Versions Compared

Old Version 1

changes.mady.by.user Jonathan Tew

Saved on

compared with

New Version Current

changes.mady.by.user Perry Tew

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

The current browser security model does not allow for a script loaded from one domain to see or talk to javascript loaded from another domain. Make sure that you're referencing all scripts (MooTools, checkoutapi.js, etc.) using HTTPS URLS all from the same domain in your HTML file.
If you're going to create a custom checkout on your own web server then you need to follow of important steps.

  1. Make sure your web server has an SSL certificate. Asking customers to enter their credit card on a non-SSL site would dramatically lower conversion and pose a security risk.
  2. Download the mootools and checkout API javascript files to your server. https://secure.ultracart.com/checkoutapi/checkoutapi.js https://secure.ultracart.com/js/mootools-1.2-core-yc.js
  3. Download the PHP proxy script from the integration center and place it on your web server. The PHP script requires that your server have the Curl module with SSL enabled. This is a very common module to have available in most LAMP hosting environments. An ASP version of the relay script will be available in the future for Microsoft hosting environments. The direct download link for the PHP proxy script is: https://secure.ultracart.com/merchant/integrationcenter/proxy.php
  4. Call the initializeCheckoutAPI method with your merchant ID, your custom SSL host name if you have one or null for the second parameter, and then the HTTPS URL to the relay script that you have installed on your server.

...

Cross Domain Restrictions

Cross Domain javascript requests aren't allowed. Because of hackers, I cannot make an ajax call from www.mystore.com to api.ultracart.com and use the result to modify my web page in any way. Yes, there are hacks and creative solutions to work around this, but they are numerous limitations to them and we highly doubt you wish to build your ecommerce solution on such unreliable means of remote communication.

The solution is to place a script on your site that talks server-to-server to the ultracart server. By doing this, and directing all remote calls to your relay script, there are no security restrictions. This solution works very well.

Include Page
Setting up the API on your page
Setting up the API on your page