Open source · MIT · Secured by Lifted Payments 3-D Secure

Drop live shipping
into your own checkout.

Lifted ShipKit is the open shipping toolkit. Import one drop-in widget — or the tiny SDK — and your app streams live rates across every carrier, buys the label in one call, and takes a card payment authenticated by 3-D Secure. Self-host it free, or create a free account and go live with a single <script>.

Drop-in widget · React, Vue & plain-JS examples One <script> to go live No PCI scope on the managed tier
app.yourstore.com/checkout Lifted Payments
Live rate feed EasyPost · 4 carriers connected · 128 ms
1Address
2Rates
33-D Secure
4Label

Step 1 of 4: Address

Parcel
2.0 lb
Sample data — edit anything.
Washington, DC 20500-0003
2.0 lb
Streaming live rates from EasyPost…
USPS UPS FedEx DHL
Pay securely · $8.42
Card authenticated by 3-D Secure before authorization
VISA

Label purchased

Payment authenticated · liability shifted to issuer

CarrierUSPS Ground Advantage
Tracking9405 5118 9956 0000
Cost$8.42
Est. deliveryFri, Apr 5
Chargeback liability shifted to card issuer
4 carriers
Live-quoted per request via EasyPost
100+
Carriers reachable through one API
1.2 s
Median 3-D Secure authentication
1 tag
Managed widget — no backend to run
One API · every carrier
USPSUPSFedExDHL ExpressCanada Post+ 100 more via EasyPost
Drop-in for developers

Import ShipKit into your own checkout

One mount point, one import. The widget renders address entry, live multi-carrier rates and the 3-D Secure card step right inside your app — framework-agnostic, dependency-free, themeable with CSS variables. Point it at your own backend, or at our managed rails. Copy, paste, ship.

1

Add a mount point

Any element — <div id="ship">. ShipKit owns its own subtree inside it and inherits your layout.

2

Import & init

Talk to your own backend with endpoint:'/api' + a publishable pk_live_… key, or hand it a managed key for our rails.

3

Listen for the label

Subscribe to onPurchase for the tracking code, label URL and QR. That is the whole integration.

Same widget, three ways to mount — full React, Vue & plain-HTML examples ship in the repo under /examples.
Checkout.jsx
import ShipWidget from './ShipWidget';

// Drop the widget straight into your checkout route.
export default function Checkout() {
  return (
    <ShipWidget
      endpoint="/api"
      apiKey="pk_live_…"       // publishable → ShipKit-Api-Key header
      theme="dark"
      onPurchase={(label) => router.push(label.trackingUrl)}
      onError={(err) => toast.error(err.message)}
    />
  );
}
Adoption tiers

Three ways to run ShipKit

Self-host it free, bring our 3-D Secure processing to your own stack, or create a free account and let us run the whole thing. Every tier is powered by Lifted Payments 3-D Secure — pick your level of control.

Tier 1 Free · MIT

Self-host

Total freedom, heaviest lift. Clone the repo and plug in your own payments and your own EasyPost.

$0 forever · open source
You run the backend and own everything.
  • Full Kotlin + Javalin source. Deploy anywhere.
  • Bring your OWN payments + your OWN EasyPost.
  • Your infrastructure, your data, your rate agreements.
  • Full control — the most developer work.
Tier 2 Your account

Your 3-D Secure account

Our 3-D Secure processing, your choice of host. Bring your own EasyPost — you host or we host, both free.

3.75% + 15¢ / transaction
plus $25 / month — the merchant account only. Hosting is free either way.
Surcharge the 3.75% + 15¢ to the buyer with a built-in toggle — net-zero processing cost to you.
  • Your OWN 3-D Secure merchant account — forced 3DS, liability shift on every charge.
  • Bring your own EasyPost account and rates.
  • Self-host it OR let us host it — both free.
  • Apply once — the account stays yours.

Custom integration & software development

Want ShipKit woven into your custom framework, or a bespoke build from the ground up? Our team does that — tell us what you need.

support@liftedholdings.com
Checkout speed

Frictionless checkout & saved cards — on our rails

3-D Secure is forced by default, and self-host stays that way — it is the fraud and chargeback protection that makes ShipKit safe to ship. Merchants on Lifted Payments (tier 2 or 3) or enterprise custom-dev can opt into a faster path: skip the challenge on low-risk orders and keep cards on file for one-tap repeat charges. It is an account-level, server-side capability — never a client toggle.

Forced 3-D Secure Default · all tiers
The only mode for self-host & bring-your-own-payments.
  • Every charge authenticated — liability shifts to the issuer.
  • No card-on-file. Maximum fraud & chargeback protection.
  • Self-host cannot disable 3DS — by design.
Frictionless on our rails Tier 2 / 3 · enterprise
Opt-in, tied to your Lifted account & tier.
  • 3ds:false on low-risk orders — fewer checkout drop-offs.
  • Saved cards on file (tokenized vault) → one-tap repeat charges.
  • Server-side & account-gated — never exposed to the widget.

Need frictionless mode or a custom vault flow for your enterprise checkout? Our team wires it to your account.

Talk to us · support@liftedholdings.com
Why 3-D Secure

Authentication that pays for itself

3-D Secure asks the cardholder's bank to verify the buyer — biometric, one-time code, or a silent risk check — before the charge is authorized. Less fraud, fewer chargebacks, and the liability moves off your books.

Liability shift

On authenticated transactions, fraud-related chargeback liability shifts from you to the card issuer.

Fraud & chargeback reduction

The issuer verifies the real cardholder before authorization, cutting fraud and dispute volume.

SCA compliance

Meets strong-customer-authentication expectations under SCA / PSD2, with a frictionless flow for low-risk payments.

Higher approval rates

Issuers approve authenticated transactions at higher rates — more good orders make it through.

Managed quickstart

From zero to shipping in one script tag

Create a free account, then add the managed widget to any page. Subresource-integrity pinned, cross-origin locked. Your key routes rates, labels and 3-D Secure payments through Lifted — no backend required.

1

Create a free account

Sign up at liftedholdings.com/shipkit/start and get a publishable pk_live_… key — safe to embed in the browser. No application, no infra.

2

Drop in the script

Paste the tag where you want the widget. Set data-mount to any element selector.

3

Ship

The widget renders address entry, live rates, and the 3-D Secure card step. Listen for onPurchase.

Self-hosting instead? Swap data-managed-key for data-endpoint="/api" to point at your own backend.
index.html
<!-- Mount point for the widget -->
<div id="ship"></div>

<!-- ShipKit Managed · Secured by Lifted Payments 3-D Secure -->
<!-- Zero-JS: data-mount auto-inits the widget on load -->
<script
  src="https://cdn.liftedholdings.com/shipkit@1.0.0/shipkit.min.js"
  integrity="sha384-Kx7dZq9mB2sPfR0aVt3nJhY6uL8wE1cQpX4oN5rG7iD9kS2bH0mA3vC6yU8lT4z"
  crossorigin="anonymous"
  data-managed-key="pk_live_your_publishable_key"
  data-mount="#ship"></script>
// …or init by hand to hold the instance and subscribe to events:
const kit = ShipKit.init({ mount: '#ship', managedKey: 'pk_live_…' });
kit.on('purchase', label => console.log('Tracking:', label.trackingCode));
kit.on('error', err => console.error(err.stage, err.message));
// later: kit.destroy();
Developer resources

Built to be integrated in an afternoon

A machine-readable OpenAPI spec, a rendered API reference, and a ready-to-run Postman collection — every endpoint authenticated with a single ShipKit-Api-Key header.

Open in Postman

Fork the collection into your own workspace — every endpoint pre-built with example bodies and {{baseUrl}} / {{apiKey}} variables. Send in seconds.

shipkit.postman_collection.json

OpenAPI 3.1 spec

The full contract for every route — request/response schemas, error shapes, and the tier & surcharge fields. Import it into any codegen or client.

GET /openapi.yaml

API reference

A self-contained, dependency-free reference page — browse every endpoint, parameter, and example without leaving your network.

GET /docs
Copied