Application Flow

Application Flow

In general, applications use Terms of Services as follows.

When an application, authenticated as a user, tries to access an item in Box that requires the user to have accepted the relevant Terms of Service it receives a TERMS_OF_SERVICE_REQUIRED error.

  "type": "error",
  "status": 400,
  "code": "terms_of_service_required",
  "context_info": {
    "tos_id": 261346614,
    "tos_user_status_id": 4562456
  "help_url": "",
  "message": "User must accept custom terms of service before action can be taken",
  "request_id": "ADF7722DD"

The application requests the Terms of Service's information by calling GET /terms_of_services/:id.

  "id": 261346614,
  "type": "terms_of_service",
  "status": "enabled",
  "enterprise": {
    "id": 11446498,
    "type": "enterprise",
    "name": "Acme Inc."
  "tos_type": "managed",
  "text": "By using this service, you agree to ...",
  "created_at": "2012-12-12T10:53:43-08:00",
  "modified_at": "2012-12-12T10:53:43-08:00"

The application can then show the text from the Terms of Service to the user.

When the user accepts or rejects the terms, it makes a call to either PUT /terms_of_service_user_statuses/:id or POST /terms_of_service_user_statuses depending on if the initial error returned a tos_user_status_id in the response.