Jsonapi basket add product

[bar_on]

I have a customized frontend built in Vue that connects the aimeos laravel package through jsonapi.
I am trying to add 2 different products to the basket (through calling apis 2 times), and the result shows a basket only with the latest added product.
I can see that the csrf token in meta changes everytime I call the api, but I'm not sure how to fix the issue.
I did store the jsonToken when I was fetching the product and pass it in the query parameter.

Code: Select all

const addToCart = async () => {
  try {
    const originalURL = product.value?.links['basket.product'].href
    const url = originalURL + '&_token=' + jsonToken.value

    const response = await axios.post(
      url,
      {
        data: [
          {
            attributes: {
              'product.id': pid.value.toString(),
              quantity: quantity.value.toString()
            }
          }
        ]
      },
      {
        headers: {
          Authorization: `Bearer ${authStore.getToken}`,
          'Content-Type': 'application/json'
        },
        withCredentials: true
      }
    )

    console.log(jsonToken.value)
  } catch (err) {
    console.log(err)
  }
}

Version:
"aimeos/aimeos-laravel": "~2023.10",
"php": "^8.1.0",

[aimeos]

Add the Laravel session to the request so the basket content isn't lost after each request

[bar_on]

I'm not using laravel frontend so I don't have the laravel session. I already included the csrf token in the parameter, and enabled withCredentials (true) for cookies but it's not working.

I also realized that in postman I don't have to pass _token as parameter but the function still works (basket is not lost for each request).

[aimeos]

The Aimeos JSON API stores the basket content in the session of the Laravel backend application, so make sure the Laravel session cookie is sent back to the server. The "_token" value is a CSRF token that is only checked if you do a DELETE, POST or PATCH request. GET and OPTIONS requests don't require the "_token" value.