Configuration
Required Settings
config/config.php
<?php
return [
// required for production
'bnomei.kart.license' => fn() => env('KART_LICENSE_KEY'),
// recommended, set a random 64 char long string to these
// and keep the values save like you would with a password
'bnomei.kart.crypto.password' => fn() => env('CRYPTO_PASSWORD'),
'bnomei.kart.crypto.salt' => fn() => env('CRYPTO_SALT'), // -> signatures for order URLs
];
All Settings
bnomei.kart. | Default | Description |
---|---|---|
license | callback|string |
the Kart plugin license key |
captcha.enabled | false |
enable if you want to use it |
captcha.current | string |
|
captcha.get | string |
|
captcha.set | callback|string |
|
crypto.password | callback|null|false |
string with password for the encryption or disable |
crypto.salt | callback |
SIGNATURES, string with salt for the encryption with fallback to random in cache |
currency | 'EUR' |
uppercase 3-letter code |
customers.enabled | true |
automatically create users |
customers.roles | ['customer', 'member', 'admin'] |
possible roles with first one being default |
expire | 0|null |
create caches, expire in minutes or disable |
licenses.api | false |
CSRF protected API endpoints to manipulate licenses |
licenses.activate | callback |
customize the license endpoint |
licenses.deactivate | callback |
customize the license endpoint |
licenses.validate | callback |
customize the license endpoint |
locale | callback|string |
or current locale on multilanguage setups |
middleware.blacklist | array |
list of paths used by Kart that should be disabled |
middleware.csrf | 'token' |
null/false or name for form field |
middleware.enabled | array |
list of enabled middlewares, csrf and ratelimit by default |
middleware.ratelimit.enabled | true |
protects public facing endpoints |
middleware.ratelimit.limit | 60 |
max 60 requests per minute |
orders.enabled | true |
create orders page and enable order management |
orders.order.create-missing-zips | true |
if any product in order has downloads and the order has no zip then recreate it on next access |
orders.order.maxapo | 10 |
max amount product per order unless specified on product itself, keep this low to prevent stock hostages, set per product instead |
orders.order.maxlpo | 10 |
max different products per order aka lines in cart, check your providers API docs before increasing this |
orders.order.uuid | callback |
generator for order page Uuids (not invoice number) |
orders.page | 'orders' |
slug of the orders page |
products.enabled | true |
create the products page if missing and use within Kart |
products.page | 'products' |
slug of the products page |
products.product.uuid | callback |
generator for product page Uuids |
products.variants | array |
2-dimensional array to define sorting order of variants for $product->variantGroups() |
provider | 'kirby_cms'|string |
key of current provider, see ProviderEnum |
providers | array |
list of all providers with an array of config for each, see each Provider in the docs |
queues.locking | true |
use a locking queue for updating stock |
router.csrf | 'token' |
null/false or name of form field |
router.header.csrf | 'X-CSRF-TOKEN' |
accept this header as for csrf value, see headless setup |
router.header.htmx | 'HX-Request' |
if present then router will change mode to html, see HATEOAS setup |
router.mode | 'go' |
go/json/html, defines what Karts router returns |
router.salt | callback|false |
KEQ, string with salt for the encryption with fallback to random in cache or disable |
router.snippets | array |
array of snippet names or from->to mappings for headless and HATEOAS setups |
stocks.enabled | true |
create stocks page and enable stock management |
stocks.page | 'stocks' |
slug of the stocks page |
stocks.queue | true |
use a queue to prevent issues with concurrent requests |
stocks.stock.uuid | callback |
generator for stock page Uuids |
successPage | null |
id of the page to redirect to after checkout flow, defaults to page of order |
turnstile.secretkey | callback|string |
|
turnstile.sitekey | callback|string |
Make sure you website is secure.