Jan 27
🎉 Features and Improvements​
Custom Form Elements API: Terms & Conditions HTML Support​
You can now update the HTML content of Terms & Conditions elements via the API. This allows you to programmatically manage the terms text displayed during checkout.
New field: terms_and_conditions​
The terms_and_conditions field is now available on custom form elements of type termsCheckbox and termsSignature:
- Get custom form element -
GET /v1/checkout_forms/{checkout_form_id}/elements/{checkout_form_element_id}now returnsterms_and_conditionsin the response - Update custom form element -
POST /v1/checkout_forms/{checkout_form_id}/elements/{checkout_form_element_id}acceptsterms_and_conditionsto update the HTML content
Supported element types​
The API now supports editing the following element types:
multiCheckbox- Multiple checkbox optionsradio- Radio button optionsselect- Dropdown select optionstermsCheckbox- Terms & Conditions checkbox (new)termsSignature- Terms & Conditions with signature (new)
HTML sanitization​
All HTML content in terms_and_conditions is sanitized using HTMLPurifier for XSS protection. The following are allowed:
- Standard HTML tags (
<p>,<strong>,<em>,<ul>,<ol>,<li>,<a>, etc.) - YouTube and Vimeo iframe embeds
- Links with
target="_blank"
Malicious content like <script> tags and event handlers (e.g., onclick) are automatically removed.
Example​
curl -X POST https://api.tickettailor.com/v1/checkout_forms/{checkout_form_id}/elements/{checkout_form_element_id} \
-H 'Accept: application/json' \
-u 'sk_1000_1000_VGlja2V0VGFpbG9y:' \
-d 'terms_and_conditions=<p>By purchasing tickets, you agree to our <a href="https://example.com/terms" target="_blank">Terms of Service</a>.</p>'
💡 Things to note:
- The
terms_and_conditionsfield returnsnullfor non-terms element types (multiCheckbox,radio,select) - Maximum length for
terms_and_conditionsis 65,535 characters - HTML is automatically sanitized - malformed HTML will be corrected and unsafe content will be removed