Support » Plugin: Cart REST API for WooCommerce - CoCart Lite » Basic understanding: add item to cart and customers

  • Resolved silverline


    Hey there,

    so I am authenticating the woo commerce standard REST Api way:
    Basic auth with customer key and secret.

    I’d like to add an item to the cart now using the documented endpoint:

    This works fine, I can add any item I want.

    But now I have a basic understanding question:
    What if I want ANY customer or ANY not logged in user to add an item to a cart?
    How would I need to authenticate with the API in this case?

    My first intuition was that I need to pass the woocommerce_cart_hash as an argument (I can see this hash is available via cookies in the Storefront) which would identify the cart of the user but that seems not to be supported.

    Here is my usecase:

    I have build a product-configurator which lets you puzzle together 4 different products from a list of products.
    Via click on “Add to cart” I want the 4 items to be added to the CURRENT cart of the given user OR also to a user that might not be logged in (login is not required to use the configurator).
    I though CoCart would be THE solution for my problem but it seems not so intuitive now. Or am I missing something essential here?

    Thanks for your support and keep on the good work.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Sébastien Dumont


    Hi @martinbr83

    By default, basic authentication with any REST API also requires cookie authentication. A technique called nonces to avoid CSRF issues. This prevents other sites from forcing you to perform actions without explicitly intending to do so. This requires slightly special handling for the API.

    More information can found here:

    While cookie authentication is the only authentication mechanism available natively within WordPress for the REST API, other plugins may provide support to alternative modes of authentication that will work from remote applications. Such as JWT Authentication. I recommend trying that one.

    WooCommerce have provided their own authentication method but it requires some custom coding in order to make it work for the front-end as it was designed only for their REST API.

    I am working on an authentication method myself which will be available as an add-on in the future and I am currently testing out basic authorization without requiring to use a cookie when my REST API is used.

    The next release will also support individual carts better and allow you to fetch a specific cart should you need to. You can follow progress via the blog or come and join the CoCart community to discuss and share ideas for CoCart.

    The woocommerce_cart_hash cookie changes every time the cart is updated so no it’s not used to identify the cart. None of the cookies that WooCommerce create are helpful in anyway.

    Hope that gives some answers to your question.

    Thank you for this helpful answer @sebd86
    Also good to know that existing woo commerce cookies are useless here. Too bad.

    Using JWT was also an idea I had but I still don’t understand how an anonymous page visitor would add items to a cart then?
    I can authenticate as “the” user – ok fine. Then I could add items to my cart – no problem. But this is not the common use case, is it?
    I want my anonymous users to be able to add items to their cart so what in your opinion is the best practise to realise this?

    Thanks a lot for your support.

    Plugin Author Sébastien Dumont


    The WooCommerce cookies are used for their JS I think. I’m sure they could improve and remove the use of these cookies all together as I don’t see a need for them.

    Anonymous visitors has been a hit and miss according to the CoCart users that have shared feedback so far. This is due to the session system WooCommerce has created and the lack of support for sessions in various code languages.

    Which is why I am working on a new system for the next version so it’s not a hit and miss. Right now, most of my plugin users have had to ask their customers to register and then authenticate the user when adding items to the cart.

    I wrote a blog post explaining the future of CoCart and how you can support it.

    Ok thanks a lot.
    Do you know of any workaround in this case and how items could get added to carts by anonymous users?
    When do you plan to have the next version ready? Happy to pay for it if its included in the Pro plan.

    Thank you

    Plugin Author Sébastien Dumont


    There is no work around otherwise I would have released it months ago. I’m unwell at the moment so I don’t have an exact ETA but I’m targeting by the end of next week.

    Prices go up on the 9th March so if you want CoCart Pro I would get it now while the prices are low.

    Plugin Author Sébastien Dumont


    Hi @martinbr83

    v2.1.2 was just released with guest support among other improvements and goodies.


Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Basic understanding: add item to cart and customers’ is closed to new replies.