How to get existing cart token (for anonymous users)

If the API calls are performed from within the same domains, then cookies are passed alongsides requests.
Otherwise, in case it is running from a different domain, the JS application as explained in the API docs you've linked is responsible for creating the cart token and passing it as a header for each API request made.

Thanks for the quick reply @jsacksick!

Still the docs and your answer don't explain how to get the existing cartToken to pass, when adding another item to an existing ("regular") cart using commerce_api. Or if, in such a case, no cartToken should be passed at all?

(Hope it's fine to reopen for that reason)

What you're describing isn't possible.
Either you do Headless and you generate the cart token and pass it for all requests, or for a mixed scenario like the one you're describing, the regular HTTP headers should suffice... As the mechanism for getting a cart ID from the session should kick in, assuming the requests are performed.

In a scenario where the API request is performed from the same domain, the session cookie should be passed, and the cart ID should be fetched from the session itself.

In a scenario where the API request is performed from the same domain, the session cookie should be passed, and the cart ID should be fetched from the session itself.

Yeah that's what I was thinking and talking about. It's the same domain, as it's the same shop. We just should not generate the cartToken.

Thanks for the clarification that this is node intended to be mixed!

We'll add more details here, once we have a final implementation. I think it might help others.

Not setting a cartToken at all works for this case! @Grevil will provide details tomorrow.

Not really many details to share here! We simply removed the Token-Generation described in https://www.drupal.org/docs/8/modules/commerce-api/cart-and-checkout/car... → from our code, as our application resides in the same domain.

I just find the documentation a bit misleading:

Cart tokens are used to authorize cart and checkout requests for anonymous users. Without specifying a cart token, cart operations will fail and not act upon any existing carts in the system that the user may have created.

Nowhere it is stated, that this is only the case for headless applications. I'll adjust the documentation accordingly!.

Alright, ready for review: https://www.drupal.org/docs/8/modules/commerce-api/cart-and-checkout/car... →

Great, thank you all!

Automatically closed - issue fixed for 2 weeks with no activity.