sandbox](https://cocartapi.com/try-free-demo/) to see if it's right for you. Yes. But before you make a decision to purchase. We recommend that you [try creating a sandbox](https://cocartapi.com/try-free-demo/) first to try the product out at **no cost**. See [refund policy](https://cocartapi.com/refund-policy/) for more information. Yes you can. [Login to your Polar account](https://polar.sh/cocartheadless/portal/request) and you can manage which tier you wish to change to. Otherwise, [contact support](mailto:support@cocartapi.com) for assistance. We accept all major credit cards, Cash App Pay, U.S. Bank Account, Apple Pay and Google Pay. All payments are processed securely through [Polar](https://polar.sh). Yes. During checkout you can fill in your company details and an invoice is automatically generated and sent to you. Our order process is conducted securely by our online reseller [Polar](https://polar.sh). Polar is our Merchant of Record for all our orders and they will invoice and charge you. VAT is a required sales tax in some countries. Fill in your company details during checkout and the VAT will be deducted. Usually it's your bank issuing the decline, for a number of different reasons like insufficient funds, they think the transaction is fraudulent or you typed the wrong CCV. Unfortunately, banks rarely send along the real reason for declining a transaction and if it's none of the above, the only recourse is to contact your bank to figure out what the problem is. To keep giving you continued access to updates, yes. Subscriptions will renew automatically for you unless paused or cancelled. If you cancel your subscription at any time, you will lose access to updates and support once the billing period ends. No. It is up to you to keep track of your subscription. Once cancelled, your license remains active until the end of your current billing period. After that, the license status changes to “cancelled” you will no longer have access to updates and support. You can still use CoCart as before, you just won’t be able to receive updates. Please be aware that running outdated versions of any software brings an inherit security risk with it. Yes you can, but please know that when it comes to renewing your license, plugin updates past your subscription will not be available to you. We do not. Lifetime deals are really for products/services that don’t require much maintenance or any for that matter to keep working. As CoCart is an extension of WooCommerce, updates are important to keep up with changes they make which is why we do subscription only. All our WordPress plugins are multisite compatible. See Multisite questions below for more specifics. Yes. All our WordPress plugins are compatible with WordPress.com Business and eCommerce plans, which allows installation of plugins. Yes, we offer PPP for countries with significantly lower average income to make our prices fair for everyone. [Contact us](mailto:support@cocartapi.com) with proof of residence to receive a discount code. ## Multisite Questions To use one of our plugins on a WordPress multisite, you will need a license for each sub-site where you will be using it. For example: * If you want to use it on 5 sites in a multisite then you will need a license for 5 sites. * If your multisite contains 10 sites but you only want to use the plugin on 1 site, you will need a single site license. You should enter the license key on the plugin settings page for each site where you want to use the plugin. Yes, the plugin should be network activated even if you are only using it on 1 site within the multisite. This is needed in order to update the plugin. Yes, you can upgrade your license. If you need more than 20 sites, please get in touch. ## Support and Plugin Questions We offer support for all our products through our [Discord community](https://cocartapi.com/community). Support is available to all users with a valid license key. Plugin updates for the core plugin and any free add-ons will always get free updates. CoCart Plus and any premium add-on requires a valid license key to receive updates. CoCart can be updated either via one-click update or manually. When an update becomes available, you will receive a notification on your **Plugins** page. To update CoCart, simply click on the "Update Now" link in the notification on the Plugins page. If you prefer to update manually, you can download the new version of the plugin from the WordPress plugin repository. You can then safely delete the plugin directory on your server, and upload the new version via FTP. We can’t imagine why you’d want to, but you most certainly can uninstall. You’ll need to deactivate CoCart first by clicking on the "Deactivate" link on the Plugins page, followed by the "Delete" link. This will remove all of the plugin’s files from the WordPress plugins directory. It does not deactivate your license and you will need to repeat the process if you have any CoCart add-ons installed as well. Uninstalling CoCart will not affect any of your store data such as products or orders should you decide to not use CoCart. Please note, however, your headless store will no longer have access to any of CoCart's API endpoints and all current cart sessions will no longer exist. If you are using CoCart specific functions to access data in your plugin files, these functions will no longer exist, and your website will no longer function as expected. CoCart utilizes all WooCommerce functions and hooks so other plugins that rely on them are compatible. Some plugins expect certain behaviour when items are added to the cart so we do our best to cover those expectations in a guide should it be needed. There are over **50K plugins** available in the WordPress directory, WooCommerce’s marketplace and others out there in the WordPress abyss, some conflicts may arise. In the unusual circumstance that such an issue occurs, we will always do our utmost to try and resolve those conflicts through our friendly support. We do have a [list of WooCommerce extensions](/plugins/woocommerce-extensions.mdx) that have been tested and are known to work with CoCart. ## License Questions A license key, also known as an activation key, is a unique alphanumeric code used to authenticate and activate software. It serves as a form of digital rights management (DRM) to ensure that only legitimate users can access and use the software. It also enables us to control and monitor the number of installations and ensure that users comply with the terms of the software license agreement. After purchasing, you will receive a unique license key via email and your [Polar account](https://polar.sh/cocartheadless/portal/request) with your purchase. If you lose your license key, you can retrieve it from your [Polar account](https://polar.sh/cocartheadless/portal/request) or contact support for assistance. If you only purchased a license for one site, you first need to deactivate the license key from the CoCart updates page on the domain it was activated on. Then simply activate the license key on the domain you want. If you originally activated the license key on a staging/local site then it won't count as a site activation and you can simply go ahead and activate the license key on the production site. Absolutely! You can use your CoCart license on your own and your client’s websites. A client being someone you build a website for with CoCart. Reselling of the license itself is strictly against our terms. Yes, you can! However, all support requests will need to come through the license holder. Your clients will not have direct access to support. License keys are used to enable plugin updates. After purchase, you will receive a unique license key (alongside your CoCart plugin download). The key can be activated from your WordPress dashboard’s plugin page. License keys can be activated, deactivated and upgraded at any time. No, local and staging installations do not count against your license limit. You can use CoCart on as many local or staging sites as you like without affecting your active site limit. The following URLs are considered local or staging sites and will not count against your active site limit. **Local URLs**: * 192.168.x.x * 127.0.0.1 * localhost (includes) * .local (top-level domain) * .test (top-level domain) * .wip (top-level domain) * .docksal (docksal) * .docksal.site (docksal) * .dev.cc (ServerPress) * .lndo.site (Lando) **Staging URLs**: * .staging.kinsta.com (Kinsta.com) * .kinsta.cloud (Kinsta.com) * .stage.site (Dreampress) * .newspackstaging.com (Newspack) * .pantheonsite.io (Pantheon) * .flywheelsites.com (Flywheel) * .flywheelstaging.com (Flywheel) * .cloudwaysapps.com (Cloudways) * .azurewebsites.net (Azure) * .wpserveur.net (WPServeur) * -liquidwebsites.com (Liquidweb) * .myftpupload.com (Go Daddy) * .sg-host.com (Singapore Web Hosting) * .platformsh.site (Platform.sh) * .wpstage.net (WP Stagecoach) ## Troubleshoot Questions In some hosting environments, communication may not be possible between your server and the WordPress update server. If this happens to you, please note any error messages you find, and [contact support](mailto:support@cocartapi.com). This is possibly because you did not set the cart key as a global parameter on other Cart API requests. So all your seeing is the last item added to the cart. If you are using a caching plugin, you will need to exclude the cart API from being cached. The best way to do this is to exclude the entire `/cocart/v2/cart` endpoint from being cached. This will ensure that all cart-related requests are not cached. Currently CoCart already excludes from being cached in the following cache plugins: * [LiteSpeed](https://wordpress.org/plugins/litespeed-cache/) * [WP REST Cache](https://wordpress.org/plugins/wp-rest-cache/) * [WP REST API Cache](https://wordpress.org/plugins/wp-rest-api-cache/) * [WP Rocket](https://wp-rocket.me/) Unfortunately, no. This is because when you authenticate as the admin, you are logged in not the customer. Even if you specified the customers user ID as the cart key. It will not take affect. If you have **WP\_DEBUG** set to `true` in your [wp-config.php](#wp-config-php) file then you should be able to view all the logs recorded by CoCart under **WooCommerce -> System Status -> Logs** in your WordPress dashboard. URL Example: `https://example-store.com/wp-admin/admin.php?page=wc-status&tab=logs` You can also [change how the logs are presented](#filters-api-access-cocart-logging). # Don't Use Nulled Versions! Source: https://docs.cocartapi.com/knowledge-base/nulled-plugins Warning: Nulled plugins are bad for your website. We know money is short for all of us, and there aren’t many things more appealing than saving money when extending your website with that one crucial feature you need. Sooner or later, you will find copies of plugins offered for free or as part of a cheap yearly subscription. These copies are called nulled. They disable the licensing system of the plugin and offer it to you to save money. ## What are nulled plugins? You will get many results from websites offering a free license if you search for a specific plugin and add the term “nulled” at the end. They often do this by buying a single license and reselling it or downloading it from an active user by exploits (hacks). A bunch of examples could be: * CoCart Plus nulled * CoCart Pro nulled ## Should I use a nulled version? The short answer is no, but let me explain that a bit further to you. Here are a couple of reasons why you shouldn’t use a nulled version of one of our plugins: ### Malicious Code Nulled versions often include malicious code. This can be as simple as displaying ads on your website. Sometimes they even implement ways to steal all your user data (e-mails, passwords, names..). Installing and using nulled software always comes with a risk, and you shouldn’t be surprised if something wrong happens after using them. ### Updates Nulled versions aren’t regularly updated, and you can’t update them from your admin dashboard. Each time a new version is released, you need to return to the website, check if they have the updated version, and download and install them again. ### No support By using a nulled version, you don’t get access to support. If something breaks or doesn’t work as expected, you are left alone and can’t reach out to customer support to get help. We will do our best to warn you if a nulled version is detected on your site but there is no guarantee. ### SEO You may lose a bunch of rankings in Google using a nulled version of a plugin. Often these include hidden links to spam sites. Google will penalize your website by linking to those sites, and you will see a decrease in traffic to your website. ### Stealing money from the developer You may not care much about the developer behind the product, but imagine a developer stops working on the product because he doesn’t make enough money to justify the invested time for development. This may end up to the point that your website is completely broken because of missing updates, and there is no one to reach for help. ## What should I do? If you are looking for a way to save money, use our official coupon code to get a discount on our plugins. It's better to support the developers and get the official version of the plugin. # Plugin Suggestions Source: https://docs.cocartapi.com/knowledge-base/plugin-suggestions Discover other plugins we suggest FYI: Plugin suggestions only show to those who have CoCart Core v3.0 or above installed. Plugin Suggestions help you to discover other plugins that may provide features you are looking for from extending or supporting CoCart. These suggestions are added to the WordPress plugin search results page. The suggestions range from addons developed by CoCart or extensions developed by **WooCommerce** or **Third Party** developers that offer many useful features that users may not even realize are available, offering a functional solution to a particular problem. Plugin Suggestions works directly on a plugin search page when you’re looking for a feature that matches any specific key phrases. It adds a search result to the bottom of the listing that highlights the plugin matching the keywords you’re searching for with it’s name, author and possibly a link to learn more about it. Should you wish to just browse all available add-ons or supported extensions, you can just simply go to “CoCart” section under the plugin install page. Should the plugin be already installed on your site, the action link will be replaced with either “Activate” or “Installed & Active”. ## Using Plugin Suggestions \[ CoCart Suggestion

] 1. Start at Plugins → Add New in your WordPress dashboard. 2. Search for a plugin that CoCart may offer or be supported by. 3. You should see a plugin card appear among the search results at the bottom. 4. You will then be given an action link to learn more about it or purchase it. These suggestions are only shown on the first page as to not spam repetition. ## Disabling Plugin Suggestion To disable Plugin Suggestion entirely, you can add the following snippet to your theme’s functions.php file or a functionality plugin: ```php theme={"system"} add_filter( 'cocart_show_plugin_search', function() { return false; }); ``` We will be adding more plugins to the suggestion list as we continue to develop CoCart. And if you have any suggestions, please let us know. # Security Practices Source: https://docs.cocartapi.com/knowledge-base/security-practices Learn about security practices for token storage and server-side configuration. > Dev note: This page needs improving. ## Secure Storage **localStorage** is vulnerable to XSS attacks and should not be used for storing sensitive tokens in production applications. Here are recommended approaches for token storage, in order of security: 1. **HttpOnly Cookies** (Most Secure) * Protected from XSS attacks * Automatic CSRF protection when configured properly * Handled automatically by browsers 2. **Web Workers + IndexedDB** * Isolated from main thread * Protected from XSS * More complex implementation 3. **In-Memory Storage** * Cleared on page refresh * Protected from XSS * Requires state management solution ## Server-Side Configuration Your server should set cookies with secure options: ```javascript JavaScript theme={"system"} // Example server-side cookie configuration (Express.js) res.cookie('jwt_token', token, { httpOnly: true, // Prevents JavaScript access secure: true, // Requires HTTPS sameSite: 'strict', // CSRF protection maxAge: 3600000, // 1 hour path: '/' // Cookie path }); ``` ## Security Best Practices 1. **Always use HTTPS** for token transmission 2. **Set appropriate cookie flags:** * HttpOnly * Secure * SameSite=Strict 3. **Implement CSRF protection** 4. **Use short token expiration times** 5. **Rotate refresh tokens** # Authentication / Login Source: https://docs.cocartapi.com/knowledge-base/troubleshoot/authentication Trouble with authentication? You may need to add this to your **.htaccess** file in the parent folder where your WordPress installation is. Once added, restart the server and authentication should work. ```apache theme={"system"} RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1] ``` Basic authentication is recommended to be used on secure sites that have SSL enabled, so if you attempting to authenticate CoCart without it being secured. Then it will simply fail. If you are testing on a local or development environment, CoCart will allow you to authenticate via the basic method. CoCart supports all standard and additional support for identifying ways to login. * Username + Password * Email + Password * Billing Phone Number + Password How you choose to allow your customers to login is up to you. Should the customer forget the username they created or what was assigned when registering as a customer, using their email address instead is good alternative. ```bash cURL theme={"system"} curl --request POST \ --url https://localhost/wp-json/cocart/v2/login \ --header "Authorization: Basic " + btoa('username:password') --header "Content-Type: application/json" ``` If it is not be possible to authenticate the right way using the headers, you can authenticate the user via URL. ```bash theme={"system"} wp-json/cocart/v2/login?username=sebastien@domain.com&password=password ``` Please keep your sites secure! # JWT Authentication Source: https://docs.cocartapi.com/knowledge-base/troubleshoot/jwt-authentication Trouble with JWT authentication? You'll need to configure a secret key in your `wp-config.php` file and ensure your server has HTTP Authorization Header enabled. See the [Setup Guide](/getting-started/jwt/setup) for information. When you authenticate, you receive both an access token and a refresh token. The access token is used for API requests and expires after a configurable period (**default 10 days**). When it expires, you can use the refresh token (**valid for 30 days by default**) to obtain a new access token without re-authenticating with username and password. CORS is handled at the core level. Please see [CORS guide](/documentation/learn/cors) for more information. By default, all tokens are automatically revoked when a user changes their password or email. This behavior can be [customized using filters](/documentation/developers/jwt/filters). The plugin supports multiple signing algorithms including `HS256`, `HS384`, `HS512`, `RS256`, `RS384`, `RS512`, `ES256`, `ES384`, `ES512`, `PS256`, `PS384`, and `PS512`. You can choose and configure your preferred algorithm through the [filters](/documentation/developers/jwt/filters). If your having issues matching IP address due to server configuration, perhaps force the IP to the static IP address your server provides. ```php theme={"system"} add_filter( 'cocart_jwt_auth_token_before_sign', function( $payload ) { $payload['data']['user']['ip'] = '127.0.0.1'; // Replace IP address with static IP. return $payload; } ); ``` Perhaps filter the device to your specific user agent. That way it always matches. ```php theme={"system"} add_filter( 'cocart_jwt_auth_token_before_sign', function( $payload ) { $payload['data']['user']['device'] = 'My Custom User Agent'; // Replace with your user agent. return $payload; } ); ``` You can use the [filters](/documentation/developers/jwt/filters) to modify token claims, lifetime and data. There are are WP-CLI commands strictly designed to help with your development. See [Cli-Reference](/cli-reference/cli-jwt) for commands. In short: The most obvious would be that the user **IP address** has changed. Long answer: It is a common issue with JWT tokens and can be resolved by [**implementing a token validation and refresh flow**](/tutorials/jwt-token-checkup). When a user has either moved location or simply switched their networks at some point. Your site/app is going to experience authentication failure on the next request due to the fact the token is no longer valid. This is a security feature of JWT tokens to prevent replay attacks. # WordPress Configuration Source: https://docs.cocartapi.com/knowledge-base/wp-config Also known as the wp-config.php file. For more handling over CoCart for your store or a client, you will find that using the `wp-config.php` file is the best place to setup certain conditions. ## Uninstall To prevent any data loss when uninstalling CoCart from the backend and to ensure only the site owner can perform this action. You need to enable the ability to remove it. ```php theme={"system"} /** * Allows the full un-installation of CoCart. */ define( 'COCART_REMOVE_ALL_DATA', true ); ``` ## White Labelling If you are developing a headless store for a client and need to hide CoCart. Enabling white label mode comes in handy if that is something you would want. Enabling this hides CoCart completely from the backend including the admin menu, plugin row links, plugin notices, WooCommerce inbox notices and WooCommerce System Status information. ```php theme={"system"} /** * Hides CoCart from the WordPress dashboard. */ define( 'COCART_WHITE_LABEL', true ); ``` # Incompatible plugins Source: https://docs.cocartapi.com/plugins/incompatible Plugins that are not compatible with CoCart Most plugins that extend the frontend of WooCommerce should work out the box. However, those extensions that add or alter methods of applying data may not be 100% supported with CoCart. These plugins in particular are not compatible with CoCart. If installed, they will cause issues with getting a valid response when using the REST API. Next to each listed plugin is the reason for incompatibility. | Plugin Name | Product Page | Incompatible Reason | | ------------------------------------- | ----------------------------------------------------------------------- | ------------------------------------------------ | | Smart Coupons For WooCommerce Coupons | [Link](https://wordpress.org/plugins/wt-smart-coupons-for-woocommerce/) | Prevents coupons from being applied to the cart. | # Our Plugin Suggestions Source: https://docs.cocartapi.com/plugins/suggestions The following plugins are our suggestions of plugins that may enhance your store. The list of plugins can also be seen in your WordPress dashboard if you have not disabled them. ## CoCart Add-ons All CoCart add-ons are developed by CoCart. ### JWT Authentication [CoCart JWT Authentication](https://wordpress.org/plugins/cocart-jwt-authentication/) is a plugin that allows you to authenticate your CoCart API requests using JSON Web Tokens (JWT). ### Cart API Enhanced [Cart API Enhanced](https://wordpress.org/plugins/cocart-get-cart-enhanced/) enhances the data returned for the cart and the items added to it. This addon is more of a proof of concept to using the filters that CoCart has to offer. ## Third-Party All third-party plugins are **not** developed by CoCart. ### Yoast SEO [Yoast SEO](https://wordpress.org/plugins/wordpress-seo/) is a powerful SEO plugin that helps you optimize your website for search engines. ### Atlas Content Modeler [Atlas Content Modeler](https://wordpress.org/plugins/atlas-content-modeler/) allows you to create and manage custom post types and fields in your store. ### WP Mail SMTP [WP Mail SMTP](https://wordpress.org/plugins/wp-mail-smtp/) allows you to send emails from your WordPress site. ### Imagify – Optimize Images & Convert WebP [Imagify](https://imagify.io/) allows you to optimize your images and convert them to WebP format. ### Redirection [Redirection](https://wordpress.org/plugins/redirection/) allows you to manage your redirects in your store. ### Safe SVG [Safe SVG](https://wordpress.org/plugins/safe-svg/) allows you to safely use SVG images in your store. ### Contact Form 7 [Contact Form 7](https://wordpress.org/plugins/contact-form-7/) allows you to create and manage contact forms in your store. ### Advanced Custom Fields (ACF) [Advanced Custom Fields (ACF)](https://wordpress.org/plugins/advanced-custom-fields/) allows you to create and manage custom fields in your store. We developed our own security plugin designed specifically for the REST API to provide a firewall from bad requests and protection for data exposed without authentication. **List of Features** * Hides all sensitive details from the `wp-json` index. * Deny access to any API route if the `user-agent` is not trust worthy or a bot. * Block use of any API route in an iFrame. * Rate limiting for any route. * Anonymous user data returned if accessed without authentication. * CORS support. [Get your API secure](https://apisecurity.pro) # WooCommerce Extensions Source: https://docs.cocartapi.com/plugins/woocommerce-extensions Tested and verified to work with CoCart. While other WooCommerce extensions may work, the extensions below are officially supported. Some extensions **may provide** specific documentation for use with CoCart API. While CoCart does have this feature built in, [Name Your Price](https://woocommerce.com/products/name-your-price/) allows customers to name their own price for products. [Documentation](../api-reference/plugins/wc-name-your-price) Allows you to create and manage coupons in your store. [View product page](https://woocommerce.com/products/smart-coupons/) Allows customers to create their own product bundles. [View product page](https://woocommerce.com/products/woocommerce-mix-and-match-products/) | [Documentation](../api-reference/plugins/wc-mix-and-match-products) Enables recurring payments and subscription products in your store. [View product page](https://woocommerce.com/products/woocommerce-subscriptions/) Allows you to restrict coupons to specific products, categories, and more. [View product page](https://woocommerce.com/products/coupon-restrictions/) Allows you to create and manage shipping packages in your store. [View product page](https://woocommerce.com/products/woocommerce-advanced-shipping-packages/) Allows you to offer free gift coupons to customers. [View product page](https://woocommerce.com/products/free-gift-coupons/) Allows you to create and manage table rate shipping methods in your store. [View product page](https://wordpress.org/plugins/flexible-shipping/) WooCommerce Automation blocks any tax calculations when using CoCart so we support [TaxJar](https://wordpress.org/plugins/taxjar-simplified-taxes-for-woocommerce/) instead to calculate sales tax for your store. Allows you to send follow up emails to customers. [View product page](https://woocommerce.com/products/follow-up-emails/) # Backers Source: https://docs.cocartapi.com/resources/backers Development of CoCart is made possible thanks to these awesome backers! You can become a backer by becoming a CoCart Sponsor or support by [purchasing a CoCart license](https://cocartapi.com/pricing/?ref=mintlify). All sponsors will be listed in the [BACKERS.md](https://github.com/co-cart/co-cart/blob/development/BACKERS.md) file. CoCart helps you contract work and you'd love to support its development further. **Reward**: Your name will be in **BACKERS.md** file. You're a small team of developers and CoCart provides what you need. You'd love to support its development further so it can be more awesome. **Reward**: Your names will be in **BACKERS.md** file. CoCart saves you time and money for your clients. You'd love to keep it maintained and support its development further. **Reward**: Your company logo will be in CoCart's **README.md** and **CoCart's** website. CoCart saves you time and money for your major clients. You'd love to keep it maintained and support its development further. **Reward**: Your company logo will be placed higher in CoCart's **README.md** and **CoCart's** website. You will also get some stickers. **Reward**: Your company logo will be placed at the very top above all other sponsors in CoCart's [README](https://github.com/co-cart/co-cart/blob/development/README.md) and on [CoCart's website](https://cocartapi.com/). You will also get some shiny stickers. # Community Source: https://docs.cocartapi.com/resources/community CoCart community initiatives Join the community discussions on GitHub. Join the community on Discord to chat with us and fellow CoCart users. Current issues that are being worked on. Issues have a status label to identify it's progress. Create a bug report to help improve CoCart. Publish your headless store for others to see. **Contact us** with a link to the store. Share feature requests and integration requests. Learn about the latest features and updates from CoCart. Follow us on **X/Twitter** to get notified when we release new features # Opening Issues Source: https://docs.cocartapi.com/resources/opening-issues Opening issues is a crucial step in open-source, as issues keep projects stable and help maintainers understand the needs of the community. To help us maintain a stable project, please observe the following guidelines and general rules: ## Open issues for bugs only We ask that **issues are only opened for bugs**, and not for questions. Questions should be asked in [Discussions](https://github.com/co-cart/co-cart/discussions) or on [Discord](https://cocartapi.com/community/?ref=mintlify). While you may open a request for a feature. It would be best to ask in [Discussions](https://github.com/co-cart/co-cart/discussions) first to see if such a feature is possible. ## Include a proper reproduction To ensure your issue can be addressed, please **include a proper reproduction**. Please avoid: * Setting the link to the reproduction pointing to our repository * Providing a code snippet that does not sufficiently reproduce the issue Failing to include a proper reproduction may require extra back-and-forth between you and us, slow the process of fixing the issue for you and others, and make it harder to check if the issue has been fixed on a new release. ## Test the latest version before opening an issue Before opening an issue regarding a bug, please test with the latest stable version. If the bug is fixed, you can still open an issue, and we will tag it with Fixed under the trunk branch so others will know it has been fixed. If you do find that the bug was introduced in a specific version, and an older version didn’t have the issue then you should mention that this is a regression and in what versions it was introduced. ## Conclusion Now that you are ready, click below to open an issue! Thank you so much for contributing. Current issues that are being worked on. Issues have a status label to identify it's progress. Create a bug report to help improve CoCart. # Support Policy Source: https://docs.cocartapi.com/resources/support-policy # Building product pages with OxbowUI Source: https://docs.cocartapi.com/tutorials/astro/oxbowui-product-list Learn how to integrate OxbowUI ecommerce components in Astro to display products This tutorial was written by [Claude Code (an AI)](https://claude.com/product/claude-code) and has not yet been reviewed. Follow along with caution. If the tutorial was helpful or a specific part was not clear/correct, please provide feedback at the bottom of the page. Thank you. # Introduction [OxbowUI](https://oxbowui.com) is an open-source component library featuring ready-to-use components built with Tailwind CSS and AlpineJS. In this tutorial, you'll learn how to use OxbowUI's ecommerce components with CoCart API to build dynamic product pages in Astro. ## What You'll Build * A responsive product grid for listing products * A detailed product page with image and description * Dynamic product data from CoCart/WooCommerce * Add to cart functionality with AlpineJS * Proper image handling and pricing display ## Prerequisites * An Astro project [set up with CoCart](./setup) * CoCart installed and activated on your WordPress site * Basic knowledge of Astro, Tailwind CSS, and AlpineJS * Tailwind CSS and AlpineJS installed in your project If you haven't set up your Astro project yet, follow the [Astro Setup Guide](./setup) first. ## Understanding OxbowUI Components We'll be working with three OxbowUI ecommerce components. You can interact with the demos below to see how they work: ### 1. Product Grid Component A responsive grid layout for displaying multiple products: The component structure: ```html theme={"system"}

Nike Air Force 1´07 Fresh

$280.00

``` ### 2. Product Detail Component A detailed product view with image, price, and description: The component structure: ```html theme={"system"}

$190

Nike Air Max

Black

Hitting the field in the late '60s, adidas airmaxS quickly became soccer's "it" shoe.

``` We'll adapt these structures to work with CoCart product data. ## Creating the Product Grid Component Create `src/components/ProductGrid.astro`: ```astro theme={"system"} --- const { products } = Astro.props; /** * Format price with currency symbol */ function formatPrice(price, currencySymbol = '$') { return `${currencySymbol}${parseFloat(price).toFixed(2)}`; } ---

{products.map((product) => (

{product.name}

{formatPrice(product.prices.price, product.prices.currency_symbol)}

))}

``` ## Creating the Products Page Create `src/pages/products.astro`: ```astro theme={"system"} --- import Layout from '../layouts/Layout.astro'; import ProductGrid from '../components/ProductGrid.astro'; import { getProducts } from '../lib/cocart'; // Fetch products at build time const products = await getProducts({ per_page: 12 }); ---

Our Products

``` ## Creating the Product Detail Component Create `src/components/ProductDetail.astro`: ```astro theme={"system"} --- const { product } = Astro.props; function formatPrice(price, currencySymbol = '$') { return `${currencySymbol}${parseFloat(price).toFixed(2)}`; } ---

{formatPrice(product.prices.price, product.prices.currency_symbol)}

{product.name}

{product.attributes?.find(attr => attr.name === 'Color') && (

{product.attributes.find(attr => attr.name === 'Color').options[0]}

)}

``` ## Creating a Variable Product Component For products with variations (colors, sizes), we'll use an advanced component with interactive features: ### 3. Variable Product Component (Interactive Demo) Try selecting a color and size, then click "Add to Cart": Now let's create `src/components/VariableProduct.astro`: ```astro theme={"system"} --- const { product } = Astro.props; function formatPrice(price, currencySymbol = '$') { return `${currencySymbol}${parseFloat(price).toFixed(2)}`; } // Extract attributes for variations const colorAttribute = product.attributes?.find(attr => attr.name === 'Color' || attr.slug === 'pa_color'); const sizeAttribute = product.attributes?.find(attr => attr.name === 'Size' || attr.slug === 'pa_size'); ---

{product.name}

{formatPrice(product.prices.price, product.prices.currency_symbol)}

{colorAttribute && (

Color

)} {sizeAttribute && (

Size

)}

Free shipping over $50

Details

Shipping

We offer free standard shipping on all orders above $50. Express shipping options are available at checkout.

Returns

We accept returns within 30 days of purchase. Items must be in their original condition and packaging.

``` ## Creating the Product Detail Page Create `src/pages/product/[slug].astro`: ```astro theme={"system"} --- import Layout from '../../layouts/Layout.astro'; import ProductDetail from '../../components/ProductDetail.astro'; import VariableProduct from '../../components/VariableProduct.astro'; import { getProducts, getProduct } from '../../lib/cocart'; const { slug } = Astro.params; // Fetch the specific product const products = await getProducts({ slug }); const product = products[0]; if (!product) { return Astro.redirect('/404'); } // Check if product has variations const isVariable = product.type === 'variable'; ---

{isVariable ? ( ) : ( )}

``` ## Adding Interactive Cart Functionality To add items to cart with interactivity, create enhanced versions with AlpineJS. ### Interactive Product Grid Create `src/components/ProductGridInteractive.astro`: ```astro theme={"system"} --- const { products } = Astro.props; function formatPrice(price, currencySymbol = '$') { return `${currencySymbol}${parseFloat(price).toFixed(2)}`; } ---

{products.map((product) => (

{product.name}

{formatPrice(product.prices.price, product.prices.currency_symbol)}

))}

``` ### Interactive Product Detail Create `src/components/ProductDetailInteractive.astro`: ```astro theme={"system"} --- const { product } = Astro.props; function formatPrice(price, currencySymbol = '$') { return `${currencySymbol}${parseFloat(price).toFixed(2)}`; } ---

{formatPrice(product.prices.price, product.prices.currency_symbol)}

{product.name}

{product.attributes?.find(attr => attr.name === 'Color') && (

{product.attributes.find(attr => attr.name === 'Color').options[0]}

)}

``` ## Creating the Cart API Endpoint Create `src/pages/api/cart/add.js`: ```javascript theme={"system"} import { addToCart } from '../../../lib/cocart'; export async function POST({ request }) { try { const body = await request.json(); const { id, quantity = 1 } = body; const result = await addToCart(id, quantity); return new Response(JSON.stringify(result), { status: 200, headers: { 'Content-Type': 'application/json' } }); } catch (error) { return new Response(JSON.stringify({ error: error.message }), { status: 500, headers: { 'Content-Type': 'application/json' } }); } } ``` Make sure AlpineJS is installed and configured in your project. See the [Astro Setup Guide](./setup#adding-alpinejs-for-interactivity) for instructions. ## Working with Variable Products To add variable products to cart, you need to find the correct variation ID based on selected attributes. Update your CoCart API client in `src/lib/cocart.js`: ```javascript theme={"system"} /** * Get product variations * @param {string|number} productId - Product ID * @returns {Promise} Variations array */ export async function getProductVariations(productId) { try { const response = await fetch(`${API_BASE}/products/${productId}/variations`); if (!response.ok) { throw new Error(`HTTP error! status: ${response.status}`); } return await response.json(); } catch (error) { console.error('Error fetching variations:', error); return []; } } /** * Find variation ID based on selected attributes * @param {Array} variations - Product variations * @param {Object} selectedAttributes - Selected attributes {color: 'Red', size: 'L'} * @returns {number|null} Variation ID */ export function findVariationId(variations, selectedAttributes) { return variations.find(variation => { return Object.entries(selectedAttributes).every(([key, value]) => { const attr = variation.attributes.find(a => a.name.toLowerCase() === key.toLowerCase() ); return attr && attr.option.toLowerCase() === value.toLowerCase(); }); })?.id || null; } ``` Then create an interactive variable product component that uses these functions to add the correct variation to cart. ## Understanding the CoCart Response The CoCart Products API returns data in this structure: ```json theme={"system"} { "id": 123, "name": "Nike Air Force 1´07 Fresh", "slug": "nike-air-force-1-07-fresh", "prices": { "price": "28000", "regular_price": "28000", "sale_price": "", "currency_code": "USD", "currency_symbol": "$" }, "images": [ { "id": 456, "src": "https://yourstore.com/wp-content/uploads/product.jpg", "alt": "Nike Air Force 1" } ] } ``` ## Customization Options ### Filtering Products Add category or search filtering: ```javascript theme={"system"} // In cocart.js export async function getProductsByCategory(categoryId, params = {}) { return getProducts({ ...params, category: categoryId }); } ``` ### Different Grid Layouts Modify the grid classes in ProductGrid.astro: ```html theme={"system"}

``` ### Price Variations Handle sale prices: ```astro theme={"system"} {product.prices.sale_price && (

{formatPrice(product.prices.regular_price, product.prices.currency_symbol)} {formatPrice(product.prices.sale_price, product.prices.currency_symbol)}

)} ``` ## Component Usage Summary You now have six components to use in your Astro project: ### Product Listing Components 1. **ProductGrid.astro** - Static product grid (SEO-friendly, server-rendered) 2. **ProductGridInteractive.astro** - Interactive product grid with add to cart ### Simple Product Detail Components 3. **ProductDetail.astro** - Static product detail view 4. **ProductDetailInteractive.astro** - Interactive product detail with add to cart ### Variable Product Components 5. **VariableProduct.astro** - Advanced component with: * Image gallery with thumbnails * Color selector * Size selector * Accordion sections (Details, Shipping, Returns) * Multiple action buttons (Add to Cart, Buy Now) The page automatically detects if a product is variable and uses the appropriate component. Use the static versions for better SEO and performance, or the interactive versions when you need client-side cart functionality. ## Next Steps * Explore more [OxbowUI ecommerce components](https://oxbowui.com/playground/ecommerce) * Add product image gallery (multiple images) * Implement product variations (size, color selection) * Add product filtering and search * Build cart page using OxbowUI cart components * Create checkout flow with CoCart Checkout API * Add product quick view functionality ## Resources * [OxbowUI Documentation](https://oxbowui.com) * [CoCart Products API](../../api-reference/v2/products/get-products) * [CoCart Add to Cart](../../api-reference/v2/cart/post-add-item) * [Astro Documentation](https://docs.astro.build) * [Tailwind CSS](https://tailwindcss.com) * [AlpineJS](https://alpinejs.dev) # Setting Up Astro Source: https://docs.cocartapi.com/tutorials/astro/setup Learn how to set up an Astro project for your headless WooCommerce store This tutorial was written by [Claude Code (an AI)](https://claude.com/product/claude-code) and has not yet been reviewed. Follow along with caution. If the tutorial was helpful or a specific part was not clear/correct, please provide feedback at the bottom of the page. Thank you. # Introduction [Astro](https://astro.build) is a modern web framework that delivers fast, content-focused websites. It's perfect for building headless storefronts with CoCart because of its excellent performance, flexibility, and support for multiple frameworks. This guide will walk you through setting up an Astro project configured to work with CoCart API. ## Why Astro for Headless Commerce? * **Fast by default** - Ships zero JavaScript by default, loading JS only when needed * **Framework agnostic** - Use React, Vue, Svelte, or vanilla JavaScript * **SEO friendly** - Server-side rendering and static site generation * **Island architecture** - Interactive components only where needed * **Great DX** - Hot module replacement and TypeScript support ## Prerequisites * Node.js 18.17.1 or higher * A WordPress site with WooCommerce installed * CoCart plugin installed and activated * Basic knowledge of JavaScript and command line ## Creating a New Astro Project Create a new Astro project using the official CLI: ```bash theme={"system"} npm create astro@latest my-headless-store ``` When prompted, choose the following options: * **How would you like to start?** → Empty * **Install dependencies?** → Yes * **Initialize git repository?** → Yes (recommended) * **TypeScript?** → Yes (recommended) or No Navigate to your project: ```bash theme={"system"} cd my-headless-store ``` ## Installing Tailwind CSS Most UI component libraries (including OxbowUI) use Tailwind CSS. Install it using Astro's integration: ```bash theme={"system"} npx astro add tailwind ``` This will: * Install Tailwind CSS and its dependencies * Create a `tailwind.config.mjs` file * Update your Astro configuration * Add necessary imports ## Project Structure Your Astro project should have this structure: ``` my-headless-store/ ├── src/ │ ├── components/ # Reusable components │ ├── layouts/ # Page layouts │ ├── pages/ # Routes (file-based routing) │ ├── lib/ # Utility functions and API clients │ └── styles/ # Global styles ├── public/ # Static assets ├── astro.config.mjs # Astro configuration ├── tailwind.config.mjs # Tailwind configuration ├── package.json └── tsconfig.json # TypeScript config (if using TS) ``` Create the necessary folders: ```bash theme={"system"} mkdir -p src/components src/lib src/layouts ``` ## Creating the CoCart API Client Create a centralized API client to interact with CoCart. Create `src/lib/cocart.js`: We are currently building out this client, so for now just make standard fetch requests to the CoCart API endpoints as needed. ```javascript theme={"system"} const STORE_URL = import.meta.env.PUBLIC_STORE_URL || 'https://yourstore.com'; const API_BASE = `${STORE_URL}/wp-json/cocart/v2`; /** * Fetch products from CoCart API * @param {Object} params - Query parameters * @returns {Promise} Products array */ export async function getProducts(params = {}) { const queryParams = new URLSearchParams({ per_page: params.per_page || 12, page: params.page || 1, ...params }); try { const response = await fetch(`${API_BASE}/products?${queryParams}`); if (!response.ok) { throw new Error(`HTTP error! status: ${response.status}`); } const data = await response.json(); return data; } catch (error) { console.error('Error fetching products:', error); return []; } } /** * Get a single product by ID * @param {string|number} productId - Product ID * @returns {Promise

Nike Air Force 1´07 Fresh

$280.00

Nike Air Max

{product.name}

{formatPrice(product.prices.price, product.prices.currency_symbol)}

Our Products

{product.name}

{product.name}

{product.name}

{formatPrice(product.prices.price, product.prices.currency_symbol)}

{product.name}

Welcome to Your Headless Store

{product.name}

Welcome to Your Headless Store

{product.name}

Welcome to Your Headless Store

{{ product.name }}

Welcome to Your Headless Store

{product.name}

{product.name}

Cart ({cart.items_count} items)