Loading...
Get in Touch
May 26, 2026

B2C Commerce Cart and Checkout: The Lines You Don't Customize

Cart and checkout are the highest-revenue surfaces on a B2C Commerce site and the riskiest to customize. The platform's base flows handle edge cases that custom code reliably gets wrong. Five rules for where to stop customizing.

B2C Commerce Cart and Checkout: The Lines You Don't Customize

Key takeaways

  • Cart and checkout are the highest-revenue surfaces and the riskiest to customise. The base flow handles edge cases custom code reliably gets wrong: race conditions on inventory, tax calculation timing, payment authorization retries, address validation across locales. Customizations that survive add to the base flow rather than replacing it.
  • Payment integration belongs in payment-plugin cartridges, not in custom checkout code. Salesforce-certified payment plugins (Adyen, Stripe, Cybersource) handle PCI scope, retry logic, and 3DS authentication. Custom checkout that bypasses the plugin pattern usually reintroduces compliance risk.
  • Address validation should fail soft, not hard. A checkout that blocks the customer at a validation error stops conversion; one that accepts the submitted address and flags it for OMS review converts and still surfaces invalid addresses. The tradeoff matters for international ship-to addresses where validation services have spotty coverage.
  • Inventory check timing is one of the most subtle bugs. Stock check at add-to-cart guards against the obvious case; check at checkout guards against the race condition between add and submit. Production checkouts check at both points, with the final check at order-place driving the customer-visible error rather than the line item silently disappearing.

Cart and checkout are the highest-revenue surfaces on a B2C Commerce site. They are also the riskiest to customize. The platform's base flows handle edge cases that custom code reliably gets wrong: race conditions on inventory, tax calculation timing, payment authorization retries, address validation across locales. Each year, teams override base flows to add a custom touch and discover 6 months later that they reintroduced a bug Salesforce fixed in 2017.

Sapota's Salesforce team has triaged checkout incidents on production sites. The pattern is consistent: customizations that survive are the ones built as additions to base flows, not replacements of them.

The base flow Salesforce ships

SFRA's reference checkout flow handles:

  • Cart with line-level inventory checks.
  • Shipping address entry with locale-aware validation.
  • Shipping method selection with cost calculation.
  • Billing address entry, often defaulting to shipping address.
  • Payment method selection.
  • Order review with final calculation.
  • Payment authorization (with the configured payment service).
  • Order placement with inventory commit.
  • Confirmation page with order details.

Each step is a controller route. The controllers compose via the SFRA append/prepend pattern. The flow is opinionated but proven.

What to customize and what not to

Three principles separate safe customizations from risky ones.

1. Customize the UI freely. Templates, styling, layout, copy. These changes do not touch the underlying order or payment logic. Risk is low.

2. Add fields to the data flow but do not replace the calculation logic. A custom "delivery preference" field on Order is fine. A custom override of the order total calculation is not. The base calculation handles edge cases (split shipments, mixed currencies, tax-included pricing) that custom code rarely covers fully.

3. Append to controllers; do not replace them. SFRA's controllers expose extension points via server.append and server.prepend. Use these. A server.replace on CheckoutServices-PlaceOrder is a code review red flag requiring explicit justification.

The general rule: customize the surfaces (UI, custom fields, custom validations) but leave the engine (calculation, payment, inventory commit) to base.

Cart customizations that recur

Common custom additions to cart:

Estimated delivery date per line. Compute and display via a hook on cart calculation. Read shipping zone, lead time, fulfillment cutoff. Display on each line.

Cart-level promotions display. Show qualifying promotions for the current cart, even if not yet applied. Built as a model decorator that reads the active campaigns and matches against cart contents.

Save for later. Move items between cart and a saved-for-later list (often stored as a custom object on the customer). Add buttons to the cart template; add controllers for the move action.

Bundle awareness. When a bundle parent is in the cart, show child items as related. Use the product model's relationship data, not a separate query.

What to avoid in cart:

  • Custom price calculation. The platform's pricing engine is more correct than handwritten alternatives. Trust it.
  • Custom inventory math. Use ProductMgr.getProduct().availabilityModel for the source of truth.
  • Custom promotion application. Use the promotion engine.

Checkout customizations that recur

Common custom additions to checkout:

Address autocomplete. Integration with Google Places or similar. Build as a client-side component plus a server-side service. The service validates the autocomplete result against the platform's address model.

Per-shipment shipping methods. A cart with multiple shipments where each can have a different shipping method. The platform supports this via shipment-level configuration. Custom UI exposes the choice to the customer.

Gift options. Gift wrap, gift message, gift receipt. Stored as custom attributes on Order or as line-item custom attributes. Charges added via a custom promotion or shipping cost.

Express checkout (Apple Pay, Google Pay). Use Salesforce LINK cartridges (plugin_apple_pay, plugin_google_pay) rather than custom integration. The plugins handle the platform interactions correctly.

What to avoid in checkout:

  • Custom payment authorization logic. Use the platform's payment service framework with PSP integrations.
  • Custom tax calculation. Integrate with Avalara, Vertex, or similar via the services framework.
  • Custom inventory commit. The platform handles inventory commit on order placement with race condition protection. Custom code competing for the same inventory will lose.

Payment integration patterns

Payment is the highest-risk part of checkout. The pattern that works:

1. Use the platform's payment service framework. PSPs (Stripe, Adyen, Cybersource, PayPal) ship LINK cartridges that integrate via the framework. The cartridge handles authorization, capture, refund.

2. 3-step payment flow. Auth in checkout (immediate); capture at fulfillment (later); refund as needed (separately). Do not bundle them. Capture should trigger from OMS, not from the placeOrder controller, so partial fulfillment works.

3. PCI scope minimization. Card numbers never touch the SFCC servers. Use the PSP's hosted fields or tokenization SDK. The customer's card data goes directly to the PSP; SFCC stores only the token.

4. Idempotency on payment calls. Customer hits "Place Order" twice quickly; the platform should not authorize twice. Use the PSP's idempotency key, scoped to the order or attempt.

5. Refund flow tested. Most teams test the authorization path during implementation. Few test refunds until a real refund is needed. Test refund explicitly with a sandbox transaction.

Common cart/checkout mistakes

Five patterns Sapota has seen on engagements:

1. Replaced controller losing base improvements. A team replaced CheckoutServices-PlaceOrder to add custom analytics. 6 months later, Salesforce shipped a base improvement to handle a specific payment edge case. The replaced controller missed the improvement and produced a production incident. Use append.

2. Custom calculation drift. A team built custom order total calculation in Apex-like script in the cart controller. 2 years in, the total disagrees with the line-item sum by pennies on certain orders. Customer complaints. Revert to platform calculation.

3. Inventory race condition. A team built a custom "reserve inventory" call that fires when the customer reaches checkout. The reservation locks inventory. If the customer abandons, the lock leaks. Inventory shows as available in BM but is actually held. Use the platform's commit-at-place flow.

4. Tax calculation skipped on checkout. A team disables tax calculation on the basket recalculation to "speed up the cart." Final tax calculated only at place order. The customer sees one total in cart and a different total at place order. Complaint volume rises. Run tax calculation at every relevant cart step.

5. Express checkout misconfigured. Apple Pay button shows for guest customers but the integration assumes registered customers. Click produces an error. Configure the plugin correctly for guest checkout.

What good cart/checkout looks like

A B2C Commerce site with healthy cart and checkout:

  • UI customizations layered on base templates.
  • Custom fields added without replacing calculation logic.
  • Payment integration via LINK cartridges through the services framework.
  • Express checkout (Apple Pay, Google Pay) where supported.
  • 3-step payment flow with capture from OMS.
  • Refund flow tested end to end.
  • Performance dashboard for checkout latency.

The temptation to customize cart and checkout is constant; the discipline is to limit the customization to surfaces that actually need it. Sapota's Salesforce team holds the line during code review on every B2C Commerce engagement, because cart and checkout customizations are where production incidents most often originate.

Building or refactoring cart and checkout on a B2C Commerce site? Sapota's Salesforce team, certified on B2C Commerce Developer (Comm-Dev-101), handles checkout architecture, payment integration, and post-launch optimization on production engagements. Get in touch ->

See our full platform services for the stack we cover.

Salesforce Team

Recent posts

Apex Test Data Factories: Patterns That Prevent Flaky TestsMay 29, 2026

Apex Test Data Factories: Patterns That Prevent Flaky Tests

ISML Templates in B2C Commerce: Production Patterns Beyond DocsMay 29, 2026

ISML Templates in B2C Commerce: Production Patterns Beyond Docs

Person Account vs Account in FSC: the decision frameworkMay 29, 2026

Person Account vs Account in FSC: the decision framework

MCP Web vs Server-Side Campaigns: Choosing the ArchitectureMay 28, 2026

MCP Web vs Server-Side Campaigns: Choosing the Architecture

Continue reading

Other posts in the same topical cluster. The pattern in the post above usually shows up alongside the patterns below, either because they live on the same surface of the platform or because the same engagement type runs into both. Pick the one closest to the problem in front of you and start there.

SFRA vs SiteGenesis: When Migration Is Worth the CostB2C Commerce

May 23, 2026

SFRA vs SiteGenesis: When Migration Is Worth the Cost

A B2C Commerce org running on SiteGenesis works fine. Salesforce stopped active SG development in 2017. SFRA is the modern reference architecture. The migration cost is real and the timing decision is more nuanced than the marketing material suggests.

Read More
OCAPI vs SCAPI: Choosing the Right B2C Commerce APIB2C Commerce

May 20, 2026

OCAPI vs SCAPI: Choosing the Right B2C Commerce API

B2C Commerce ships with two API surfaces. OCAPI is the older REST API, mature and widely integrated. SCAPI is the newer Commerce API, the Salesforce-recommended path. They overlap; they are not interchangeable; the choice affects 2-year integration plans.

Read More
Browse all posts

About the B2C Commerce category

Salesforce B2C Commerce Cloud (formerly Demandware) implementation patterns. The category covers SFRA, SiteGenesis to SFRA migration, Hooks, the Services Framework, the Jobs Framework, search refinements, promotions, content slots, content assets, OCAPI versus SCAPI, and the architectural lines you do not customize. Production guidance from real merchant launches and operational scale work, not the demo flow.

The posts focus on the decisions that determine whether the build comes in on time and the merchant team can operate the store afterward. Cartridge path composition: how the layering order makes or breaks a SiteGenesis upgrade. Multi-site architecture: catalog and inventory sharing patterns across brands and regions. Custom attributes versus custom objects: schema decisions that get harder to reverse the longer they sit. Models, ViewData, and the data flow that keeps controllers thin. ISML templates and the production patterns that prevent runtime surprises. Forms with validation, persistence, and CSRF in SFRA. The OCAPI versus SCAPI choice for headless and API integrations now that Salesforce is pushing SCAPI as the path forward.

The audience is the B2C Commerce developer, the architect scoping a replatform, or the lead engineer at a merchant evaluating SFCC against Shopify Plus or commercetools. Sapota engineers ship on both stacks and the posts reflect the engineering trade-offs without picking a vendor side.

Browse the full B2C Commerce category
Contact Us Now

Share Your Story

We build trust by delivering what we promise – the first time and every time!

We'd love to hear your vision. Our IT experts will reach out to you during business hours to discuss making it happen.

Contact Us

(+84) 38 339 6560

Email

michael@sapotacorp.vn

WhatsApp

Office

S-Building, 101 Huỳnh Tấn Phát, Hải Châu, Đà Nẵng

WHY CHOOSE US

"Collaborate, Elevate, Celebrate where Associates - Create Project Excellence"

SapotaCorp beyond the IT industry standard, we are

  • Certificated
  • Assured quality
  • Extra maintenance

Tell us about your project

contacts

S-Building, 101 Huỳnh Tấn Phát, Đà Nẵng (+84) 38 339 6560
Get in Touch
Contacts(+84) 38 339 6560michael@sapotacorp.vn
Follow us:Get in Touch