diff --git a/src/api/Webserver.ts b/src/api/Webserver.ts
index 07c77c2..33e5362 100644
--- a/src/api/Webserver.ts
+++ b/src/api/Webserver.ts
@@ -77,7 +77,7 @@ export default class Webserver {
             }
 
             res.setHeader("Access-Control-Allow-Origin", "*");
-            res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+            res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
             next();
         });
     }
diff --git a/src/api/msc/MSCTermsService.ts b/src/api/msc/MSCTermsService.ts
index 3a9c618..18a1ada 100644
--- a/src/api/msc/MSCTermsService.ts
+++ b/src/api/msc/MSCTermsService.ts
@@ -3,7 +3,7 @@ import { AutoWired, Inject } from "typescript-ioc/es6";
 import { ROLE_MSC_USER } from "../security/MSCSecurity";
 import TermsController, { ITermsNotSignedResponse } from "../controllers/TermsController";
 
-interface SignTermsRequest {
+export interface SignTermsRequest {
     user_accepts: string[];
 }
 
diff --git a/src/api/scalar/ScalarService.ts b/src/api/scalar/ScalarService.ts
index 28b4673..c42e3d1 100644
--- a/src/api/scalar/ScalarService.ts
+++ b/src/api/scalar/ScalarService.ts
@@ -5,6 +5,8 @@ import { ScalarAccountResponse, ScalarRegisterResponse } from "../../models/Scal
 import { AutoWired, Inject } from "typescript-ioc/es6";
 import AccountController from "../controllers/AccountController";
 import { ROLE_MSC_USER } from "../security/MSCSecurity";
+import TermsController, { ITermsNotSignedResponse } from "../controllers/TermsController";
+import { SignTermsRequest } from "../msc/MSCTermsService";
 
 /**
  * API for the minimum Scalar API we need to implement to be compatible with clients. Used for registration
@@ -17,6 +19,9 @@ export class ScalarService {
     @Inject
     private accountController: AccountController;
 
+    @Inject
+    private termsController: TermsController;
+
     @Context
     private context: ServiceContext;
 
@@ -42,6 +47,21 @@ export class ScalarService {
         return {user_id: this.context.request.user.userId};
     }
 
+    @GET
+    @Path("terms")
+    @Security(ROLE_MSC_USER)
+    public async getTerms(): Promise<ITermsNotSignedResponse> {
+        return this.termsController.getMissingTermsForUser(this.context.request.user);
+    }
+
+    @POST
+    @Path("terms")
+    @Security(ROLE_MSC_USER)
+    public async signTerms(request: SignTermsRequest): Promise<any> {
+        await this.termsController.signTermsMatching(this.context.request.user, request.user_accepts);
+        return {};
+    }
+
     @GET
     @Path("ping")
     public async ping(): Promise<any> {
diff --git a/src/api/security/MSCSecurity.ts b/src/api/security/MSCSecurity.ts
index a0f673e..ea65617 100644
--- a/src/api/security/MSCSecurity.ts
+++ b/src/api/security/MSCSecurity.ts
@@ -21,6 +21,11 @@ const TERMS_IGNORED_ROUTES = [
     {method: "POST", path: "/_matrix/integrations/v1/terms"},
     {method: "POST", path: "/_matrix/integrations/v1/register"},
     {method: "POST", path: "/_matrix/integrations/v1/logout"},
+
+    // Legacy scalar routes
+    {method: "GET", path: "/api/v1/scalar/terms"},
+    {method: "POST", path: "/api/v1/scalar/terms"},
+    {method: "POST", path: "/api/v1/scalar/register"},
 ];
 
 const ADMIN_ROUTES = [