CoCart – Headless REST API for WooCommerce

Description

You’ve chosen WooCommerce for your store. Now you want a modern frontend — React, Next.js, Astro, Vue — without being locked into WordPress themes. That’s exactly what CoCart is built for.

CoCart gives WooCommerce a proper frontend REST API: cookie-less session management built for stateless frontends, authentication that makes sense, and CORS support built-in. Cart sessions, authentication, and product data. Scale up when you’re ready.

In active development since 2018, with a ★4.9/5 rating from the developers who build headless stores with it every day.

Features | Why CoCart? | Free vs. CoCart Plus | SDKs & Tools | Support | Docs

🚀 Make your first API call in 2 minutes

Install CoCart and you’re immediately ready to call the API — no setup required:

curl -X POST https://your-store.com/wp-json/cocart/v2/cart/add-item \
  -H "Content-Type: application/json" \
  -d '{"id": "123", "quantity": 1}'

Want to explore before installing? Try a free sandbox

See the full API reference

💬 Loved by 1,000+ developers worldwide

Rated ★★★★★ 4.9/5 on WordPress.org.

★★★★★

“An excellent plugin, which makes building a headless WooCommerce experience a breeze. Easy to use, nearly zero setup time.” — Harald Schneider

★★★★★

“This plugin works great out of the box for adding products to the cart via API. The code is solid and functionality is as expected, thanks Sebastien!” — Scott Bolinger, Creator of Holler Box

★★★★★

“Thanks for doing such great work with this! Works exactly as expected and CoCart seems to have a nice community around it. The founder seems really devoted and that’s one of the key things for a plugin like this to live on and get the right updates in the future. We just got ourselves the lifetime subscription.” — Mighty Group Agency

See our full wall of love for more developer testimonials.

Why CoCart?

WooCommerce’s Store API can be used headless, but it was designed for the Gutenberg block editor ecosystem. Its session model relies on nonces passed via response headers — suited for anonymous single-session shoppers, but the nonce is tied to WordPress’s nonce lifecycle and less straightforward to persist across sessions or devices.

CoCart is purpose-built for headless from day one: cart sessions identified by a persistent key — no nonces, no cookies — a single unified endpoint set for both product and cart data, and authentication for customers that supports any shop requirement.

Features

🚀 Session management that works

  • 🔐 Cookie-less sessions — database-stored, built for concurrent requests and stateless frontends
  • 👤 Guest customer support — full cart session support for unauthenticated shoppers, no login required
  • 🔄 Load any session into checkout — hand off to WooCommerce’s native checkout with any payment gateway

🛒 Essential cart operations

  • Add, update, and remove items via simple POST/PUT/DELETE requests
  • 🔎 Product search — query by name, SKU, or ID, authenticated or not, with flexible filtering
  • 💸 Name Your Price support — donation-based and flexible pricing built in
  • 📦 Bulk cart requests — combine multiple operations into a single API call

💻 Developer experience, done right

  • 🔑 Flexible authentication — email, username, or phone login; no admin API keys to manage
  • 🌍 CORS support built in — first-party CORS handling; your frontend connects without configuration hell
  • 🧩 180+ filters — customize every response, add logic without writing new routes
  • 📊 Cart insights — monitor active, expiring, and expired sessions from the dashboard
  • 🛠 Works with your existing stack — built on WooCommerce Data Stores with familiar hooks for broad plugin compatibility

🎯 Battle-tested

  • Tested with every major WooCommerce release
  • Multisite compatible

Who builds with CoCart?

Frontend developers shipping storefronts in Next.js, React, Vue, Nuxt, Astro, Svelte, or Remix — keep WooCommerce as the commerce engine and own the entire frontend experience, from server components to fully static builds.

Mobile app developers building shopping apps in React Native, Flutter, Swift, or Kotlin — the same cart key works across devices, so a customer can start a cart on their phone and finish on the web.

Agencies delivering high-performance client storefronts — reuse one proven commerce backend across projects while every client gets a custom frontend, free of WordPress theme constraints.

Product teams going beyond the browser — progressive web apps with persistent carts, in-store kiosks, point-of-sale screens, even chat and voice commerce. Anywhere a customer can shop, CoCart can serve the cart.

Free vs. CoCart Plus

The free community version handles everything a headless cart needs: sessions, auth, CORS, cart operations, and product queries. It is actively maintained with security updates.

New features ship in CoCart Plus. When you’re ready to build a complete headless storefront — with coupons, shipping, fees, rate limiting, and checkout — Plus has you covered:

  • 🎫 Coupon Management — apply discounts and promo codes, boost conversions
  • 🚢 Shipping Calculations — real-time rates and method selection
  • 💰 Cart Fees — handling fees, rush charges, and custom pricing logic
  • 🥪 Advanced Batch API — multiple cart operations in a single request
  • 🕒 Rate Limiting — protect your API from abuse under load
  • 🧾 Checkout — complete orders with any WooCommerce-supported gateway (coming soon)
  • 💲 Subscription Support — new subscriptions and renewals (coming soon)

View CoCart Plus features and pricing

👍 Add-ons

Free add-ons that extend the core:

SDKs & Tools

Official SDKs — authentication, session management, and cart operations out of the box:

  • cocart-js (TypeScript/JavaScript) — GitHub
  • cocart-php (PHP) — GitHub
  • cocart-python (Python) — GitHub
  • cocart-go (Go) — GitHub

More are also in development and look forward to your feedback.

Developer tools:

Need Support?

Free users: Post in the WordPress support forum or join the CoCart Discord community — a growing group of developers, agencies, and shop owners building headless stores together.

CoCart Plus customers receive priority support with faster response times.

Join the community on Discord

More Information

💯 Credits

Developed and maintained by Sébastien Dumont
Founder of CoCart Headless, LLC.

Contributors & Developers

You can help translate “CoCart” into your language.

INTERESTED IN DEVELOPMENT?

Browse the code on GitHub, or follow the CoCart development blog for the latest development updates. You can also follow @cocartapi on Twitter to stay up to date about everything happening with CoCart.

Please share your experience

We’d love to hear what you have to say. Share your experience and help others discover CoCart. It helps to keep the plugin going strong, and is greatly appreciated.

Screenshots

Installation

Minimum Requirements

  • WordPress v6.7
  • WooCommerce v9.0
  • PHP v8.2

Recommended Requirements

  • WordPress v6.7 or higher.
  • WooCommerce v10.0 or higher.
  • PHP v8.3 or higher.

Automatic installation

Automatic installation is the easiest option as WordPress handles the file transfers itself and you don’t need to leave your web browser. To do an automatic install of CoCart, log in to your WordPress dashboard, navigate to the Plugins menu and click Add New.

In the search field type “CoCart” and click Search Plugins. Once you’ve found the plugin you can view details about it such as the point release, rating, and description. Most importantly of course, you can install it by simply clicking “Install Now”.

Manual installation

The manual installation method involves downloading the plugin and uploading it to your web server via your favorite FTP application. The WordPress codex contains instructions on how to do this here.

Upgrading

Review the changelog before upgrading. CoCart follows Semver — MAJOR versions may contain breaking API changes.

FAQ

Who is CoCart for?

Developers building headless or decoupled WooCommerce storefronts. If you can make HTTP requests and read JSON, you’re ready. No WordPress development experience required — CoCart abstracts the complexity and gives you clean, predictable API responses. Perfect for:

  • Frontend developers building with React, Next.js, Astro, Vue, or any modern framework
  • Agencies creating high-performance client storefronts
  • Mobile app developers who need a reliable eCommerce API

How do I get started?

Install WooCommerce and configure your store, then install and activate CoCart. You’re immediately ready to call the API — no additional setup required. Check the installation section for requirements, then follow the API reference to start building.

What happens to the free community version if I don’t upgrade?

Nothing. The free community stays fully functional. It covers sessions, authentication, CORS, cart operations, and product queries — everything you need to build a working headless cart. CoCart Plus adds advanced features like coupons, shipping, fees, and rate limiting for when you need them.

Is my store or customer data sent to CoCart’s servers?

No. CoCart runs entirely on your WordPress server. No customer data, cart contents, or store information is ever sent to CoCart’s servers. The plugin collects no analytics without your consent. Full privacy policy

Will my existing WooCommerce plugins still work?

Plugins that modify backend functionality — payment gateways, shipping, tax, inventory — continue to work. Plugins that only modify the PHP frontend (themes, shortcodes, widgets) won’t apply to the REST API layer, which is expected in a headless setup.

Why use CoCart instead of WooCommerce’s Store API?

WooCommerce’s Store API can be used headless, but it was designed for the Gutenberg block editor ecosystem. Its session model relies on nonces passed via response headers — suited for anonymous single-session shoppers, but tied to WordPress’s nonce lifecycle and less straightforward to persist across sessions or devices. CoCart is purpose-built for headless: cart sessions identified by a persistent key and authentication that supports any shop requirement.

Why does CoCart use a custom session handler?

Headless storefronts are stateless by nature — there’s no browser session to rely on, and concurrent requests are common. CoCart’s session handler is cookie-less, database-stored, and safe for concurrent requests, with full support for both guest and authenticated customers from day one.

Can I run WordPress on one domain and my storefront on another?

Yes — that’s the primary use case CoCart is built for. Enable CORS via the free CORS add-on or manually via the filter documented here.

Can I call other WordPress or WooCommerce APIs alongside CoCart?

Yes. CoCart doesn’t block or replace any other API. Once authenticated, your frontend can access CoCart endpoints, WooCommerce endpoints, and any custom endpoints you’ve built — all at the same time.

Can CoCart support SSO?

CoCart does not implement SSO itself — it authenticates customers against WordPress user accounts using Basic Auth or JWT (via add-on). It does not natively speak SAML, OAuth 2.0, or OIDC.

That said, CoCart can work alongside SSO in a headless setup. The typical pattern is:

  1. Your identity provider (Google, Okta, Auth0, etc.) authenticates the user via your frontend.
  2. A WordPress SSO plugin (e.g. one handling OAuth 2.0 or SAML) creates or matches a WordPress user account for that identity.
  3. Your frontend then authenticates with CoCart using Basic Auth or JWT as that WordPress user.

The SSO layer handles identity; CoCart handles the commerce session from that point on. Whether this works smoothly depends on how your chosen SSO plugin manages WordPress user creation and session state — that part is outside CoCart’s scope.

Does CoCart work on multisite?

Yes. Install and activate CoCart on each site where you want to use it.

Can I change the format of API responses?

Yes — there are 180+ filters available to customize responses, add fields, or remove data you don’t need.

Is “WooCommerce Shipping and Tax” plugin supported?

No — it restricts tax calculation to WooCommerce Blocks and Jetpack only. We don’t recommend it for headless setups. TaxJar for WooCommerce (v3.2.5+) is supported.

Does CoCart work with caching plugins like LiteSpeed or WP Rocket?

Yes. CoCart automatically excludes its API endpoints from page caching, so caching plugins won’t interfere with cart sessions or API responses. LiteSpeed Cache is explicitly supported out of the box. Though, some hosts may require manual configuration to exclude CoCart API endpoints.

How are cart sessions identified without cookies?

Each cart is assigned a unique cart key, which your frontend passes as a request header or query parameter on subsequent API calls. This makes sessions fully stateless and safe for concurrent requests — no cookies, no session conflicts. See the session documentation for implementation details.

Is there a hosted version, or does it run on my server?

CoCart runs entirely on your WordPress server — there’s no external service, no cloud dependency, and no data leaving your environment. You own your stack.

Where can I report bugs?

On the CoCart GitHub repository or in the #bug-report channel of the Discord community. Search first to avoid duplicates.

Where can I find more answers?

Check the full FAQ on cocartapi.com or browse the documentation.

Reviews

July 18, 2023
Perfect for setting up a headless woocommerce backend
June 15, 2023
Very good plugin, it helped me to connect Laravel catalog (for PageSpeed Insights, you know) & Woocommerce cart/checkout processing. Brilliant!
August 9, 2022 1 reply
An excellent plugin, which makes building a headless WooCommerce experience a breeze. Easy to use, nearly zero setup time.
August 16, 2021
since woocommerce is not offering product/cart api, this tools fits right in. you can do everything with it, all via api calls: products, variations, cart, shipping, checkout. (you might need the paid version as well. i bought them, so not sure, what comes out of the box and what features all need the extra mile. but still: worth it!) and the support is fast, too, thanks to seb. love it.
June 25, 2021
Plugin is a life saver when working turning wordpress & woocommerce into a headless cms. Support is also great and responsive to help with any issues you may have
Read all 21 reviews

Contributors & Developers

“CoCart – Headless REST API for WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

CoCart is open source and community-driven. Every release is tested, maintained, and published here on WordPress.org. Need more power? CoCart Plus unlocks advanced features and priority support.

v4.9.0 – July 12th, 2026

What’s New?

[!IMPORTANT]
PHP version 8.2 is the minimum requirement to install and use CoCart. PHP 7.4, 8.0, and 8.1 are all past end-of-life/security support so to help manage development resources to maintain CoCart, it will no longer be tested on these versions. Running CoCart on PHP 8.2 not only ensures you are secure but it also improves the performance of the CoCart API. Thank you for your understanding.

  • REST API: Added ETag support for all cart endpoints (GET/POST/PUT/DELETE) enabling conditional requests with If-None-Match header for immediate use.
  • REST API: Added ETag support for product endpoints (products, categories, tags, attributes, reviews).
  • REST API: Added CoCart-Cache response header indicating cache status: HIT, MISS, or SKIP.
  • REST API: Added _skip_cache query parameter to bypass caching for individual requests.
  • REST API: Added stale-while-revalidate directive to cacheable routes (products) for improved performance.
  • REST API: Added check for X-HTTP-Method-Override header if it exists during authentication.
  • WordPress Dashboard: New integrations page to provide more control over which supported plugin is running when making a CoCart request.

  • Plugin: New settings page providing quick easy control of CoCart without touching code for the following:

    • CORS and allowed origin.
    • Authorization header server variable.
    • Session expiration for guest and logged-in users.
    • “Load Cart from Session” feature.
    • “Name Your Price” feature.

Settings show a locked state when controlled by an external filter with a link providing information as to what and where.

Bug Fixes

  • REST API: Requests made via the WordPress REST API batch endpoint were not recognized and caused a fatal error when adding items.
  • REST API: Shipping address fields were blank after submitting billing-only details — billing fields now mirror to shipping when ship_to_different_address is not set, matching WooCommerce checkout behaviour. Shipping packages now also return correctly after a complete address is saved.
  • REST API: Slugs, permalinks and attribute names with non-ASCII characters (e.g., Chinese, Arabic) are now returned decoded instead of encoded across all product and cart endpoints.
  • REST API: Authentication not determining user in time when rest_url_prefix filter is used causing several cloned guest sessions with cart items.
  • REST API: Fixed fatal error when adding an invalid product to cart via v2 controller due to missing WP_Error check after product validation.
  • REST API: Corrected Last-Modified header in GMT per HTTP spec with more robust date parsing.
  • Plugin: Fixed cocart_deprecated_filter() returning null when the debug log was active, causing callers to receive no value from the deprecation wrapper.

PHP 8.2+ Fixes

  • REST API: Fixed warnings for undefined array keys cart_item_data and cart_item_key in v1 add item controller.
  • Session: Fixed warning for undefined array key total in session handler cart hash generation.
  • Plugin: Fixed warnings for undefined array key count when database queries return no results in cart counting functions.
  • Plugin: Fixed warning for undefined variable $per_page in admin plugin search.
  • Plugin: Fixed deprecated ${var} string interpolation syntax in plugin update screen.

Change

  • Session: Removed the max expiration exceed limit of 30 days to allow adjusting the lifetimes via the cocart_cart_expiring and cocart_cart_expiration filters as needed.

Dev note: You will still be warned “Keeping sessions for longer than X days can cause performance issues and larger session tables.”

Improvements

  • REST API: Slight performance increase by preventing admin content from loading in the background for every REST request made.
  • REST API: cocart_upload_file() and cocart_upload_image_from_url() now use a try/finally block to guarantee the upload_dir filter is always removed, even when an exception is thrown during upload.
  • REST API: cocart_upload_image_from_url() now uses wp_parse_url() to extract the filename from the image URL, correctly stripping query strings instead of splitting on ?.
  • Session: Adjusted get_session() using wp_cache_set() instead of wp_cache_add(), which caused stale persistent object cache entries to never be overwritten.
  • Session: Adjusted get_session() and update_cart() using an uninitialized expiration value on frontend requests, preventing sessions from being cached after a database read.
  • Session: Adjusted save_data() writing to object cache with a potentially negative TTL when session expiration was stale or unset.
  • Session: Adjusted update_cart() not syncing the object cache after a database write, causing subsequent reads to return stale cached data.
  • Session: Added get_cache_expiration() helper to reliably resolve cache expiration across both REST API and frontend contexts.

Breaking Changes

  • REST API: The cocart_does_product_allow_price_change filter now defaults to false. Price overrides via the price parameter on cocart/v2/cart/add-item are disabled by default. To restore the previous behaviour, add add_filter( 'cocart_does_product_allow_price_change', '__return_true' ); — or return true conditionally for specific products only.

Developers

  • Logger: Log entries now include a source line identifying the calling class, method, file, and line number for easier debugging.
  • Introduced new filter cocart_etag_cart_routes to customize which cart routes support ETag.
  • Introduced new filter cocart_etag_product_routes to customize which product routes support ETag.
  • Introduced new filter cocart_etag_routes to add ETag support for third-party plugin routes.
  • Introduced new filter cocart_cache_max_age to customize cache duration (default: 1 hour).
  • Introduced new filter cocart_stale_while_revalidate to customize stale-while-revalidate duration (default: 24 hours).

Deprecation’s

  • Filter cocart_secure_registered_users deprecated for security — unauthenticated access to registered user carts is now always blocked.

Compatibility

  • Tested with WordPress 7.0
  • Tested with WooCommerce v10.9

v4.8.4 – 21st April, 2026

Bug Fixes

  • Plugin: Fixed fatal error from sprint_f() typo in database update scheduler (sprintf).
  • REST API: Apply Access-Control-Allow-Credentials header correctly.
  • Load Cart: Only trigger warning if hook cocart_load_cart_override was used.
  • Load Cart: Fixed uncaught type error merging an empty cart value. Reported by @allkhor 👍
  • WordPress Dashboard: Fixed HTML issue in the WooCommerce admin bar title.

Compatibility

  • Tested with WooCommerce v10.7

v4.8.3 – 26th January, 2026

Bug Fixes

  • REST API: Updating a customer address after one is placed would not update.
  • REST API: Return error responses correctly so all headers return.

Changes

  • Plugin: Updated broken external links throughout the plugin.

v4.8.2 – 20th January, 2026

Improvements

  • Plugin: WordPress plugin checker helped resolve a few PHP code standards.

Compatibility

  • Tested with WordPress 6.9
  • Tested with WooCommerce v10.4

v4.8.1 – 24th November, 2025

Bug Fixes

  • REST API: Updating a customer address after one is placed would not update.
  • REST API: No customer data, no applied coupons or removed items in session caused undefined errors.
  • REST API: Customer data was not converting correctly to return in the Session API.
  • REST API: The product object was not passed correctly in the Session API for items.
  • REST API: Damaged or empty cart sessions was failing in the Session API.

Improvements

  • Plugin: WordPress plugin checker helped resolve a few database issues to keep up with security practices.

Compatibility

  • Tested with WooCommerce v10.3
  • Added support for the next CoCart Plus update.

v4.8.0 – 22nd September, 2025

What’s New?

  • Authentication: Enhanced login endpoint with improved permissions control via the new hooks mentioned below.

Improvements

  • Authentication: Removed priority order so our JWT Auth integration can run earlier in the process.
  • Authentication: Refactored get_ip_address for better trusted proxy support and better IP address detection with additional headers.
  • REST-API: Session handler now loads during the login endpoint operations.
  • Security: Item keys are now restricted to 32 characters maximum for better validation.
  • User Management: Refactored is_user_customer function to support additional user roles beyond just customers.

Developers

  • Logging: Added informational logs for IP address detection and proxy handling.
  • Introduced a new filter cocart_login_permission_callback allows additional authentication checks after basic authorization for the login endpoint.
  • Introduced a new filter cocart_login_secure_auth_methods determines which authentication methods should skip additional auth checks.
  • Introduced a new filter cocart_login_query_parameters allows plugins to add additional parameters to the login endpoint.
  • Introduced a new filter cocart_trusted_proxies allows adding trusted proxy IPs/CIDR for secure IP detection.
  • Introduced a new filter cocart_ip_headers allows customization of headers used for IP address detection.
  • Introduced a new hook cocart_login_permission_granted that triggers when login permission is granted for the login endpoint.

Compatibility

  • Tested with WooCommerce v10.2

v4.7.0 – 8th August, 2025

What’s New?

  • Authentication: Added support for authenticating via JSON request body with clear indication for the login endpoint (API v2 ONLY).

Improvements

  • Authentication: Internal refactor to return WP_Error consistently from permission checks.
  • REST API: Login (API v2 ONLY) Explicit added query params for username and password.

v4.6.4 – 6th August, 2025

Bug Fixes

  • REST API: Fixes both the product review and rating count.
  • Feature: Fixed “Load Cart from Session” from destroying sessions once loaded due to session improvements made in WC v10.

Improvements

  • Plugin: Ensure that dependent plugins can be installed/activated if the plugin is installed in a different folder name.
  • Feature: “Load Cart from Session” improved session data checking.
  • Session handler: Reduced duplicate session calls and optimized update_session_timestamp() database query.
  • Session handler: Restored persistent_cart_update compatibility for WooCommerce v10; only active for versions lower than v10.1.
  • Session handler: Overrode session_exists() and delete_session() to use CoCart’s session table.
  • Load Cart: Switched from $_REQUEST to $_GET and removed the priority for load_cart_action.
  • Load Cart: Re-enabled initialize_cart_session() and stopped destroying cookies when loading carts.

Deprecated

  • Action hook cocart_load_cart_override is no longer used.

v4.6.3 – 27th July, 2025

Bug Fix

  • REST API: Fixes identifying namespace and routes in the WordPress REST API Index if not set should they already be filtered out.

v4.6.2 – 25th July, 2025

Bug Fix

WooCommerce v10 caused a cache issue due to a change in the many times session data is handled.

Improvements

  • Plugin: Session handler optimized – New sessions created first, then auth users if no cart requested.
  • Plugin: Session handler – Removed the need to set cart hash at the start.
  • Plugin: Session handler – Added a warning log for when the session data must have really screwed up.
  • Plugin: Session handler – Added max expiration exceed limit to 30 days to avoid performance issues and the session table growing too large.
  • REST API: Check REST request is CoCart before maybe loading cart or filtering served requests.
  • REST API: Fixed deprecated functions still called in Products API.
  • REST API: Authentication and CORS optimized to parse data less allowing for a faster response.
  • REST API: Moved global headers to be filtered in rest_pre_serve_request instead of CoCart_Response which is not used for Products API.
  • Plugin: Moved the cart cache to load once WooCommerce has loaded instead of only during the REST API.

Developer note: Cart cache allows for items with custom pricing to be calculated on the native site and not just via the REST API to keep consistent with calculations.

Requirements

  • WooCommerce v9 minimum is now required for CoCart but for best performance recommend using v10+

Compatibility

  • Tested with WooCommerce v10.0.4

v4.6.1 – 21st July, 2025

Bug Fixes

  • REST API: Fixed undefined array key errors with cart session when cart is empty. Solves Issue #533
  • REST API: Fixed removing an item using the update endpoint when it thinks quantity value is not numeric.

Compatibility

  • Tested with WooCommerce v10.0.3

v4.6.0 – 26th June, 2025

This release is a compatibility release for the next WooCommerce release.

What’s new?

  • WordPress dot ORG: Added a Playground blueprint.

Changes

  • Plugin: Branding for CoCart has been updated.
  • Plugin: Styling for CoCart pages have been improved and more consistent on all pages by reducing conflicts with WordPress and WooCommerce styling.

Improvements

  • REST API: Basic authentication is detected much better.
  • REST API: Authentication failures now has debug logs.
  • WordPress Dashboard: Semantic markup overhaul for better screen reader interpretation.
  • WordPress Dashboard: Setup wizard and Support pages have been updated.

Compatibility

  • Tested with WooCommerce v10.0

v4.5.0 – 31st May, 2025

This release will most likely be the last update released on the WordPress plugin directory with anything NEW added.

What’s New?

  • REST API: Products can now be filtered to return only products by brand names.

Bug Fix

  • REST API: Added missing option for allowing to order products by random. Solves issue #516

Plugin Details

  • Plugin: Updated links for documentation.
  • WordPress Dashboard: Updated link for upgrade page.
  • WordPress Dashboard: Plugin action links are added after now, not before.

Compatibility

  • Tested with WooCommerce v9.9

v4.4.0 – 16th May, 2025

This release focuses on supporting such tools like ManageWP, MainWP, Blogvault etc.

Changes

  • WordPress Dashboard: Database updates now run automatically if needed. Resolves issue #511
  • WordPress Dashboard: Sessions now transfer automatically for new installs.
  • Session: Cart session expiration’s are now matching the default expiration WooCommerce set for better compatibility and abandoned cart support.
  • Session: Cart session expiration for logged in users renew daily and expire in a week. This is to keep carts persistent for logged in users.

Note: The session expiration’s can still be filtered back to the previous values but that would mean it would match the expiration for logged in users.

Third Party Support

  • Plugin: LiteSpeed Cache will now exclude CoCart from being cached. Commit

Developers

  • Filter cocart_cart_expiring added parameter is_user_logged_in() to allow the expiration for logged in users to be filtered.
  • Filter cocart_cart_expiration added parameter is_user_logged_in() to allow the expiration for logged in users to be filtered.

Internal

  • Improved the logger. Commit
  • Added logs for database update procedure. Commit

Deprecations

  • Filter cocart_log_entry_name no longer used.
  • Filter cocart_log_entry_version no longer used.
  • Filter cocart_log_entry_source no longer used.
  • Filter cocart_setup_wizard_store_save_next_step_override no longer used.

v4.3.30 – 27th April, 2025

Bug Fix

Improvement

  • REST API: Variation attribute data is now sanitized. Labels are converted to names (e.g. Size to pa_size), and values are cleaned.

Compatibility

  • Tested with WordPress v6.8

v4.3.29 – 10th April, 2025

Bug Fix

  • REST API: Package details would not return but showed fine in shipping meta.

Improvements

  • REST API: Optimized fetching the cart in all Cart API endpoints.
  • REST API: Shipping now fully respects the shipping settings.

Dev note: Meaning if you have requested that the customer provides the shipping address first before shipping is calculated, then no shipping methods will return until it’s provided.

Compatibility

  • Tested with WooCommerce v9.8

v4.3.28 – 6th April, 2025

Bug Fix

  • REST API: Fixed unidentified item key when adding grouped products.

v4.3.27 – 3rd April, 2025

Bug Fix

  • REST API: Undone a change to fix any WooCommerce cookies from setting with the Cart API. Related to fixing persistent cart back in November last year.

v4.3.26 – 1st April, 2025

Bug Fix

  • REST API: Fixed critical error when adding an item and asking to return the item details. Solves issue #509

Improvements

  • REST API: Corrected and added missing schema information for Cart API v1.
  • WordPress Dashboard: Tweaked plugin screen modal for listing untested plugins.

Requirement change

  • WordPress 6.3 is the new minimum version required.

v4.3.25 – 17th March, 2025

Bug Fixes

  • Plugin: Failed to activate fully when network activated due to how admin notices where set. – Bug Report
  • WordPress Dashboard: Plugin suggestions was not letting you press the “Install Now” button.

v4.3.24 – 10th March, 2025

Bug Fix

  • Fixed a few typo’s in the session handler.

Improvements

  • WordPress Dashboard: Improved detection of a suggested plugin hosted on WordPress dot ORG and from a third party.
  • WP-CLI: Update command now asks for confirmation before proceeding.

v4.3.23 – 3rd March, 2025

Bug Fixes

  • Authentication: Changed access for setting an authentication error from protected to public. Allowing other authenticators to not fail when an error does occur.
  • WP-CLI: When updating the plugin, we don’t need to include the install class again.

Improvements

  • Database: Simply modified the structure for columns that were BIGINT UNSIGNED to bigint(20) unsigned.
  • Session handler: Guest carts will now have a prefix t_ before the cart key provided. This matches with WooCommerce session handler where it maybe used by 3rd party plugins or web host configurations to identify if the session is for a guest user.

Dev note: This affects only new guest sessions.

Compatibility

  • Tested with WooCommerce v9.7

v4.3.22 – 26th February, 2025

Corrections

  • REST API: Schema corrections for cart endpoint.
  • REST API: Schema corrections for items endpoint to match cart schema.

For Developers

  • Moved filter cocart_get_customer_{field} after value instead of using it only when there is no value returned for a customers field. Replace {field} with the section prefix followed by the field name. e.g. billing_country

Developer note: This allows you to then alter values such as the billing country. See example.

add_filter( 'cocart_get_customer_billing_country', function( $value ) {
    if ( WC()->countries->country_exists( $value ) ) {
        return WC()->countries->get_countries()[ $value ];
    }

    return $value;
}, 10, 1);
  • Introduced new filter cocart_get_after_customer_{field-type}_fields that allows you to change the customer fields after they returned. Replace {field-type} with either billing or shipping for the fields to alter.

v4.3.21 – 20th February, 2025

Improvement

  • REST API: Added no-store as part of the Cache-Control header for guest users.

v4.3.20 – 8th February, 2025

Bug Fix

  • REST API: Fixed product reviews not returning.

v4.3.19 – 6th February, 2025

Bug Fix

  • REST API: Fixed setting a customers shipping address line 1 and 2.

v4.3.18 – 22nd January, 2025

General

  • Updated link to Next Changelog for coming future major release. (v5.0)
  • Improved SASS to CSS conversion.

Compatibility

  • Tested with WooCommerce v9.6

v4.3.17 – 14th January, 2025

Bug Fix

  • REST API: Stock status was incorrectly queried for Products API and now checks available stock statuses before filtering.

Improvements

  • REST API: Version of CoCart only returns in the returned headers when debug is enabled now.
  • REST API: WP_DEBUG is made sure it is defined before returning extras for developers in the store response.

Compatibility

  • Tested with WooCommerce v9.5

View the full changelog here.