Utilities

GET /terms

This endpoint serves two purposes:

  • Retrieve the terms for SPiD or the client
  • Check whether a user has accepted the SPiD or client terms

To check whether a user has accepted the terms, provide an oauth token. If the user has accepted all the terms, the returned text will be empty, but accepted will be true.

Accepting terms

When the user is signed up through the API, terms are automatically accepted, and the client must make sure to ask the user if they accept the terms prior to calling this endpoint.

When users sign up through SPiD's own UI, they will be prompted to read and accept the terms.

See also

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave us a comment.

Request

GET /api/2/terms

client_id

optional

Retrieve the terms for this client. If not provided, the SPiD terms are returned.

oauth_token

optional

OAuth token for a user whose accepted flag should be changed

not_accepted

optional

Control which terms are controlled on behalf of the user. When 1, check if the user has accepted the SPiD terms. When 0, check that the user has accepted the client terms.

Example request

cURL
Minimal example
curl https://login.schibsted.com/api/2/terms -G
With all parameters
curl https://login.schibsted.com/api/2/terms -G \
   -d "client_id=4321abc00000000000000000" \
   -d "oauth_token=0123456789abcdef0123456789abcdef01234567" \
   -d "not_accepted=1"
Java
Minimal example
SpidOAuthToken token = spidClient.getServerToken();
String responseJSON = spidClient.
    GET(token, "/terms").
    getResponseBody();
With all parameters
Map<String, String> params = new HashMap<>() {{
    put("client_id", "4321abc00000000000000000");,
    put("oauth_token", "0123456789abcdef0123456789abcdef01234567");,
    put("not_accepted", "1");
}};

SpidOAuthToken token = spidClient.getServerToken();
String responseJSON = spidClient.
    GET(token, "/terms", params).
    getResponseBody();

This example is an excerpt, see a full example

PHP
Minimal example
<?php
$client->auth();
echo var_dump($client->api("/terms"));
With all parameters
<?php
$params = array(
    "client_id" => "4321abc00000000000000000",
    "oauth_token" => "0123456789abcdef0123456789abcdef01234567",
    "not_accepted" => "1"
);

$client->auth();
echo var_dump($client->api("/terms", $params));

This example is an excerpt, see a full example

Clojure
Minimal example
(ns example
  (:require [spid-client-clojure.core :as spid]))

(let [client (spid/create-client "[client-id]" "[secret]")
      token (spid/create-server-token client)]
  (spid/GET client token "/terms"))
With all parameters
(ns example
  (:require [spid-client-clojure.core :as spid]))

(let [client (spid/create-client "[client-id]" "[secret]")
      token (spid/create-server-token client)]
  (spid/GET client token "/terms" {"client_id" "4321abc00000000000000000"
                                   "oauth_token" "0123456789abcdef0123456789abcdef01234567"
                                   "not_accepted" "1"}))

Response

This endpoint supports the JSON and JSON-P response formats.

Success: 200 OK

The current terms, and whether they are accepted by the user, if a user token is provided.

Terms

terms

string

The current terms, as HTML

accepted

boolean

If requested with a user token, this field is true if the user has accepted the terms.

summary

array

Contains terms summary (platform and client)

platform_privacy_url

string

Link do platform privacy

privacy_url

string

Link do client privacy

The check mark indicates that the field always contains a valid non-empty value.

Failure cases

Some HTTP response codes are used for multiple error situations. There is no consistent way to tell these apart, but the error object will contain a textual explanation of the reason for the error. For explanation on OAuth related failures and errors see OAuth authentication failures.

  • 401 Unauthorized You don't have administration rights for this client.
  • 401 Unauthorized Your client doesn't have administration rights for this client.
  • 403 Forbidden Client is not authorized to access this API endpoint. Contact SPiD to request access.
  • 403 Forbidden Requesting IP is not whitelisted
  • 404 Not Found Unknown client ID
  • 404 Not Found Client ID mismatch. The client making the request is no the owner of this resource, and does not have administrative privileges for it.
  • 420 Request Ratelimit exceeded

Sample response

JSON
{
  "accepted": false,
  "terms": "[HTML with the current SPiD terms]",
  "change_date": "10. mars 2012"
}
JSON-P
callback({
  "accepted": false,
  "terms": "[HTML with the current SPiD terms]",
  "change_date": "10. mars 2012"
});

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.