Skip to main content
This guide walks through the core storefront flow. All endpoints live under /api/v1 and use the publishable key (or the store domain).

2. Cart

The cart works for guests (with a session id/token) and for logged-in customers.
Cross-origin / headless cart. The guest cart is keyed by a session token, returned in the response’s session_token field. If your storefront runs on a different origin than the API (e.g. xxxx.comapi.vellaro.io), the cx_cart cookie (SameSite=Lax) is not sent cross-site: store session_token client-side (e.g. localStorage) and send it back on every cart call and at checkout as the X-Cart-Token header. The cart then persists anywhere and is restored on the shopper’s return (7-day TTL). Same-origin? The cookie is enough and the header is optional.

3. Checkout & payment

The checkout response indicates the payment flow (Stripe, PayPal, PokPay, Paysera, cash on delivery, bank transfer): some return a client_secret/redirect to complete client-side, others confirm immediately. See the API Reference for the exact schema of POST /checkout.

4. Orders & tracking

Quick tip: the full list of parameters, request bodies, and responses is in the API Reference, generated from the live OpenAPI schema — so it’s always aligned with production.

Appearance & configuration

  • GET /settings/store-info — name, contacts, social, appearance (logo, colors) to brand your frontend like the store.
  • GET /banners, GET /information/<slug> — CMS content and hero.
  • GET /languages, GET /currencies — for language/currency selectors.