Legal Terms Acceptance
To be compliant with Brazilian and international regulations regarding privacy and financial protection, we require our partners and mediators to display our terms of usage and privacy policy to all end users, as well as collect their explicit acceptance.
Fetching needed acceptances
Once the user phone has been successfully verified, the legal terms for the Bit Capital platform and all active Custody Providers must be explicitly accepted through the API. Start by getting the currently active and required Terms of Use, Privacy Policies and other legal documents for the custody providers. The end-user should be able to read the documents
// Get pending legal terms that requires explicit acceptance
const pendingTerms = await bitcapital.legalTerms().findByConsumer(userId, {
accepted: false
});
curl --location \
--request GET '$API_BASE_URL/consumers/$USER_ID/legal-terms' \
--header 'Authorization: Bearer $BEARER_TOKEN';
Extending the default Legal Terms
You can also add your own custom legal terms to this flow by opening a ticket on our helpdesk to configure it, so you don't have to manage the acceptance state in your systems.
Explicitly accepting documents
Once you fetch the document content, showed to the user and gathered his explicit consent, send the acceptance notice using the API.
Accepting with a Consumer token
When you accept the document using a Consumer access token (generated directly by a frontend client in contact with Bit Capital APIs), see the example below:
// Get the document information for acceptance
const documents = pendingDocuments[i];
// Send explicit acceptance where the access token belongs to the userId themselves
const receipt = await bitcapital.legalTerms().accept(userId, legalTermId)
curl --location \
--request POST '$API_BASE_URL/consumers/$USER_ID/legal-terms/$LEGAL_TERM_ID' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer $BEARER_TOKEN' \
--data-raw '{}'
Accepting with a Mediator token
When you accept the document using a Mediator access token in the name of another Consumer (for example, when traffic goes through your API before reaching Bit Capital servers), you need to send additional data required by the acceptance agreement.
// Get the document information for acceptance
const documents = pendingDocuments[i];
// The consumer frontend client IP, this may be subject to compliance verification, make sure it's valid.
const ip = '34.74.227.97';
// For Web applications, you'll need the consumer User Agent string, this may be subject to compliance verification, make sure it's valid.
const userAgent = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36';
// For mobile applications, you may use the Android package name or the iOS bundle ID as an User Agent, this may be subject to compliance verification, make sure it's valid.
const userAgent = "br.com.bitcapital.app";
// Send explicit acceptance where the access token belongs to the userId
const receipt = await bitcapital.legal().accept(userId, documentId, {
ip,
userAgent,
})
curl --location \
--request POST '$API_BASE_URL/consumers/$USER_ID/legal-terms/$LEGAL_TERM_ID' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer $BEARER_TOKEN' \
--data-raw '{
"ip": "34.74.227.97",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
}'
Updated over 3 years ago