Skip to main content
Terms of Service (ToS) Links enable you to collect user consent for data processing before creating HIFI accounts. Users must accept HIFI’s terms before you can create their user account.
1

Generate ToS link

Create a unique ToS link with a UUID that will serve as the signed agreement ID.
2

Present to user

Display the ToS page to your user (via redirect or embedded flow).
3

User accepts

User reviews and accepts HIFI’s terms and privacy policy.
4

Create user account

Use the same UUID (signedAgreementId) to create the user account.

Implementation Options

You can implement ToS acceptance in two ways depending on your application flow: Redirect users to a HIFI-hosted ToS page. Best for onboarding flows where redirection is acceptable. Advantages:
  • HIFI handles the entire ToS presentation and acceptance
  • Automatic styling and updates to terms
  • Can be white-labeled with your branding (contact support)
Use when:
  • Onboarding new users in a web application
  • User can navigate away and return to your app
  • You want HIFI to manage ToS updates automatically

Embedded Flow

Display ToS acceptance inline within your application. Best for embedded experiences where redirection breaks the user experience. Advantages:
  • User stays within your application
  • Complete control over UI/UX
  • Works in mobile apps and embedded contexts
Use when:
  • Building mobile applications
  • Creating embedded financial widgets
  • User cannot be redirected out of your application

Redirect Flow Implementation

1

Generate ToS link

Create a ToS link using the Generate ToS Link endpoint.Request:
curl -X POST "https://sandbox.hifi.com/v2/tos-link" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "idempotencyKey": "a4f8b3c2-1d5e-4a7b-9c8d-3e2f1a0b9c8d",
    "redirectUrl": "https://yourapp.com/onboarding/complete"
  }'
Request Fields:
  • idempotencyKey (required): Unique UUID that will become the signedAgreementId. Generate a new UUID for each user.
  • redirectUrl (optional): URL to redirect user after accepting ToS. Include query parameters if needed.
  • templateId (optional): Custom ToS template ID from HIFI Dashboard. Omit to use HIFI’s default template.
Response:
{
  "url": "https://dashboard.hifi.com/accept-terms-of-service?sessionToken=e12d9c3f-75a8-4bd1-aa3d-97a2cfaf2c40&redirectUrl=https://yourapp.com/onboarding/complete",
  "signedAgreementId": "a4f8b3c2-1d5e-4a7b-9c8d-3e2f1a0b9c8d"
}
2

Redirect user

Redirect the user to the returned url. They’ll see HIFI’s ToS page where they can review and accept the terms.
// Redirect user to ToS page
window.location.href = response.url;
3

Handle redirect back

After the user accepts, they’re redirected to your redirectUrl. The signedAgreementId matches your original idempotencyKey.
// On your redirect page
const signedAgreementId = 'a4f8b3c2-1d5e-4a7b-9c8d-3e2f1a0b9c8d'; // Your original UUID

// Proceed to create user
createUser(signedAgreementId);
4

Create user

Use the signedAgreementId when creating the user account:
curl -X POST "https://sandbox.hifi.com/v2/users" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "signedAgreementId": "a4f8b3c2-1d5e-4a7b-9c8d-3e2f1a0b9c8d",
    "email": "user@example.com",
    "firstName": "Jane",
    "lastName": "Doe"
  }'

Embedded Flow Implementation

For applications where redirection isn’t possible, display ToS acceptance inline.
1

Display terms inline

Show users HIFI’s terms and privacy policy links within your application:
<div className="tos-acceptance">
  <input
    type="checkbox"
    id="accept-tos"
    onChange={handleTosAcceptance}
  />
  <label htmlFor="accept-tos">
    I agree to HIFI's{' '}
    <a
      href="https://www.hifi.com/terms-conditions"
      target="_blank"
      rel="noopener noreferrer"
    >
      Terms & Conditions
    </a>
    {' '}and{' '}
    <a
      href="https://www.hifi.com/privacy-policy"
      target="_blank"
      rel="noopener noreferrer"
    >
      Privacy Policy
    </a>
  </label>
</div>
2

Generate ToS link

When the user checks the box, generate a ToS link to get the session token:
import { v4 as uuidv4 } from 'uuid';

async function handleTosAcceptance(accepted) {
  if (accepted) {
    const idempotencyKey = uuidv4();

    // Generate ToS link to get session token
    const response = await fetch('https://sandbox.hifi.com/v2/tos-link', {
      method: 'POST',
      headers: {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        idempotencyKey: idempotencyKey
      })
    });

    const { url, signedAgreementId } = await response.json();

    // Extract session token from URL
    const urlParams = new URLSearchParams(new URL(url).search);
    const sessionToken = urlParams.get('sessionToken');

    // Store for next step
    setSessionToken(sessionToken);
    setSignedAgreementId(signedAgreementId);
  }
}
3

Accept ToS programmatically

Call the accept endpoint to record the user’s consent:
async function acceptTos(sessionToken) {
  const response = await fetch(`https://sandbox.hifi.com/v2/tos/${sessionToken}`, {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      sessionToken: sessionToken
    })
  });

  if (response.ok) {
    console.log('ToS accepted successfully');
    return true;
  } else {
    console.error('Failed to accept ToS');
    return false;
  }
}
4

Create user

After successful ToS acceptance, create the user with the signedAgreementId:
async function createUserWithTos(signedAgreementId) {
  const response = await fetch('https://sandbox.hifi.com/v2/users', {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      signedAgreementId: signedAgreementId,
      email: 'user@example.com',
      firstName: 'Jane',
      lastName: 'Doe'
    })
  });

  return response.json();
}

Referencing Privacy Policy

You can also reference HIFI’s terms within your own privacy policy: 
## Third-Party Services

We use HIFI to process financial transactions. By using our service,
you also agree to HIFI's [Terms & Conditions](https://www.hifi.com/terms-conditions)
and [Privacy Policy](https://www.hifi.com/privacy-policy).
Then require users to accept your privacy policy, which includes HIFI’s terms by reference.

Custom Templates

White-label the ToS page with your branding:
  1. Contact Support: Request custom template creation
  2. Provide Branding: Share your logo, colors, and any custom terms
  3. Receive Template ID: HIFI creates a template and provides the ID
  4. Use Template ID: Include templateId when generating links
curl -X POST "https://sandbox.hifi.com/v2/tos-link" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "idempotencyKey": "a4f8b3c2-1d5e-4a7b-9c8d-3e2f1a0b9c8d",
    "redirectUrl": "https://yourapp.com/onboarding/complete",
    "templateId": "tmpl_abc123"
  }'

Key Concepts

The signedAgreementId serves two purposes:
  1. Idempotency key when generating the ToS link
  2. Proof of consent when creating the user account
Always use the same UUID for both operations. This links the user’s ToS acceptance to their account creation.
HIFI must collect explicit user consent to:
  • Process personal and financial data
  • Comply with privacy regulations (GDPR, CCPA, etc.)
  • Establish terms of service for financial operations
Users cannot be created without accepting these terms.
In sandbox environment:
  • ToS links work identically to production
  • Use test signedAgreementIds for testing
  • Verify the entire flow before going live
Always test both redirect and embedded flows if you support multiple platforms.

Getting Help

  • 📧 Email: support@hifi.com
  • 💬 Slack: Message us in our shared Slack channel