This is a community forum for discussion and knowledge sharing. For support requests, please visit


Cart Reference Question

February 11, 2020 at 2:06am

Cart Reference Question

February 11, 2020 at 2:06am
How long of a cart reference number should I be generating? 4 digits, which is what the examples use, seems really small. Maybe I'm not fully understanding but couldn't that lead to collisions and tampering. Couldn't someone iterate through all variations of 4 digits, calling delete cart on every one, effectively deleting everyone's cart?
Flip side is there a max length on cart reference numbers?

February 11, 2020 at 10:11am
Hey carts will be unique per store, so provided you take steps to ensure cart IDs are not reused, you should not experience any collisions.
Cart deletion requires only implicit access so any carts in your store can be accessed/deleted with a public client_id. This is a trade off that allows for a fully featured checkout process client side, without having to expose your client_secret
I would recommend you generate UUIDs for your cart IDs to mitigate this, and to guarantee uniqueness
  • reply
  • like