Application Flow

Application Flow

In general, applications use Terms of Services as follows.

When an application, authenticated as a user, tries to access an item in Box that requires the user to have accepted the relevant Terms of Service it receives a TERMS_OF_SERVICE_REQUIRED error.

{
    "type": "error",
    "status": 400,
    "code": "terms_of_service_required",
    "context_info": {
        "tos_id": 261346614,
        "tos_user_status_id": 4562456
    },
    "help_url": "https://developer.box.com/guides/api-calls/permissions-and-errors/common-errors/",
    "message": "User must accept custom terms of service before action can be taken",
    "request_id": "ADF7722DD"
}

The application requests the Terms of Service's information by calling GET /terms_of_services/:id.

{
  "id": 261346614,
  "type": "terms_of_service",
  "status": "enabled",
  "enterprise": {
    "id": 11446498,
    "type": "enterprise",
    "name": "Acme Inc."
  },
  "tos_type": "managed",
  "text": "By using this service, you agree to ...",
  "created_at": "2012-12-12T10:53:43-08:00",
  "modified_at": "2012-12-12T10:53:43-08:00"
}

The application can then show the text from the Terms of Service to the user.

When the user accepts or rejects the terms, it makes a call to either PUT /terms_of_service_user_statuses/:id or POST /terms_of_service_user_statuses depending on if the initial error returned a tos_user_status_id in the response.