Legal & Consent
Retrieving terms, recording consent, and why it gates the assessment
Because this is a medical product, the API hard-gates the assessment behind recorded legal consent. The token you get from /login can only call the terms endpoints; only after POST /terms succeeds do you receive the upgraded token that can start a consultation. You cannot skip this step, cache your way around it, or accept on the user's behalf without showing them the content.
What your UI must do
- After login, call
GET /termsand render the returned legal content to the end user — headers, paragraphs, checkbox policies, and footer links. - Require an explicit user action (e.g. ticking the checkboxes / pressing "Agree") before posting acceptance.
- Post
POST /termswith the exactcontent_versionyou displayed andall_policies_accepted: true. - Keep the
footer_policieslinks accessible for the duration of the consultation (they are meant to be rendered persistently, e.g. in a footer).
The content is versioned and partner-specific: legal copy can change without an API release, and your partner account may have customised policies. Never hard-code the legal text or the version — always fetch and display what the API returns.
GET /api/v1/terms
GET /api/v1/termsGET /api/v1/terms
x-api-key: <api_key>
Authorization: Bearer <initial access_token>Response 200:
{
"content_version": "fc150b6fe1034e458a75376b126b52b2d0832f15",
"messages": [
{
"value": "Before you begin",
"type": "HEADER",
"format": "PLAIN_TEXT"
},
{
"value": "By continuing, you agree to Healthily [Terms of Service](https://www.healthily.ai/legal-pages/healthily-assessment-tool-terms-and-conditions) and confirm that you have read [How to use Healthily safely](https://www.healthily.ai/legal-pages/how-to-use-the-healthily-self-assessment-tool-safely).",
"type": "PARAGRAPH",
"format": "MARKDOWN"
}
],
"checkbox_policies": [
{
"value": "I’d like Healthily to process my health and activity data to show me possible next steps for my reported symptoms as described in the [Summary](https://www.healthily.ai/legal-pages/summary) and [Privacy Policy](https://www.healthily.ai/legal-pages/healthily-assessment-tool-privacy-policy). ",
"type": "INPUT_HINT",
"format": "MARKDOWN"
}
],
"footer_policies": [
{
"value": "[Terms](https://www.healthily.ai/legal-pages/healthily-assessment-tool-terms-and-conditions)",
"type": "OTHER",
"format": "MARKDOWN"
},
{
"value": "[Privacy Policy](https://www.healthily.ai/legal-pages/healthily-assessment-tool-privacy-policy)",
"type": "OTHER",
"format": "MARKDOWN"
},
{
"value": "[Safe Use](https://www.healthily.ai/legal-pages/how-to-use-the-healthily-self-assessment-tool-safely)",
"type": "OTHER",
"format": "MARKDOWN"
},
{
"value": "[About](https://www.healthily.ai/legal-pages/certificates)",
"type": "OTHER",
"format": "MARKDOWN"
}
]
}| Field | Meaning |
|---|---|
content_version | Version identifier of this legal content — an internal hash of the delivered terms. Echo it back verbatim when accepting, to prove you retrieved them first. |
messages | Introductory legal copy — headers and paragraphs, in display order. |
checkbox_policies | Policies requiring explicit acknowledgement. Render each with a checkbox (or an equivalent explicit-consent control). |
footer_policies | Policy links to keep visible throughout the consultation experience. |
All entries use the standard Message shape (value / type / format) — respect the format (PLAIN_TEXT, MARKDOWN, or HTML) when rendering.
POST /api/v1/terms
POST /api/v1/termsPOST /api/v1/terms
x-api-key: <api_key>
Authorization: Bearer <initial access_token>
Content-Type: application/json
{
"content_version": "1.0",
"all_policies_accepted": true
}Response 200 — see Authentication:
login_response.access_token— the upgraded token; use it for everything that follows.onboarding_response— ready-madeage_question,gender_question, andsymptoms_questionobjects (standard Question shape) for rendering your onboarding screen from API-supplied copy and constraints.
Acceptance is recorded server-side (with the version accepted) against the session, satisfying the audit requirement. If the user declines, simply do not proceed — there is no "decline" call; without acceptance the medical endpoints remain inaccessible.
Disclaimers during and after the assessment
Consent at the start is not the only legal surface:
- The final report includes
disclaimer_messages— render them with the report, unmodified (see Reports). - Emergency-level outcomes carry explicit instructions (e.g. call emergency services). Do not suppress, reorder, or soften them.
