200+
April 7, 2026
March 9, 2023
This free add-on for CoCart allows you to authenticate the Cart API via JSON Web Tokens as an authentication method.
★★★★★
An excellent plugin, which makes building a headless WooCommerce experience a breeze. Easy to use, nearly zero setup time. Harald Schneider
wp-config.php for secure token signing.HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.
For more information, read the core concept on what this plugin does and can do.
See documentation on how to get setup, filters and hooks with examples to help configure JWT Authentication to your needs.
Once ready to use, see the quick start guide. There is also an advanced configuration for using RSA Keys.
★★★★★
Amazing Plugin. I’m using it to create a react-native app with WooCommerce as back-end. This plugin is a life-saver! Daniel Loureiro
We also have other add-ons that extend CoCart to enhance your headless store development.
These add-ons of course come with support too.
We aim to provide regular support for the CoCart plugin via our Discord community server. Please understand that we do prioritize support for our paying customers.
On Discord, we have a community of developers, WordPress agencies, and shop owners building the fastest and best headless WooCommerce stores with CoCart.
Come and join our community
Bug reports for CoCart JWT Authentication are welcomed in the CoCart JWT Authentication repository on GitHub. Please note that GitHub is not a support forum, and that issues that aren’t properly qualified as bugs will be closed.
This plugin is developed and maintained by Sébastien Dumont.
Founder of CoCart Headless, LLC.
Automatic installation is the easiest option as WordPress handles the file transfers itself and you don’t need to leave your web browser. To do an automatic install of CoCart JWT Authentication, log in to your WordPress dashboard, navigate to the Plugins menu and click Add New.
In the search field type “CoCart JWT Authentication” and click Search Plugins. Once you’ve found the plugin you can view details about it such as the point release, rating and description. Most importantly of course, you can install it by simply clicking “Install Now”.
The manual installation method involves downloading the plugin and uploading it to your webserver via your favourite FTP application. The WordPress codex contains instructions on how to do this here.
It is recommended that anytime you want to update “CoCart JWT Authentication” that you get familiar with what’s changed in the release.
CoCart JWT Authentication uses Semver practices. The summary of Semver versioning is as follows:
You can read more about the details of Semver at semver.org
CoCart is developer-first REST API to decouple WooCommerce on the frontend and allow you to build modern storefronts with full control over auth, sessions, cart and product flows.
No! The WooCommerce REST API only use their own API key system to utilize it.
No! This JWT Authentication was specifically designed for the CoCart API ONLY.
It is possible due to a plugin conflict e.g. Login Limit and the token used failed many times and the IP address may have been blacklisted.
It supports HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512
CoCart JWT authentication is very secure when implemented correctly. Make sure to use a strong secret key and keep it confidential.
Rate Limiting is only available with CoCart Plus
📢 This update will invalidate previous tokens as they will no longer be valid.
With this update we have improved tracking of tokens to be dual-secured with a PAT (Personal Access Token) ID. This also makes sure users don’t get unnecessary new tokens when already authenticated for proper token life cycle management and prevent token proliferation when users are already authenticated.
destroy command to remove tokens for specific users with confirmation prompts.cocart_jwt_auth_max_user_tokens that sets the maximum number of tokens stored for a user.cocart_jwt_auth_authenticated that fires when a user is authenticated.| Version | Download | Type |
|---|---|---|
| 3.0.3 | Download | Stable |
| 3.0.2 | Download | Stable |
| 3.0.1 | Download | Stable |
| 3.0.0 | Download | Stable |
| 2.5.2 | Download | Stable |
| 2.5.1 | Download | Stable |
| 2.5.0 | Download | Stable |
| 2.4.0 | Download | Stable |
| 2.3.1 | Download | Stable |
| 2.3.0 | Download | Stable |
| 2.2.0 | Download | Stable |
| 2.1.0 | Download | Stable |
| 2.0.0 | Download | Stable |
| Development | Download | Trunk |