Global Data Bundle

A headless storefront needs a bundle of “global” data on every boot — the store’s currency and locale, logo and favicon, default SEO, tax rules, the category tree for navigation, and which payment methods are active. Global Data Bundle returns all of it in one store-scoped GraphQL call, with a version hash for caching — and it’s public-safe by design: a curated allow-list of non-secret values, so your API keys can never leak through it.

Where to find it

The snapshot/refresh screen is under AgenticEcom → Sync Data → Global Data Bundle in the admin sidebar. There’s no configuration section — the bundle is built from your existing store config.

Compatibility

Magento

Open Source 2.4.9 GA (and later 2.4.x).

PHP

Tested on 8.4 and 8.5.

Multi-store

Store-scoped — each store view gets its own bundle.

Safe

Allow-listed config only — no secrets, ever.

What’s in the bundle

{ globalDataBundle {
    store_config {
      store_code base_currency_code locale timezone weight_unit
      header_logo_src favicon copyright
      default_title default_description default_keywords
      tax_display_type catalog_prices_include_tax tax_rate_percent
      b2b_quote_enabled b2b_quote_show_pdp b2b_quote_allow_guest
      storefront_extensions
    }
    categories { /* the navigation tree */ }
    payment_methods { code title }
    version } }

Store config

Currency, locale, timezone, logo & favicon (resolved to absolute URLs), copyright, and the default SEO title/description/keywords — so your storefront chrome and <head> come from Magento, not hardcoded strings.

Tax, done right

tax_display_type, catalog_prices_include_tax and the real effective VAT rate for the store’s default tax address and product class — so the storefront honours Magento’s tax config and derives inc/ex prices with the true rate, not a hardcoded 20%.

Categories & payments

The category tree for navigation, and the active payment methods (code + title only — capability, not secrets; gateway keys are fetched live per-gateway and gated by this manifest).

No secrets — by allow-list, not by luck

The store config is built from an explicit allow-list of config paths (currency, locale, logo, SEO, tax, B2B flags). It is never a dump of all store config — so an API key, password or token stored elsewhere in Magento’s config can’t accidentally ride along into a public, anonymous-readable response.

Extensible

Any module can advertise itself to the storefront by registering a small provider — it adds one { id, enabled, config } entry to the bundle’s storefront_extensions map, so the Astro side learns the module is installed and how it’s configured, with no edit to this module. A misbehaving provider is skipped, never breaking the bundle.

FAQ

Why one bundle instead of many queries?

A headless storefront needs all of this to render its first page. One store-scoped call (with a version hash so it only re-fetches on change) is far faster than a query per concern, and gives the storefront a single consistent snapshot.

Could it leak my payment gateway keys?

No. Payment methods carry only their code and title — capability, not credentials. Publishable keys and SDK params are fetched live per-gateway, gated by this manifest, and secret keys never leave the server.

Does it respect my Magento tax settings?

Yes — it surfaces the display type, whether catalog prices include tax, and the real effective VAT rate, so the storefront shows inc/ex prices exactly as Magento is configured rather than guessing.

Is it secure?

The bundle is public by design (it’s the data a storefront needs to render) but exposes only an allow-list of non-secret values. The admin snapshot/refresh tools are behind the module’s ACL. Verified clean on PHP 8.4 and 8.5.