What’s coming to CoCart v4

The roadmap to version 4 has been an extensive journey, necessitating substantial efforts to consolidate all elements. Through more than a year of code restructuring, developer support enhancements, refinement of WooCommerce extensions, thorough documentation, and testing of various use cases, CoCart has evolved into the product we had envisioned, enabling WooCommerce stores to truly embrace a headless approach.

The primary objective was to divide CoCart into five distinct modules, enhancing code management and facilitating the provision of code references for developers. Moreover, this initiative aimed to streamline development for future add-ons, ensure compatibility with WooCommerce extensions, and most importantly, enhance the API’s performance.

Overall, CoCart has now achieved a position that facilitates the process of decoupling WooCommerce, making it more convenient and user-friendly. This platform not only simplifies the task of developers, but also saves them precious months that would otherwise have been spent on creating their own API.

Session Handler: In with the same and out with the new

The session handler is a vital component of CoCart’s functionality. Without it, decoupling WooCommerce would pose difficulties as it heavily relies on cookies to store user session tokens that are fixed on the same origin as the WordPress installation.

In order to overcome this limitation, our handler has undergone several modifications over multiple releases. While most of these changes were implemented to better support CoCart’s handling through the REST API, they inadvertently led to reduced compatibility with extensions, third-party plugins, and custom functions developed for clients who utilize the original session handler developed by WooCommerce.

After conducting thorough research and testing, we discovered that due to the limitations of the session handler in WooCommerce, many popular extensions and third-party plugins have resorted to implementing workaround solutions.

Among the most commonly utilized data for user session identification was the WooCommerce cookie, which we replaced with our own.

Although our primary objective is to establish CoCart as the leading headless API, we now recognize the necessity of preserving these limitations while ensuring that CoCart continues to operate optimally without compromising core features in WooCommerce, which are utilized by other third-party plugins.

Consequently, the session handler has been updated and enhanced to provide even better support for both WooCommerce extensions and third-party plugins, all while still meeting the needs of CoCart.

The original WooCommerce session cookie has been reintroduced for the front-end, while the CoCart API no longer utilizes it. Instead, user session data is returned during any cart request and delivered through the necessary information in the HTTP Header, allowing for client-side caching.

Database Changes

As a result of the modifications applied to the session handler, corresponding adjustments were necessary for the database. Presently, the session retains distinct and separate values for user ID and customer ID, while maintaining the cart key as a randomized key by default, no longer serving as a means to store the user ID for logged-in users.

This enhancement facilitates the opportunity for merchants to efficiently manage a customer’s cart on their behalf, without the requirement of authenticating as the customer. Consequently, merchants can leverage the REST API to create a Point of Sale (POS) application, thereby expanding their capabilities and improving customer service.

Batch Support for Cart

Until now, despite being one of the most sought-after features, its implementation was deemed unfeasible. However, with the advent of version 4, extensive efforts were dedicated to reworking the system, ensuring optimal performance in handling multiple requests for the cart, all while maintaining a singular and efficient cart response. This meticulous approach has culminated in a successful realization of the desired functionality.

Settings Page

Ensuring adequate control over your WordPress and CoCart configuration has become an essential requirement, facilitating seamless management on the go. It holds utmost significance that these specific options can be accomplished without the necessity of employing filters.

CoCart Settings Page


To help prevention of abuse on endpoints arising from excessive calls, thereby mitigating performance degradation on the store’s hosting system. A rate limiter has been introduced.

Rate limit tracking is efficiently governed, either through USER ID for logged-in users or IP ADDRESS for unauthenticated requests, ensuring optimal control.

Additionally, the system readily accommodates running behind a proxy, load balancer, or similar configurations, providing standard support for diverse setups.

Notably, a predefined limit of 25 requests per 10-second interval serves as the default setting. Nevertheless, the flexibility to modify these parameters is available through the utilization of options filters.

See rate limit guide.