Configuration

Required Settings

config/config.php

<?php

return [
  // required for production
  'bnomei.kart.license' => fn() => env('KART_LICENSE_KEY'),

  // recommended, set a random 64 char long string to these
  // and keep the values save like you would with a password
  'bnomei.kart.crypto.password' => fn() => env('CRYPTO_PASSWORD'),
  'bnomei.kart.crypto.salt' => fn() => env('CRYPTO_SALT'), // -> signatures for order URLs
];

All Settings

bnomei.kart.	Default	Description
license	`callback\|string`	the Kart plugin license key
captcha.enabled	`false`	enable if you want to use it
captcha.current	`string`
captcha.get	`string`
captcha.set	`callback\|string`
crypto.password	`callback\|null\|false`	string with password for the encryption or disable
crypto.salt	`callback`	SIGNATURES, string with salt for the encryption with fallback to random in cache
currency	`'EUR'`	uppercase 3-letter code
customers.enabled	`true`	automatically create users
customers.roles	`['customer', 'member', 'admin']`	possible roles with first one being default
dateformat	`Y-m-d H:i`	used within the blueprints for the panel, adjust this when using the IntlDateHandler
expire	`0\|null`	create caches, expire in minutes or disable
licenses.api	`false`	CSRF protected API endpoints to manipulate licenses
licenses.activate	`callback`	customize the license endpoint
licenses.deactivate	`callback`	customize the license endpoint
licenses.validate	`callback`	customize the license endpoint
locale	`callback\|string`	or current locale on multilanguage setups
middleware.blacklist	`array`	list of paths used by Kart that should be disabled
middleware.csrf	`'token'`	null/false or name for form field
middleware.enabled	`array`	list of enabled middlewares, csrf and ratelimit by default
middleware.ratelimit.enabled	`true`	protects public facing endpoints
middleware.ratelimit.limit	`60`	max 60 requests per minute
orders.enabled	`true`	create orders page and enable order management
orders.order.create-missing-zips	`true`	if any product in order has downloads and the order has no zip then recreate it on next access
orders.order.maxapo	`10`	max amount product per order unless specified on product itself, keep this low to prevent stock hostages, set per product instead
orders.order.maxlpo	`10`	max different products per order aka lines in cart, check your providers API docs before increasing this
orders.order.uuid	`callback`	generator for order page Uuids (not invoice number)
orders.page	`'orders'`	slug of the orders page
products.enabled	`true`	create the products page if missing and use within Kart
products.page	`'products'`	slug of the products page
products.product.uuid	`callback`	generator for product page Uuids
products.variants	`array`	2-dimensional array to define sorting order of variants for $product->variantGroups()
provider	`'kirby_cms'\|string`	key of current provider, see ProviderEnum
providers	`array`	list of all providers with an array of config for each, see each Provider in the docs
queues.locking	`true`	use a locking queue for updating stock
router.csrf	`'token'`	null/false or name of form field
router.header.csrf	`'X-CSRF-TOKEN'`	accept this header as for csrf value, see headless setup
router.header.htmx	`'HX-Request'`	if present then router will change mode to html, see HATEOAS setup
router.mode	`'go'`	go/json/html, defines what Karts router returns
router.salt	`callback\|false`	KEQ, string with salt for the encryption with fallback to random in cache or disable
router.snippets	`array`	array of snippet names or from->to mappings for headless and HATEOAS setups
stocks.enabled	`true`	create stocks page and enable stock management
stocks.page	`'stocks'`	slug of the stocks page
stocks.queue	`true`	use a queue to prevent issues with concurrent requests
stocks.stock.uuid	`callback`	generator for stock page Uuids
successPage	`null`	id of the page to redirect to after checkout flow, defaults to page of order
turnstile.secretkey	`callback\|string`
turnstile.sitekey	`callback\|string`

Make sure you website is secure.

Prefabs