The cookie for CoCart and therefore the cart key is supplied through response headers, so called Set-Cookie-headers.
Cookies received via Set-Cookie-headers is stored in the browser for the domain upon which holds the API, meaning you can encounter problems reading the cookie values from your frontend.
If using a package like axios, make sure to supply the correct config parameters that enables cookies in requests to the server. As an example, axios has a config parameter called
withAuthorization. With the flag set to true, cookies previous set will be sent in the request.
P.S. Our official JS library already has this setup for you.