Codewerk.
Get a quote
Home/Blog/The Store API in practice: auth, cart, checkout

The Store API in practice: auth, cart, checkout

Context tokens, sales-channel keys and the cart that lives on the server. The three things every headless build gets wrong on the first attempt.

Photo: free stock photography (Unsplash licence) — see imprint

The context token is the session

The Store API is stateless for you but stateful for the cart: everything hangs off the context token. Lose it and the customer's basket vanishes. Persist it properly, refresh it on login, and never leak it into a URL.

The cart lives on the server — trust it

Do not calculate prices or totals in your frontend to make the UI feel fast. Show the server's numbers. Two systems computing the same total is how a customer sees €99 and gets charged €102.

Search criteria are your query language

Filters, aggregations, associations and sorting all travel in the criteria object. Learn it properly once — it is the same concept in the Store API, the Admin API and the DAL, and it will save you from fetching a whole catalogue to count three things.

Cache what is public, never what is personal

The category listing for an anonymous visitor is cacheable at the edge. The same listing for a logged-in B2B customer contains their prices and must never touch a shared cache. Get this boundary wrong once and you will leak pricing between customers.

Key takeaways
  • Everything hangs off the context token.
  • Never recalculate the cart in the frontend.
  • Personalised responses must never hit a shared cache.

We do this for a living — Shopware, Node.js, React, ERP integration and automation for B2B.

Talk to an engineer

// Keep reading

Related articles