Configuration
Required Settings
config/config.php
<?php
return [
// required for production
'bnomei.kart.license' => fn() => env('KART_LICENSE_KEY'),
// recommended, set a random 64 char long string to these
// and keep the values save like you would with a password
'bnomei.kart.crypto.password' => fn() => env('CRYPTO_PASSWORD'),
'bnomei.kart.crypto.salt' => fn() => env('CRYPTO_SALT'), // -> signatures for order URLs
];All Settings
| bnomei.kart. | Default | Description |
|---|---|---|
| license | callback|string |
the Kart plugin license key |
| captcha.enabled | false |
enable if you want to use it |
| captcha.current | string |
|
| captcha.get | string |
|
| captcha.set | callback|string |
|
| checkoutFormData | callback |
callback to validate/modify the data of the checkout form, can yield a 302 HTTP status code |
| completed | callback |
callback to modify the data for the order creation |
| crypto.password | callback|null|false |
string with password for the encryption or disable |
| crypto.salt | callback |
string with salt for the encryption with fallback to random in cache |
| crypto.signature | true |
append and check signature on critical Urls like MagicLinks and Order pages |
| currency | 'EUR' |
uppercase 3-letter code |
| customers.enabled | true |
automatically create users |
| customers.roles | ['customer', 'member', 'admin'] |
possible roles with first one being default |
| dateformat | Y-m-d H:i |
used within the blueprints for the panel, adjust this when using the IntlDateHandler |
| expire | 0|null |
create caches, expire in minutes or disable |
| licenses.api | false |
CSRF protected API endpoints to manipulate licenses |
| licenses.activate | callback |
customize the license endpoint |
| licenses.deactivate | callback |
customize the license endpoint |
| licenses.validate | callback |
customize the license endpoint |
| locale | callback|string |
or current locale on multilanguage setups |
| middleware.blacklist | array |
list of paths used by Kart that should be disabled |
| middleware.csrf | 'token' |
null/false or name for form field |
| middleware.enabled | array |
list of enabled middlewares, csrf and ratelimit by default |
| middleware.ratelimit.enabled | true |
protects public facing endpoints |
| middleware.ratelimit.limit | 60 |
max 60 requests per minute |
| orders.enabled | true |
create orders page and enable order management |
| orders.order.create-missing-zips | true |
if any product in order has downloads and the order has no zip then recreate it on next access |
| orders.order.maxapo | 10 |
max amount product per order unless specified on product itself, keep this low to prevent stock hostages, set per product instead |
| orders.order.maxlpo | 10 |
max different products per order aka lines in cart, check your providers API docs before increasing this |
| orders.order.uuid | callback |
generator for order page Uuids (not invoice number) |
| orders.order.zip | callback |
callback to add/remove files to the directory used to create the ZIP file for an order |
| orders.page | 'orders' |
slug of the orders page |
| products.enabled | true |
create the products page if missing and use within Kart |
| products.page | 'products' |
slug of the products page |
| products.product.uuid | callback |
generator for product page Uuids |
| products.variants | array |
2-dimensional array to define sorting order of variants for $product->variantGroups() |
| provider | 'kirby_cms'|string |
key of current provider, see ProviderEnum |
| providers | array |
list of all providers with an array of config for each, see each Provider in the docs |
| queues.locking | true |
use a locking queue for updating stock |
| router.csrf | 'token' |
null/false or name of form field |
| router.header.csrf | 'X-CSRF-TOKEN' |
accept this header as for csrf value, see headless setup |
| router.header.htmx | 'HX-Request' |
if present then router will change mode to html, see HATEOAS setup |
| router.mode | 'go' |
go/json/html, defines what Karts router returns |
| router.salt | callback|false |
KEQ, string with salt for the encryption with fallback to random in cache or disable |
| router.snippets | array |
array of snippet names or from->to mappings for headless and HATEOAS setups |
| stocks.enabled | true |
create stocks page and enable stock management |
| stocks.page | 'stocks' |
slug of the stocks page |
| stocks.queue | true |
use a queue to prevent issues with concurrent requests |
| stocks.stock.uuid | callback |
generator for stock page Uuids |
| successPage | null |
id of the page to redirect to after checkout flow, defaults to page of order |
| turnstile.secretkey | callback|string |
|
| turnstile.sitekey | callback|string |
Make sure you website is secure.