Guides
  1. embedded payments for platforms
  2. UX Components

shuttle.js

This section lists the available versions of shuttle.js and notable changes.

If you are not using the Authenticate / Credit Message modules, you can reference shuttle.js without your public key / instance key, in which case we recommend you reference a specific version and include an SRI integrity checksum.

If you are using these modules, you will need to include your public key / instance key in the URL and not use the integrity checksum.

1.4.X

02 Jun 2026: 1.4.7

shuttle-1.4.7.js (alias shuttle-1.4.X.js)

SRI: sha384-4M/kxbiSD8jmfTM8DWfYMqTBpp/0A4G9CpLPtYNSqfIDEVDJ6Uix/lgs2nnhwjjW

<script src="https://app.shuttleglobal.com/shuttle-1.4.7.js" integrity="sha384-4M/kxbiSD8jmfTM8DWfYMqTBpp/0A4G9CpLPtYNSqfIDEVDJ6Uix/lgs2nnhwjjW" crossorigin="anonymous"></script>

Bug Fixes

  • Fixed cancelling inline checkouts not cleaning up the checkout window

14 Apr 2026: 1.4.6

shuttle-1.4.6.js

SRI: sha384-2Hp+tsbQtUOCC9ksHfP3jAoYjKqJlufMiYG8f1qMGMaCBqzA+FbfLfD2peWoDH9R

<script src="https://app.shuttleglobal.com/shuttle-1.4.6.js" integrity="sha384-2Hp+tsbQtUOCC9ksHfP3jAoYjKqJlufMiYG8f1qMGMaCBqzA+FbfLfD2peWoDH9R" crossorigin="anonymous"></script>

Bug Fixes

  • Added support for Stripe Wallet Apple Pay payments

2 Oct 2025: 1.4.4

shuttle-1.4.4.js

SRI: sha384-i/xUsM9lYTA45zKVcp7VBKWiGj9H0i/DoZJP0EhVrfTAhRZnTxMTE701ueltm4JS

<script src="https://app.shuttleglobal.com/shuttle-1.4.4.js" integrity="sha384-i/xUsM9lYTA45zKVcp7VBKWiGj9H0i/DoZJP0EhVrfTAhRZnTxMTE701ueltm4JS" crossorigin="anonymous"></script>

Bug Fixes

  • Calling Shuttle.bind() while checkout was displaying also dismissed the overlay in addition to the checkout.

13 May 2025: 1.4.3

shuttle-1.4.3.js

SRI: sha384-1sQj8veCQ/ii3HrET278lGljNlzfSEucMTnxLlU/S2/0dL+V7wsO+VLN0dDGPu/f

<script src="https://app.shuttleglobal.com/shuttle-1.4.3.js" integrity="sha384-1sQj8veCQ/ii3HrET278lGljNlzfSEucMTnxLlU/S2/0dL+V7wsO+VLN0dDGPu/f" crossorigin="anonymous"></script>

Improvements

  • Deep links without an ID no longer inject a missing link
  • Cleaned up the render of multiple express checkout options
  • Cleaned up express checkout error handling

12 Dec 2024: 1.4.1

shuttle-1.4.1.js

SRI: sha384-FE/L3JelbhG/+PaUmylbo2D7p86vcnIXWx5mEOOSINInLpy79ZucODPmAySiQqsf

<script src="https://app.shuttleglobal.com/shuttle-1.4.1.js" integrity="sha384-FE/L3JelbhG/+PaUmylbo2D7p86vcnIXWx5mEOOSINInLpy79ZucODPmAySiQqsf" crossorigin="anonymous"></script>

Security Update

  • Added XSS protection around browser redirects

5 Nov 2024: 1.4.0

shuttle-1.4.0.js

SRI: sha384-1qGaKVAMjRQi7/fb6xuV4b0++Ifce1PAnlhQB0GpsDCH56CTmBBEFYPI0HOAnXya

<script src="https://app.shuttleglobal.com/shuttle-1.4.0.js" integrity="sha384-1qGaKVAMjRQi7/fb6xuV4b0++Ifce1PAnlhQB0GpsDCH56CTmBBEFYPI0HOAnXya" crossorigin="anonymous"></script>

Improvements

  • Added support for large baskets. Previously basket size was limited by URL length, which for some users was around 2 kb.

1.3.X

📘

1.3.X has been superseded by 1.4.X

It will receive minor patches until 30 June 2025, and security patches until 30 November 2026. Please upgrade before this date.

13 May 2025: 1.3.17

shuttle-1.3.17.js (alias shuttle-1.3.X.js)

SRI: sha384-+Sh/mBBu6OfWF4j+e77c1zGwyXXgkkTz21DIf6vsLi9r13HH6RajphdInLDB3dE5

<script src="https://app.shuttleglobal.com/shuttle-1.3.17.js" integrity="sha384-+Sh/mBBu6OfWF4j+e77c1zGwyXXgkkTz21DIf6vsLi9r13HH6RajphdInLDB3dE5" crossorigin="anonymous"></script>

Improvements

  • Deep links without an ID no longer inject a missing link
  • Cleaned up the render of multiple express checkout options
  • Cleaned up express checkout error handling

09 Sep 2024: 1.3.15

shuttle-1.3.15.js

SRI: sha384-PHNi7doFSWSN8LkLGhRWURH7dt87RRpwT1lNyYj8jbFrcpTRd1AXIyW/2GNDrA3L

<script src="https://app.shuttleglobal.com/shuttle-1.3.15.js" integrity="sha384-PHNi7doFSWSN8LkLGhRWURH7dt87RRpwT1lNyYj8jbFrcpTRd1AXIyW/2GNDrA3L" crossorigin="anonymous"></script>

New Features

  • Added support for accessing beta builds (if requested by support)

Improvements

  • Improved websocket handling when websockets are blocked

Bug Fixes

  • Fixed an issue with PAYMENT_CLOSE sometimes returning cancel: true, even on a successful payment
  • Removed the reference to the socket.io map, which displayed a 404 not found when debugging
  • Fixed an issue with a display resize event arriving after the checkout iframe was removed from the page

09 Aug 2023: 1.3.11

shuttle-1.3.11.js (alias shuttle-1.3.X.js)

New Features

  • Support for option height: fixed to disable Shuttle auto-resizing the iframe
  • Express Checkout (Authenticate) now returns is_available if some options were rendered, so you can alter your UX flow depending on whether express checkout is available
  • Added Shuttle.cancel(guid) (defaults to all) to cancel a checkout

Improvements

  • Better support for multiple / changing checkouts on a page
  • Updated inline style checkout to start with 0 height and then grow during rendering, rather than a random initial height
  • Removed external dependency on socket.io
  • Removed deprecated allowpaymentrequest iframe attribute

20 Apr 2023: 1.3.7

shuttle-1.3.7.js

New Features

  • Credit message component now supports multiple credit providers

10 Feb 2023: 1.3.6

shuttle-1.3.6.js

Bug Fixes and Improvements

  • Removed console logging
  • Fixed an issue displaying Google Pay

13 Sep 2022: 1.3.4

shuttle-1.3.4.js

New Features

  • Instant render marketing messages (buy now pay later messaging)
  • Checkout monitor — real-time updates for what's happening at checkout

Bug Fixes and Improvements

  • Streamlined the render process to reduce element movement on the page
  • Fixed an issue with an iframe loading more often than it should

27 Apr 2022: 1.3.0

shuttle-1.3.0.js

New Features

  • Instant render express checkout (authenticate)
🚧

Upgrading note

The URL structure has changed to include shared_key and instance_key in the URL:

<script src="https://app.shuttleglobal.com/${shared_key}/${instance_key}/shuttle-1.3.X.js" type="text/javascript"></script>

1.2.X and earlier

❗️

Deprecated

1.2.X and earlier are now deprecated and no longer receiving maintenance or security patches.

Prior to 1.3.0, shuttle.js used the following URL structure:

https://app.shuttleglobal.com/${version}

e.g. https://app.shuttleglobal.com/shuttle-1.2.x.js

6 Dec 2021: 1.2.7

shuttle-1.2.7.js (alias shuttle-1.2.X.js)

New Features

  • Express checkout flow (authenticate)
  • Merchant view auto height resizing
  • Private beta for INLINE checkout rendering
  • Private beta for Apple Pay

3 Mar 2021: 1.2.0

shuttle-1.2.0.js

New Features

  • Simplified URL structure and naming of shuttle.js (previously payments.js)
  • Support for the new onboarding flow
  • Embed the content of deep links in a <div> by including the data-shuttle-embed attribute

Deprecations

The following methods have been deprecated. They will continue to be supported in 1.2 but will be removed in version 1.3, so we recommend moving away from them.

  • Shuttle.doSetup: This UX blends the concepts of account creation / management and gateway configuration, which while faster for a platform to build around doesn't deliver a premium merchant experience. At the expense of an extra API call, the new onboarding flow provides a far more streamlined experience. As this split in functionality is not backward compatible, we decided to deprecate doSetup.
  • Shuttle.bindButtons(): This has been replaced by Shuttle.bind(), as it also supports inline embeds.

8 Jan 2021: 1.1.4

payments-1.1.4.min.js (alias payments-1.1.X.min.js, payments-1.X.min.js)

Bug Fixes

  • When a payment was launched in a popup window, the "Show me" button to focus the popup was also redirecting the child window to #, which broke some sites

23 Oct 2020: 1.1.3

payments-1.1.3.min.js

Bug Fixes

  • When passing disable_new_window, in some scenarios the overlay text for a new window was still displaying over the payment dialogue

17 Sept 2020: 1.1.2

payments-1.1.2.min.js

Bug Fixes

  • Some browsers reported an "encoding issue" when loading the payments-{version}.js file

13 May 2020: 1.1.1

payments-1.1.1.min.js

Bug Fixes

  • doSetup was manipulating the options object passed into it, causing issues for repeated opening using the same JavaScript variable

27 Mar 2020: 1.1.0

payments-1.1.0.min.js

New Features

  • Introduced selectToken, the ability to capture card details without a transaction, or to update a payment method on an existing contract
  • Added disable_new_window to prevent the dialog launching as a separate browser window when inside an iframe
  • Added force_new_window to force the dialog to launch as a separate browser window

Improvements / Updates

  • Updated JavaScript namespace to Shuttle
  • Updated HTML tags to data-shuttle-*
  • Renamed skip_receipt to disable_receipt, and no_redirect to disable_redirect
  • Improved JavaScript messaging — please review all window messages

4 Feb 2020: 1.0.11

payments-1.0.11.min.js (alias payments-1.0.X.min.js)

New Features

  • Added MOTO support for doPayment

Updated about 2 hours ago