CoCart – JWT Authentication


This free add-on for CoCart allows you to authenticate via a simple JWT Token.


An excellent plugin, which makes building a headless WooCommerce experience a breeze. Easy to use, nearly zero setup time. Harald Schneider

Enable PHP HTTP Authorization Header

🖥️ Shared Hosts

Most shared hosts have disabled the HTTP Authorization Header by default.

To enable this option you’ll need to edit your .htaccess file by adding the following:

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]


RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]


To enable this option you’ll need to edit your .htaccess file by adding the following (see this issue):

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

🧰 Configuration

  1. Set a unique secret key in your wp-config.php file defined to COCART_JWT_AUTH_SECRET_KEY.
  2. Install and activate plugin.

Token Expiration

By default, the token expires after two full days but can be filtered to change to your preference using this hook cocart_jwt_auth_expire.

Here is an example changing it to expire after just 2 hours.

add_filter( 'cocart_jwt_auth_expire', function() {
  return MINUTE_IN_SECONDS * 120

📄 Usage

  1. Authenticate via basic method with the login endpoint to get your token.
  2. Store the given token under jwt_token in your application.
  3. Now authenticate any cart route with Bearer authentication with the token given.

🧰 Developer Tools

  • CoCart Beta Tester allows you to easily update to pre-release versions of CoCart Lite for testing and development purposes.
  • CoCart VSCode extension for Visual Studio Code adds snippets and autocompletion of functions, classes and hooks.
  • CoCart Product Support Boilerplate provides a basic boilerplate for supporting a different product types to add to the cart with validation including adding your own parameters.
  • CoCart Cart Callback Example provides you an example of registering a callback that can be triggered when updating the cart.


Amazing Plugin. I’m using it to create a react-native app with WooCommerce as back-end. This plugin is a life-saver! Daniel Loureiro

👍 Add-ons to further enhance CoCart

We also have other add-ons that extend CoCart to enhance your development and your customers shopping experience.

They work with the core of CoCart already, and these add-ons of course come with support too.

⌨️ Join our growing community

A Discord community for developers, WordPress agencies and shop owners building the fastest and best headless WooCommerce stores with CoCart.

Join our community

🐞 Bug reports

Bug reports for CoCart – JWT Authentication are welcomed in the CoCart – JWT Authentication repository on GitHub. Please note that GitHub is not a support forum, and that issues that aren’t properly qualified as bugs will be closed.

More information

💯 Credits

This plugin is developed and maintained by Sébastien Dumont.
Founder of CoCart Headless, LLC.


Minimum Requirements

  • WordPress v5.6
  • WooCommerce v6.4
  • PHP v7.4
  • CoCart v3.8.1

Recommended Requirements

  • WordPress v6.0 or higher.
  • WooCommerce v7.0 or higher.
  • PHP v8.0 or higher.

Automatic installation

Automatic installation is the easiest option as WordPress handles the file transfers itself and you don’t need to leave your web browser. To do an automatic install of CoCart – Cart Enhanced, log in to your WordPress dashboard, navigate to the Plugins menu and click Add New.

In the search field type “CoCart JWT Authentication” and click Search Plugins. Once you’ve found the plugin you can view details about it such as the point release, rating and description. Most importantly of course, you can install it by simply clicking “Install Now”.

Manual installation

The manual installation method involves downloading the plugin and uploading it to your webserver via your favourite FTP application. The WordPress codex contains instructions on how to do this here.


It is recommended that anytime you want to update “CoCart JWT Authentication” that you get familiar with what’s changed in the release.

CoCart JWT Authentication uses Semver practices. The summary of Semver versioning is as follows:

  • MAJOR version when you make incompatible API changes.
  • MINOR version when you add functionality in a backwards compatible manner.
  • PATCH version when you make backwards compatible bug fixes.

You can read more about the details of Semver at


There are no reviews for this plugin.

ਯੋਗਦਾਨੀ ਤੇ ਵਿਕਾਸਕਾਰ

“CoCart – JWT Authentication” is open source software. The following people have contributed to this plugin.


“CoCart – JWT Authentication” ਦਾ ਆਪਣੀ ਭਾਸ਼ਾ ਵਿੱਚ ਅਨੁਵਾਦ ਕਰੋ।

ਵਿਕਾਸ ਕਾਰਜ ਵਿੱਚ ਰੁਚੀ ਰੱਖਦੇ ਹੋ?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.


View the full changelog here.