The current browser security model does not allow for a script loaded from one domain to see or talk to javascript loaded from another domain. Make sure that you're referencing all scripts (MooTools, checkoutapi.js, etc.) using HTTPS URLS all from the same domain in your HTML file.
If you're going to create a custom checkout on your own web server then you need to follow of important steps.
- Make sure your web server has an SSL certificate. Asking customers to enter their credit card on a non-SSL site would dramatically lower conversion and pose a security risk.
- Download the mootools and checkout API javascript files to your server. https://secure.ultracart.com/checkoutapi/checkoutapi.js https://secure.ultracart.com/js/mootools-1.2-core-yc.js
- Download the PHP proxy script from the integration center and place it on your web server. The PHP script requires that your server have the Curl module with SSL enabled. This is a very common module to have available in most LAMP hosting environments. An ASP version of the relay script will be available in the future for Microsoft hosting environments. The direct download link for the PHP proxy script is: https://secure.ultracart.com/merchant/integrationcenter/proxy.php
- Call the initializeCheckoutAPI method with your merchant ID, your custom SSL host name if you have one or null for the second parameter, and then the HTTPS URL to the relay script that you have installed on your server.
Let's pretend that I have a site called avkits and the domain is www.avkits.com. I've already installed an SSL certificate with my hosting company so that I can access the site via https://www.avkits.com or http://www.avkits.com. I've also downloaded the three files mentioned below to the root directory of my hosting account. Below is an example of my initialization code for my HTML page:
<script type="text/javascript" src="/mootools-1.2-core-yc.js"></script>
<script type="text/javascript" src="/checkoutapi.js"></script><script type="text/javascript"> initializeCheckoutAPI('AVKIT', null, 'https://www.avkits.com/proxy.php');</script>
Notice that the URL to proxy script is the complete HTTPS url.