# Configuration Source: https://kart.bnomei.com/docs/setup/configuration Updated: 2025-12-04T19:23:02+00:00 Summary: Configure Bnomei Kart plugin for Kirby CMS: license, crypto, captcha, currency, customers, orders, products, middleware, router, stock & provider settings. ## Required Settings Path: config/config.php Code (php): ``` fn() => env('KART_LICENSE_KEY'), // recommended, set a random 64 char long string to these // and keep the values save like you would with a password 'bnomei.kart.crypto.password' => fn() => env('CRYPTO_PASSWORD'), 'bnomei.kart.crypto.salt' => fn() => env('CRYPTO_SALT'), // -> signatures for order URLs ]; ``` ## All Settings
bnomei.kart.DefaultDescription
license`callback|string`the Kart plugin license key
captcha.enabled`false`enable if you want to use it
captcha.current`string`
captcha.get`string`
captcha.set`callback|string`
checkoutFormData`callback`callback to validate/modify the data of the checkout form, can yield a 302 HTTP status code
completed`callback`callback to modify the data for the order creation
crypto.password`callback|null|false`string with password for the encryption or disable
crypto.salt`callback`string with salt for the encryption with fallback to random in cache
crypto.signature`true`append and check signature on critical Urls like MagicLinks and Order pages
currency`'EUR'`uppercase 3-letter code
customers.enabled`true`automatically create users
customers.roles`['customer', 'member', 'admin']`possible roles with first one being default
dateformat`Y-m-d H:i`used within the blueprints for the panel, adjust this when using the IntlDateHandler
expire`0|null`create caches, expire in minutes or disable
licenses.api`false`CSRF protected API endpoints to manipulate licenses
licenses.activate`callback`customize the license endpoint
licenses.deactivate`callback`customize the license endpoint
licenses.validate`callback`customize the license endpoint
locale`callback|string`or current locale on multilanguage setups
middleware.blacklist`array`list of paths used by Kart that should be disabled
middleware.csrf`'token'`null/false or name for form field
middleware.enabled`array`list of enabled middlewares, csrf and ratelimit by default
middleware.ratelimit.enabled`true`protects public facing endpoints
middleware.ratelimit.limit`60`max 60 requests per minute
orders.enabled`true`create orders page and enable order management
orders.order.create-missing-zips`true`if any product in order has downloads and the order has no zip then recreate it on next access
orders.order.maxapo`10`max amount product per order unless specified on product itself, keep this low to prevent stock hostages, set per product instead
orders.order.maxlpo`10`max different products per order aka lines in cart, check your providers API docs before increasing this
orders.order.uuid`callback`generator for order page Uuids (not invoice number)
orders.order.zip`callback`callback to add/remove files to the directory used to create the ZIP file for an order
orders.page`'orders'`slug of the orders page
products.enabled`true`create the products page if missing and use within Kart
products.page`'products'`slug of the products page
products.product.uuid`callback`generator for product page Uuids
products.variants`array`2-dimensional array to define sorting order of variants for $product->variantGroups()
provider`'kirby_cms'|string`key of current provider, see ProviderEnum
providers`array`list of all providers with an array of config for each, see each Provider in the docs
queues.locking`true`use a locking queue for updating stock
router.csrf`'token'`null/false or name of form field
router.header.csrf`'X-CSRF-TOKEN'`accept this header as for csrf value, see headless setup
router.header.htmx`'HX-Request'`if present then router will change mode to html, see HATEOAS setup
router.mode`'go'`go/json/html, defines what Karts router returns
router.salt`callback|false`KEQ, string with salt for the encryption with fallback to random in cache or disable
router.snippets`array`array of snippet names or from->to mappings for headless and HATEOAS setups
stocks.enabled`true`create stocks page and enable stock management
stocks.page`'stocks'`slug of the stocks page
stocks.queue`true`use a queue to prevent issues with concurrent requests
stocks.stock.uuid`callback`generator for stock page Uuids
successPage`null`id of the page to redirect to after checkout flow, defaults to page of order
turnstile.secretkey`callback|string`
turnstile.sitekey`callback|string`
Make sure you website is [secure](https://kart.bnomei.com/docs/data/security).