Photo: free stock photography (Unsplash licence) — see imprint
The context token is the session
The Store API is stateless for you but stateful for the cart: everything hangs off the context token. Lose it and the customer's basket vanishes. Persist it properly, refresh it on login, and never leak it into a URL.
The cart lives on the server — trust it
Do not calculate prices or totals in your frontend to make the UI feel fast. Show the server's numbers. Two systems computing the same total is how a customer sees €99 and gets charged €102.
Search criteria are your query language
Filters, aggregations, associations and sorting all travel in the criteria object. Learn it properly once — it is the same concept in the Store API, the Admin API and the DAL, and it will save you from fetching a whole catalogue to count three things.
Cache what is public, never what is personal
The category listing for an anonymous visitor is cacheable at the edge. The same listing for a logged-in B2B customer contains their prices and must never touch a shared cache. Get this boundary wrong once and you will leak pricing between customers.
- Everything hangs off the context token.
- Never recalculate the cart in the frontend.
- Personalised responses must never hit a shared cache.
We do this for a living — Shopware, Node.js, React, ERP integration and automation for B2B.
Talk to an engineer