Headless WooCommerce Made Easy with CoCart

CoCart provides developers with a flexible REST API, designed to save hours of development so you can spend time building modern and scalable stores away from WordPress. Unlock your WooCommerce store, TODAY. Using CoCart makes building headless stores in modern frameworks like Astro, React, Vue, or Next.js easy and makes complex customizations a breeze. Want to try it out? Why WooCommerce? CoCart chose to support WooCommerce because it provides a flexible and efficient way to build cutting-edge stores with WordPress at its core. However, it was missing a key component to decouple WooCommerce via the REST API efficiently. That’s where CoCart comes in. Finally, a REST API that’s Easy and Powerful Struggling with performance? Finding it hard to decouple WooCommerce from WordPress without hitting roadblocks? CoCart is here to eliminate the hassle of creating your own REST API endpoints for WooCommerce and provides all the essential features for a powerful, headless eCommerce experience making it easy to decouple WooCommerce from WordPress.

• Source of Truth - CoCart utilizes WooCommerce’s Data Stores API and mirrors most WooCommerce hooks, ensuring broad compatibility with numerous extensions right from the start.
• No Cookie Required - Our session handler generates a unique key for each user session in the WordPress database, storing session-related metadata on the client side without imposing a heavy load.
• Easy Authentication - No Admin API Keys required. Customers can log in with their account either with Email+Password, Username+Password, or Phone Number+Password.
• Domain Dominance - Addressing CORS issues in decoupled setups, CoCart grants you control over the origin.
• Efficient Product Search - Search products by name, ID, or SKU; filter and retrieve necessary product data without authentication, ensuring no private data is exposed.
• Real-Time Cart Validation - Our system minimizes the need for multiple requests to verify item and coupon validity in your cart. It efficiently checks stock, calculates totals and fees, ensuring real-time accuracy so your responses are consistently up-to-date.
• No Headless Checkout? - Easily load any cart session into the native WooCommerce checkout if you prefer.
• Customizable Callbacks - Register your own cart callbacks without creating new endpoints. CoCart handles the rest, returning responses once complete.
• Customer Tracking - Monitor all cart sessions, including those nearing expiration or already expired.
• Name Your Price Built In - Empower your customers to set their price, encouraging support with flexible payment options that broaden your paying audience.
• Bulk Requests - Batch multiple cart requests at once for efficiency and faster responses.

And this is just the start. With CoCart, your WooCommerce store can be faster, more flexible, and ready to take on any custom solution you dream up. ★★★★★

An excellent plugin, which makes building a headless WooCommerce experience a breeze. Easy to use, nearly zero setup time. Harald Schneider

🛒 Built for developers, by developers CoCart was born out of frustration with no easy solution on the market. As beautiful as it functions, the API is just as flexible with you, the developer, in mind. We spend an unfathomable amount of time making the API a joy to work with. Our goal is to create the API for you so you can focus on building a headless store. Integrate with CoCart in days, not months. ★★★★★

Amazing Plugin. I’m using it to create a react-native app with WooCommerce as the back-end. This plugin is a life-saver! Daniel Loureiro

📦 Serious about going headless? Unlock your store’s true potential. Upgrade to access premium features and extend CoCart’s capabilities to take your headless WooCommerce store even further. See what else we have in store. ★★★★★

This plugin saved me tons of work and it is working amazingly! The plugin author provides fast and high-quality support. Well done! @codenroll

💜 Need Support? We aim to provide regular support for the CoCart plugin via our Discord community server. Please understand that we do prioritize support for our paying customers. 🧰 Developer Tools

• CoCart Beta Tester allows you to easily update to pre-release versions of CoCart for testing and development purposes.
• CoCart VSCode extension for Visual Studio Code adds snippets and autocompletion of functions, classes, and hooks.
• CoCart Product Support Boilerplate provides a basic boilerplate for supporting different product types to add to the cart with validation including adding your own parameters.
• CoCart Cart Callback Example provides you an example of registering a callback that can be triggered when updating the cart.

📢 Testimonials - Developers just love it ★★★★★

Thanks for doing such great work with this! Works exactly as expected and CoCart seems to have a nice community around it. The founder seems really devoted and that’s one of the key things for a plugin like this to live on and get the right updates in the future. We just got ourselves the lifetime subscription. Mighty Group Agency ★★★★★ This plugin works great out of the box for adding products to the cart via API. The code is solid and functionality is as expected, thanks Sebastien! Scott Bolinger, Creator of Holler Box

More testimonials See the wall of love. ☀️ Upgrading It is recommended that anytime you want to update CoCart that you get familiar with what's changed in the release. CoCart publishes release notes via the changelog. CoCart uses Semver practices. The summary of Semver versioning is as follows:

• MAJOR version when you make incompatible API changes.
• MINOR version when you add functionality in a backwards compatible manner.
• PATCH version when you make backwards compatible bug fixes.

You can read more about the details of Semver at semver.org 👍 Add-ons to further enhance CoCart We also have add-ons that extend CoCart to enhance your development and your customers shopping experience.

• CoCart - CORS enables support for CORS to allow CoCart to work across multiple domains.
• CoCart - JWT Authentication allows you to authenticate via a simple JWT Token.
• CoCart - Cart Enhanced enhances the data returned for the cart and the items added to it.
• and more add-ons in development.

They work with the core of CoCart already, and these add-ons of course come with support too. ⌨️ Join our growing community On Discord, we have a community of developers, WordPress agencies, and shop owners building the fastest and best headless WooCommerce stores with CoCart. Come and join our community Built with developers in mind If you’re interested to jump in the project, there are opportunities for developers at all levels to get involved. Contribute to CoCart on the GitHub repository and join the party. 🎉 🐞 Bug reports Bug reports for CoCart are welcomed in the CoCart repository on GitHub. Please note that GitHub is not a support forum, and that issues that aren’t properly qualified as bugs will be closed. More information

• The official CoCart API plugin website.
• CoCart for Developers, an official hub for resources you need to be productive with CoCart and keep track of everything that is happening with the API.
• CoCart API Reference
• Subscribe to updates
• Like, Follow and Star on Facebook, Twitter, Instagram and GitHub

💯 Credits This plugin is developed and maintained by Sébastien Dumont. Founder of CoCart Headless, LLC.

Minimum Requirements

• WordPress v5.6
• WooCommerce v7.0
• PHP v7.4

Recommended Requirements

• WordPress v6.0 or higher.
• WooCommerce v9.0 or higher.
• PHP v8.0 or higher.

Automatic installation Automatic installation is the easiest option as WordPress handles the file transfers itself and you don’t need to leave your web browser. To do an automatic install of CoCart, log in to your WordPress dashboard, navigate to the Plugins menu and click Add New. In the search field type "CoCart" and click Search Plugins. Once you’ve found the plugin you can view details about it such as the point release, rating, and description. Most importantly of course, you can install it by simply clicking "Install Now". Manual installation The manual installation method involves downloading the plugin and uploading it to your web server via your favorite FTP application. The WordPress codex contains instructions on how to do this here. Upgrading It is recommended that anytime you want to update CoCart that you get familiar with what's changed in the release. CoCart publishes release notes via the changelog. CoCart uses Semver practices. The summary of Semver versioning is as follows:

• MAJOR version when you make incompatible API changes.
• MINOR version when you add functionality in a backwards compatible manner.
• PATCH version when you make backwards compatible bug fixes.

You can read more about the details of Semver at semver.org

📢 Only bug and security updates will be provided here on WordPress dot ORG. Any new major updates starting with v5.0 will be provided directly from us. v4.3.18 - 22nd January, 2025 General

• Updated link to Next Changelog for coming future major release. (v5.0)
• Improved SASS to CSS conversion.

Compatibility

• Tested with WooCommerce v9.6

v4.3.17 - 14th January, 2025 Bug Fix

• REST API: Stock status was incorrectly queried for Products API and now checks available stock statuses before filtering.

Improvements

• REST API: Version of CoCart only returns in the returned headers when debug is enabled now.
• REST API: WP_DEBUG is made sure it is defined before returning extras for developers in the store response.

Compatibility

• Tested with WooCommerce v9.5

v4.3.16 - 12th December, 2024 Bug Fix

• REST API: Authentication failed to validate incorrect login now fixed.

v4.3.15 - 29th November, 2024 Bug Fix

• REST API: Fix persistent cart for registered users. [Solves issue #474]

Developer note: The last patch was not a great one but have found the root of the issue affecting carts for registered customers and is fixed in this one.

v4.3.14 - 21st November, 2024 Bug Fixes

• REST API: Deleting an item would not remove said item 100% due to a load conflict when authenticating.
• REST API: Product not able to validate if item was already removed.

Dev note: The conflict is not triggered only on DELETE request methods.

v4.3.13 - 21st November, 2024 Security Patch It appears that the rules of hidden and private meta is not respected and is still exposed on products that have such meta. This security patch ignores any meta data that is still leaking publicly without authorization. Wait what happened to v4.3.12? A commit error was spotted shortly after just releasing it and was taken down immediately. Improvement

• REST API: Last-Modified header now returns the actual date modified of the product if a product ID is detected.

v4.3.11 - 20th November, 2024 Bug Fix

• REST API: Removed conflicting cache headers being sent.

Improvements

• REST API: Cache patterns are more familiar and consistent with most regex usage in PHP, making it preferable for readability and maintainability.
• REST API: Cache headers are set at a later priority fixing potential issues with some cache plugins and preflight.
• REST API: Cache control determines if route is authenticated or not.
• REST API: Last-Modified header now uses timezone set in WordPress general settings. Falls back to the offset if not.

Compatibility

• Tested with WordPress v6.7
• Tested with WooCommerce v9.4

v4.3.10 - 14th November 2024 🔥 Hot Fix

• REST API: Typo caused fatal for Products API (v2 ONLY).

v4.3.9 - 14th November 2024 Security Patch

Just a note: The security issue isn't directly related to CoCart itself, but we’re here to help keep your store secure. Since CoCart is a public API, security patches will be released as soon as possible to prevent the issue from affecting your site, so you don’t have to wait for a fix from the plugin causing it. We recommend updating to this version if you’re using any WooCommerce plugins that might reveal public information. We want you to know that we would never publicly name a plugin with a security concern. However, if you notice any security issues with CoCart or another plugin connected to it, please report the security vulnerability so we can address it quickly. Thank you for helping us keep CoCart safe for everyone!

v4.3.8 - 7th November 2024 🐛 Bug Fix

Developer note: A commit was missing causing a fatal error when adding items to the cart.

Changes

• REST API: Cart item prices correctly display based on tax options for the cart not the store.

v4.3.7 - 5th November, 2024 Bug Fixes

• REST API: Fixed rounding issue due to decimal separator being different with the cart total for some odd reason with WooCommerce.
• REST API: Fixed accessing correct schema for viewing a single session.
• Plugin: Properly deprecated is_rest_api_request() function within the authentication class.

Changes

• WordPress Dashboard: Updated Setup Wizard Ready Step verbiage.
• WordPress Dashboard: Bumped upgrade notice from showing after 4 weeks newly installed to 6 weeks.
• WordPress Dashboard: No longer call Gravatar.
• Plugin: Translation URL has changed to https://translate.cocartapi.com

Improvements

• REST API: Moved some cart validation further up before returning cart contents.
• REST API: Reset the item key when adding item again as it may have been manipulated by adding cart item data via code or plugin.
• REST API: Only update cart item quantity if quantity is different when requested.
• REST API: Check cached price against price with tax mode not just the product price set.
• WordPress Dashboard: Adjusted notices to get cached for the current site should it be a multisite.
• WordPress Dashboard: No longer reset upgrade notice each time CoCart updates.
• Plugin: PHPStan used to help with correcting errors and inconsistencies.

v4.3.6 - 23rd August, 2024 Bug Fixes

• REST API: View or deleting a session with the Sessions API was not accessing the session handler. No longer needs a separate load.
• Session Handler: Fixed merging of cart from guest.

v4.3.5 - 9th August, 2024 Bug Fix

• REST API: Changed priority for sending headers from 0 to 1 to help with CORS.

v4.3.4 - 3rd August, 2024 Bug Fix

• REST API: Fixed an issue with CORS not returning header access-control-allow-origin.

v4.3.3 - 24th July, 2024 Corrections

• Autoload for classes in the backend corrected to new locations.
• Clean up task that is scheduled was looking for the session handler in the wrong place.
• Fixed update_session_timestamp() function from failing in session handler.

Improvements

• REST API: Price of product is now consistent in the Cart API (v2 ONLY). If your store was setup with no decimals the price would not return fully. Solves issue #429
• REST API: Value of weight was returning in the wrong format. By returning as a string you get the true value without needing to round it up yourself.
• WordPress Dashboard: Updated add-on update watcher.

v4.3.2 - 19th July, 2024 🌋 Hot Fix This release fixes 3 known issues that were reported. issue #425, issue #426, issue #427 that has been affected since version 4.2 of CoCart. It was due to the optimizations made to allow CoCart to perform better. Unfortunately it had some unexpected side affects that were not picked up during testing. For that I am sorry. If you haven't rolled back to before 4.2 then this patch is highly recommended. Previous patch releases will also be updated to prevent further sites from experiencing these issues for those who like to update to specific version of the plugin. A hard lesson was learned here and hope you haven't lost trust in the plugin. I appreciate your feedback and support during this process. Please don't forget to backup your site before updating. Corrections

• Plugin: Typo caused the WP-CLI commands to not register and crash when used with composer.
• REST API: The data exception class was oddly not loading when updating an item. Autoloader was not picking it up. Now it is required.
• REST API: Cart would empty but the subtotal would not reset.

Improvements

• REST API: Ensure we have calculated totals before we get an item or update an item so we can identify them.

v4.3.0 - 17th July, 2024 What's New? In this release we have added a plugin update prevention system as a safety measure. For the moment it will detect for compatibility with minor releases while we are making adjustments but it's designed mostly for detecting major changes. All CoCart add-ons that we release will now check for CoCart's requirements and will help you decide to update or not until your ready to do so.

• Plugin: Added plugin headers to be used for detecting CoCart add-ons or plugins that support CoCart.
• WordPress Dashboard: Auto-updates are disabled should a CoCart add-on active have not tested with the latest release available.
• WordPress Dashboard: Update now link for CoCart opens up a modal listing none tested plugins with a confirmation.

Improvements

• REST API: Ensure we have calculated totals before we restore the requested item so we can identify them.

For Developers

These filters are for site admins more than anything.

• Introduced filter cocart_in_plugin_update_message allows you to change the upgrade notice.
• Introduced filter cocart_get_plugins_with_header allows you to get the plugins that have a valid value for a specific header.
• Introduced filter cocart_get_plugins_for_cocart allows you to get plugins which "maybe" are for CoCart.

Compatibility

• Tested with WordPress v6.6
• Tested with WooCommerce v9.1

v4.2.2 - 12th July, 2024 Reverting We are reverting a change for destroying a session. Previous change causes a conflict with identifying the correct column with our session table and causes the cart not to clear. v4.2.1 - 11th July, 2024 Hot Fix When loading a cart from session a deprecated function was still triggered. It's now been removed to prevent failing. v4.2.0 - 11th July, 2024 In this release we have optimized our session handler making this release more compatibility with third party plugins. We also no longer use cookies as a backup for headless. This should also help with the confusion of needing to pass along the session cookie or reading the cookie to extract the cart key and help with user switching much better. A cart key is provided in both the cart response and returned headers. Saving the cart key in your own cookie or local storage is fairly straight forward.

We advise that you update on staging or local to check if you have used any of our experimental functions and filters that were added to the session handler to see if any have been deprecated. You can also see the list of deprecations below. If you have any questions about this update please contact us.

What's New?

• REST API: Can now request a guest cart via a requested header cocart-api-cart-key.

Improvements

• Session Handler: Improved identifying cart without the need of cookies.
• Session Handler: Added new function is_user_customer() to check the user role is a customer when authenticated before migrating cart from guest.
• Authentication: Validation for invalid details was taking too long and failed to return an error message.
• REST API: Updating the customer details in cart will now take additional billing and shipping fields as meta data. Validation is required by the developer using filter cocart_update_customer_fields.
• REST API: Sanitized and formatted customer email address and phone number.
• REST API: Formatted customer postcode if validated.
• REST API: Product image sizes are now fetched using utility products class function get_product_image_sizes(). Cuts down on the filter cocart_products_image_sizes being in multiple places.
• REST API: Currency in cart API v2 now returns currency_symbol_pos and the currency symbol will now return based on the set currency without lookup.
• REST API: Improved headers returned and added nocache headers on authenticated requests.
• REST API: Simplified returning the cart key to the headers.
• REST API: Loading of the REST API optimized.
• Plugin: Moved is_rest_api_request() function to the main class so it can be utilized outside of the plugin.
• Plugin: Localization improvements.
• Plugin: Updated plugin review notice.
• Plugin: Code files organized better.

Deprecations

• Removed the need to support web host "Pantheon" by filtering the cookie name.
• Removed our session abstract CoCart_Session that extended WC_Session. Any remaining functions have moved to our refreshed session handler.
• Function CoCart_Session_Handler::destroy_cookie() no longer used.
• Function CoCart_Session_Handler::cocart_setcookie() no longer used.
• Function CoCart_Session_Handler::get_cart() no longer used.
• Filter cocart_cookie no longer used. Use woocommerce_cookie instead.
• Filter cocart_cookie_httponly no longer used.
• Filter cocart_cookie_supported no longer used.
• Filter cocart_set_cookie_options no longer used.
• Filter cocart_cart_use_secure_cookie no longer used. Use wc_session_use_secure_cookie instead.
• Filter cocart_is_cart_data_valid no longer used.
• Returned headers X-CoCart-API-Timestamp and X-CoCart-API-Version no longer used.

Developers

• Introduced new action hook cocart_after_session_saved_data fires after the session is saved.
• Introduced new filter cocart_send_nocache_headers to decide if nocache headers are sent.
• Some functions from the cart and products API v2 have been moved to there own utility class so they can be utilized outside of the plugin.
• Added utility function to check for coupon exists.
• Moved two functions from CoCart Plus to be utilized outside of the plugin.

Compatibility

• Tested with WordPress v6.6
• Tested with WooCommerce v9.0

v4.1.1 - 14th June, 2024 Bug Fix

• Uncaught error with no featured image for a variation of a variable product. Solves issue 416

v4.1.0 - 6th June, 2024 In this release we are adding some quality of life improvements. What's New?

• REST API: Added new cart callback that allows you to set the customers billing details. See guide on how to use.
• REST API: Basic Authentication now accepts a customers billing phone number as their username. Password is still required when authenticating.
• REST API: Added the ability to set the customers billing phone number while adding item/s to cart.

Improvements

• Plugin: Added more inline documentation for action hooks and filters.
• Plugin: Should the session not be initialized when called, it now fails safely.
• REST API: Authentication now detectable by authorization headers HTTP_AUTHORIZATION, REDIRECT_HTTP_AUTHORIZATION or getallheaders() function.
• REST API: Re-calculating cart totals has moved to the abstract cart callback so it can be shared.
• REST API: Setting a custom price for an item will now return that price for the item not just update the subtotals and totals.
• REST API: When adding an item to cart with a custom price, checks if the product allows it to change. Set via filter cocart_does_product_allow_price_change.
• REST API: Stock details now return for variations in the Products API (V2 Only). Schema updated to match.
• REST API: Added headers CoCart-API-Cart-Expiring and CoCart-API-Cart-Expiration to be exposed with CORS.
• REST API: Browser cache has been improved.

Bug Fixes

• REST API: Most product endpoints for API v2 where suddenly not registering since v4.0.

Deprecations

• Removed the legacy API that CoCart started with.
• Removed support for stores running lower than WooCommerce version 4.5
• User switching removed. Never worked 100%. Mainly added for internal debugging purposes.
• No longer use cocart_override_cart_item filter. Recommend using cocart_item_added_to_cart action hook instead.
• No longer user cocart_cart_updated hook. Replaced with cocart_update_cart_before_totals hook.

Developers

• Introduced new filter cocart_auth_header that allows you to change the authorization header.
• Introduced new filter cocart_set_customer_id that allows you to set the customer ID before initialized.
• Introduced new filter cocart_available_shipping_packages that allows you to alter the shipping packages returned.
• Introduced new filter cocart_does_product_allow_price_change that allows you to deny all custom prices or on specific items.
• Introduced new filter cocart_update_customer_fields that allows for additional customer fields to be validated and added if supported.
• Introduced new action hook cocart_after_item_added_to_cart that allows for additional requested data to be processed once item has added to the cart.
• Introduced new action hook cocart_after_items_added_to_cart that allows for additional requested data to be processed once items are added to the cart.
• Introduced new action hook cocart_update_cart_before_totals fires before the cart has updated via a callback.
• Introduced new action hook cocart_update_cart_after_totals fires after the cart has updated via a callback.
• Added the request object and the cart object as parameters for filter cocart_cart. No longer use $from_session parameter.

Compatibility

• Tested with WooCommerce v8.9

v4.0.2 - 17th May, 2024 Bug Fixes

• REST API: Reverted a change that broke the ability to clear the cart. Was falsely notify it cleared when it did not.
• WordPress Dashboard: WooCommerce System Status was not echoing CoCart tips correctly.

Improvements

• REST API: Products API, Schema, added properties for reviews section in both API v1 and API v2.

v4.0.1 - 15th May, 2024 Bug Fix

• REST API: Class ReserveStock not found when adding products to cart.

Developer note: A line was unintentionally removed that calls the class for use.

v4.0.0 - 13th May, 2024 In this release, we are happy to provide some of the various improvements made through out the plugin that were from the originally planned v4 release. These improvements are backwards compatible but one change is not. See the developer note for details.

Developer note: This release requires the quantity parameter to pass the value as a string for both adding items or updating items. If you are not new to CoCart then please update your code to account for this change.

Find out more about what’s new in CoCart 4.0 in our release post! Hope you enjoy this release. What's New?

• REST API: Added batch support for cart endpoints listed below. (API v2 supported ONLY) See article for batch usage.
• • Add item/s to cart.
• • Clear cart.
• • Remove item.
• • Restore item.
• • Update item.
• • Update cart.

Bug Fixes

• Plugin: Fixed various text localization issues.
• REST API: Access-Control-Allow-Credentials being outputted as 1 instead of true. Solves issue 410. Thanks to @SebastianLamprecht for reporting it.
• REST API: Update cart requests no longer fails and continues to the next item if an item in cart no longer exists.
• REST API: Products API schema has been completed for v1.
• REST API: Products API schema has been corrected for v2.
• WordPress Dashboard: Plugin suggestions now lists CoCart JWT Authentication add-on.

Improvements

• REST API: Now checks if the request is a preflight request.
• REST API: Error responses are now softer to prevent fatal networking when a request fails.
• REST API: Callback for cart update now passes the cart controller class so we don't have to call it a new.
• REST API: Cart schema tweaks.
• REST API: Cart and Product schema are now cached for performance.
• Plugin: Added more inline documentation for action hooks and filters.
• Plugin: Improved database queries.
• Plugin: Updated to latest WordPress Code Standards.
• WordPress Dashboard: Added CoCart add-on auto updates watcher.
• WP-CLI: Updating CoCart via command will now remove update database notice.

Developers

• REST API: Two new headers return for cart responses only. CoCart-API-Cart-Expiring and CoCart-API-Cart-Expiration.

These two new headers can help developers use the timestamps of the cart in session for when it is going to expire and how long until it does expire completely.

• REST API: Error tracking is returned with the error responses when WP_DEBUG is set to true to help with any debugging.
• REST API: Class aliases have been added to API v2 controllers after changing the class names for consistency.

Compatibility

• Tested with WooCommerce v8.8

v3.12.0 - 18th March, 2024 Security Patch 📢 This release solves a validation issue for both versions of the Products API when accessing an individual product. It is important that you update to this release asap to keep your store secure. Bug Fixes

• Corrected: Products API v1 Schema for weight object.
• Added: Missing Products API v1 Schema for Image sizes.
• Fixed: Schema product type options to match with parameters.
• Fixed: Products API returning custom attributes with special characters incorrectly. Solves issue 401
• Fixed: Some requested data was not sanitized.

Compatibility

• Tested with WordPress v6.5

View the full changelog here.