Configuration

Required Settings

config/config.php
<?php

return [
  // required for production
  'bnomei.kart.license' => fn() => env('KART_LICENSE_KEY'),

  // recommended, set a random 64 char long string to these
  // and keep the values save like you would with a password
  'bnomei.kart.crypto.password' => fn() => env('CRYPTO_PASSWORD'),
  'bnomei.kart.crypto.salt' => fn() => env('CRYPTO_SALT'), // -> signatures for order URLs
];

All Settings

bnomei.kart. Default Description
license callback|string the Kart plugin license key
captcha.enabled false enable if you want to use it
captcha.current string
captcha.get string
captcha.set callback|string
crypto.password callback|null|false string with password for the encryption or disable
crypto.salt callback SIGNATURES, string with salt for the encryption with fallback to random in cache
currency 'EUR' uppercase 3-letter code
customers.enabled true automatically create users
customers.roles ['customer', 'member', 'admin'] possible roles with first one being default
expire 0|null create caches, expire in minutes or disable
licenses.api false CSRF protected API endpoints to manipulate licenses
licenses.activate callback customize the license endpoint
licenses.deactivate callback customize the license endpoint
licenses.validate callback customize the license endpoint
locale callback|string or current locale on multilanguage setups
middleware.blacklist array list of paths used by Kart that should be disabled
middleware.csrf 'token' null/false or name for form field
middleware.enabled array list of enabled middlewares, csrf and ratelimit by default
middleware.ratelimit.enabled true protects public facing endpoints
middleware.ratelimit.limit 60 max 60 requests per minute
orders.enabled true create orders page and enable order management
orders.order.create-missing-zips true if any product in order has downloads and the order has no zip then recreate it on next access
orders.order.maxapo 10 max amount product per order unless specified on product itself, keep this low to prevent stock hostages, set per product instead
orders.order.maxlpo 10 max different products per order aka lines in cart, check your providers API docs before increasing this
orders.order.uuid callback generator for order page Uuids (not invoice number)
orders.page 'orders' slug of the orders page
products.enabled true create the products page if missing and use within Kart
products.page 'products' slug of the products page
products.product.uuid callback generator for product page Uuids
products.variants array 2-dimensional array to define sorting order of variants for $product->variantGroups()
provider 'kirby_cms'|string key of current provider, see ProviderEnum
providers array list of all providers with an array of config for each, see each Provider in the docs
queues.locking true use a locking queue for updating stock
router.csrf 'token' null/false or name of form field
router.header.csrf 'X-CSRF-TOKEN' accept this header as for csrf value, see headless setup
router.header.htmx 'HX-Request' if present then router will change mode to html, see HATEOAS setup
router.mode 'go' go/json/html, defines what Karts router returns
router.salt callback|false KEQ, string with salt for the encryption with fallback to random in cache or disable
router.snippets array array of snippet names or from->to mappings for headless and HATEOAS setups
stocks.enabled true create stocks page and enable stock management
stocks.page 'stocks' slug of the stocks page
stocks.queue true use a queue to prevent issues with concurrent requests
stocks.stock.uuid callback generator for stock page Uuids
successPage null id of the page to redirect to after checkout flow, defaults to page of order
turnstile.secretkey callback|string
turnstile.sitekey callback|string

Make sure you website is secure.

Prefabs
Resources
Legal
Support
Services
Kirby Kart is not affiliated with the developers of Kirby CMS. We are merely standing on the shoulder of giants.
© 2025 Bruno Meilick All rights reserved.