Set Up Guest Checkout for Headless Commerce Stores

Setting up guest checkout for headless implementations requires enabling guest store access and, to track guest carts, modifications to checkout processing. Both server- and client-side payment processing support guest checkout for headless Commerce stores.

From the Commerce app, declaratively perform tasks to let unauthenticated customers browse your store, discover products, and make purchases. Required for D2C stores, guest access is optional for B2B stores.

Using your store’s Commerce app, you:

  • Grant guest access to the store site and to its media, content, and related objects including public APIs.
  • Create a guest buyer profile and turn on cart and checkout access for the profile.
  • Configure carts to preserve items added by a guest when the guest then logs in as an authenticated user.
  • Configure sharing and security fields for product-related fields to let guests search your catalogs.
  • Rebuild the search engine to include products that guest customers are entitled to discover. To set up guest access to your store, see Enable Guest Access to a Store.

Establish guest authorization by setting and passing cookies. Enable guest carts by appending a runtime URL to cart and checkout API requests. Use a Postman Collection to set up and test both. Store access for registered buyers uses authorization headers. By contrast, authorizing store access for guest shoppers requires sending the following cookies with cart-related requests:

  • guest_uuid_essential_{siteId} - generated by the client as a unique guest cart identifier where siteId is the 15-digit ID for the site associated with the webstore. When creating a guest cart, the client sets the cookie value to a Version 4 UUID that is adequately randomized for each guest shopper. This same cookie is set on every subsequent call associated with that guest cart. Here’s a sample cookie value:

  • GuestCartSessionId_{sessionId} - generated by the server where sessionId is a unique cookie value. When a cart is created, the server returns GuestCartSessionId_{sessionId} through the set-cookie response header. The create cart call captures this cookie, which is then set every time a call is made involving that guest shopper’s cart right through checkout. For example, if the response header in the create cart API call is:
    then for each request this cookie is set on all subsequent calls. For example:

When using these cookies to authorize guest shoppers, a different (web runtime) API URL is required for cart and checkout API calls. Appending the web runtime URL allows access to the protected endpoints needed for headless checkout (create cart, add item to cart, create checkout). On such API calls, you append the web runtime/API to the store URL. For example:

Salesforce Commerce supports multiple international countries, designated as Markets, to target customers. Markets encompass the locales where shoppers access the storefront. For unregistered customers, Salesforce Commerce determines the locale by the guest shopper’s location and the Experience User context. With headless APIs, you can also target customers by passing additional parameters to the corresponding Connect APIs using the language=<locale> key value pair.

To set up guest authorization and track guest carts using a Postman Collection, see Salesforce Commerce on Core Postman Collection.