Skip to main content
wordpress supportwordpress support services

WooCommerce Store API Now Stable, Provides Better Support for Custom Frontends

WooCommerce announced today that its new Store API is now stable after two years in development. It powers the plugin’s new block-based cart and checkout experience as well as all products blocks.

The Store API is a public, unauthenticated API, that provides REST API endpoints for cart, checkout, and product functionality. WooCommerce core developer Mike Jolley explained how the new API is different from the plugin’s REST API:

The main difference between the Store API and WC REST API is that the Store API allows unauthenticated access to store data, for example, products. This makes it suitable for a variety of use-cases, including custom frontends.

This is an unauthenticated API. It does not require API keys or authentication tokens for access.

Another difference is that the Store API has support for Cart data. This allows for cart operations such as adding items to the cart, updating quantities, applying coupons, and submitting orders. Only the current customer’s cart can be accessed.

Data returned from the Store API is always reflective of the current user (cookie-based), whereas the WC REST API allows more extensive access to any data, should you have the correct access rights.

In an interview with HollerWP last year, Jolley said it’s helpful to think of the Store API as for clients and the core REST API as the API for store management.

“Keeping them separate like this makes it clear that one exposes data in a public context,” he said.

Scott Bolinger, co-founder of AppPresser, explained how the Store API fixes a problem with the original WooCommerce REST API.

“It [the WC REST API] was never meant for mobile, headless, or any other front end implementation,” Bolinger said. “It was only meant for back end admin stuff like inventory, adding/removing products, etc.

“The problem is that there was no alternative, so headless/mobile apps used it for displaying products. With the WC REST API, everything requires authentication, which doesn’t make sense, because products are public on your website. You shouldn’t have to authenticate to see someone’s products.”

The new Store API allows developers to get products, attributes, collections, and other data without authentication, and adds a cart API, making it possible to checkout.

“I think most implementations of the WC Rest API that are for the front end should switch to the Store API,” Bolinger said.

The WooCommerce team is still working on making this API suitable for headless and mobile apps. In an ideal world, the best cart API for headless WooCommerce apps would be made by WooCommerce. In the meantime, Bolinger recommended CoCart.

CoCart is a customizable, WordPress REST API for WooCommerce that allows developers to build headless (or decoupled) e-commerce stores using their choice of frameworks.

“I’m not using the Store API and I don’t see that I will,” Co-Cart founder Sébastien Dumont said. “Both API’s are unique for their individual purposes. WooCommerce’s Store API is designed for the Gutenberg blocks, which only requires a fixed format and is still prone to be used on native storefronts.

“I don’t see today’s news affecting CoCart. Most of my users have already known about the Store API while it was still experiential and failed after trying it for headless purposes. It also requires tweaking while CoCart does not”.

Dumont said the Store API is still missing a lot of valuable information that developers require and that using CoCart saves them considerable development time.

“With the WC Rest API, there is no cart or checkout, so it’s cool they added that,” Bolinger said. “Nonces only work when you are on the site though, so for mobile apps or headless WP, you will run into issues. Unfortunately it’s not where it needs to be for headless (yet).

“There is a filter to disable nonce authentication: add_filter( 'woocommerce_store_api_disable_nonce_check', '__return_true' ); Even changing this to use something like JWT won’t fully work for headless, at least in my testing. I hope they will address this in the future.”

This particular issue is still open on the WooCommerce GitHub repository. Maintainers seem open to exploring how core can accommodate this. In the meantime, third-party solutions are available to developers building mobile apps.

For a technical breakdown of what’s currently possible with the new Store API, check out Mike Jolley’s announcement post. He demonstrated how you can go through the entire purchase flow using the Insomnia API client- without even visiting the store. The API’s technical documentation and guide to extensibility is available on GitHub.