Drop live shipping
into your own checkout.
Lifted ShipKit is the open shipping toolkit. Import one drop-in widget — or the tiny SDK — and your app streams live rates across every carrier, buys the label in one call, and takes a card payment authenticated by 3-D Secure. Self-host it free, or create a free account and go live with a single <script>.
Import ShipKit into your own checkout
One mount point, one import. The widget renders address entry, live multi-carrier rates and the 3-D Secure card step right inside your app — framework-agnostic, dependency-free, themeable with CSS variables. Point it at your own backend, or at our managed rails. Copy, paste, ship.
Add a mount point
Any element — <div id="ship">. ShipKit owns its own subtree inside it and inherits your layout.
Import & init
Talk to your own backend with endpoint:'/api' + a publishable pk_live_… key, or hand it a managed key for our rails.
Listen for the label
Subscribe to onPurchase for the tracking code, label URL and QR. That is the whole integration.
/examples.
import ShipWidget from './ShipWidget'; // Drop the widget straight into your checkout route. export default function Checkout() { return ( <ShipWidget endpoint="/api" apiKey="pk_live_…" // publishable → ShipKit-Api-Key header theme="dark" onPurchase={(label) => router.push(label.trackingUrl)} onError={(err) => toast.error(err.message)} /> ); }
<script setup> import ShipWidget from './ShipWidget.vue'; </script> <template> <ShipWidget endpoint="/api" api-key="pk_live_…" theme="dark" @purchase="(label) => (window.location = label.labelUrl)" @error="(err) => notify(err.message)" /> </template>
<!-- One mount point --> <div id="ship"></div> <script src="/js/shipkit.js"></script> <script> ShipKit.init({ mount: '#ship', endpoint: '/api', apiKey: 'pk_live_…', // publishable widget key theme: 'dark', onPurchase: (label) => { window.location = label.labelUrl; }, onError: (err) => console.error(err.stage, err.message) }); </script>
Three ways to run ShipKit
Self-host it free, bring our 3-D Secure processing to your own stack, or create a free account and let us run the whole thing. Every tier is powered by Lifted Payments 3-D Secure — pick your level of control.
Self-host
Total freedom, heaviest lift. Clone the repo and plug in your own payments and your own EasyPost.
- Full Kotlin + Javalin source. Deploy anywhere.
- Bring your OWN payments + your OWN EasyPost.
- Your infrastructure, your data, your rate agreements.
- Full control — the most developer work.
Your 3-D Secure account
Our 3-D Secure processing, your choice of host. Bring your own EasyPost — you host or we host, both free.
- Your OWN 3-D Secure merchant account — forced 3DS, liability shift on every charge.
- Bring your own EasyPost account and rates.
- Self-host it OR let us host it — both free.
- Apply once — the account stays yours.
Fully managed
No application, no infra — sign up, drop in one script tag, done. Our 3-D Secure account and our EasyPost.
- Create a free account — get your JS snippet + managed key instantly.
- OUR 3-D Secure account + OUR EasyPost — nothing to wire.
- No application, no keys to manage, no PCI scope, free hosting.
- Best for "just make it work."
Custom integration & software development
Want ShipKit woven into your custom framework, or a bespoke build from the ground up? Our team does that — tell us what you need.
Frictionless checkout & saved cards — on our rails
3-D Secure is forced by default, and self-host stays that way — it is the fraud and chargeback protection that makes ShipKit safe to ship. Merchants on Lifted Payments (tier 2 or 3) or enterprise custom-dev can opt into a faster path: skip the challenge on low-risk orders and keep cards on file for one-tap repeat charges. It is an account-level, server-side capability — never a client toggle.
- Every charge authenticated — liability shifts to the issuer.
- No card-on-file. Maximum fraud & chargeback protection.
- Self-host cannot disable 3DS — by design.
-
3ds:falseon low-risk orders — fewer checkout drop-offs. - Saved cards on file (tokenized vault) → one-tap repeat charges.
- Server-side & account-gated — never exposed to the widget.
Need frictionless mode or a custom vault flow for your enterprise checkout? Our team wires it to your account.
Talk to us · support@liftedholdings.comAuthentication that pays for itself
3-D Secure asks the cardholder's bank to verify the buyer — biometric, one-time code, or a silent risk check — before the charge is authorized. Less fraud, fewer chargebacks, and the liability moves off your books.
Liability shift
On authenticated transactions, fraud-related chargeback liability shifts from you to the card issuer.
Fraud & chargeback reduction
The issuer verifies the real cardholder before authorization, cutting fraud and dispute volume.
SCA compliance
Meets strong-customer-authentication expectations under SCA / PSD2, with a frictionless flow for low-risk payments.
Higher approval rates
Issuers approve authenticated transactions at higher rates — more good orders make it through.
From zero to shipping in one script tag
Create a free account, then add the managed widget to any page. Subresource-integrity pinned, cross-origin locked. Your key routes rates, labels and 3-D Secure payments through Lifted — no backend required.
Create a free account
Sign up at liftedholdings.com/shipkit/start and get a publishable pk_live_… key — safe to embed in the browser. No application, no infra.
Drop in the script
Paste the tag where you want the widget. Set data-mount to any element selector.
Ship
The widget renders address entry, live rates, and the 3-D Secure card step. Listen for onPurchase.
data-managed-key for data-endpoint="/api" to point at your own backend.
<!-- Mount point for the widget --> <div id="ship"></div> <!-- ShipKit Managed · Secured by Lifted Payments 3-D Secure --> <!-- Zero-JS: data-mount auto-inits the widget on load --> <script src="https://cdn.liftedholdings.com/shipkit@1.0.0/shipkit.min.js" integrity="sha384-Kx7dZq9mB2sPfR0aVt3nJhY6uL8wE1cQpX4oN5rG7iD9kS2bH0mA3vC6yU8lT4z" crossorigin="anonymous" data-managed-key="pk_live_your_publishable_key" data-mount="#ship"></script>
// …or init by hand to hold the instance and subscribe to events: const kit = ShipKit.init({ mount: '#ship', managedKey: 'pk_live_…' }); kit.on('purchase', label => console.log('Tracking:', label.trackingCode)); kit.on('error', err => console.error(err.stage, err.message)); // later: kit.destroy();
Built to be integrated in an afternoon
A machine-readable OpenAPI spec, a rendered API reference, and a ready-to-run Postman collection — every endpoint authenticated with a single ShipKit-Api-Key header.
Open in Postman
Fork the collection into your own workspace — every endpoint pre-built with example bodies and {{baseUrl}} / {{apiKey}} variables. Send in seconds.
OpenAPI 3.1 spec
The full contract for every route — request/response schemas, error shapes, and the tier & surcharge fields. Import it into any codegen or client.
API reference
A self-contained, dependency-free reference page — browse every endpoint, parameter, and example without leaving your network.