diff --git a/src/caas.js b/src/caas.js
deleted file mode 100644
index d065d17aa..000000000
--- a/src/caas.js
+++ /dev/null
@@ -1,58 +0,0 @@
-'use strict';
-
-exports = module.exports = {
-    verifySetupToken: verifySetupToken,
-
-    CaasError: CaasError
-};
-
-var assert = require('assert'),
-    config = require('./config.js'),
-    settings = require('./settings.js'),
-    superagent = require('superagent'),
-    util = require('util');
-
-function CaasError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(CaasError, Error);
-CaasError.BAD_FIELD = 'Field error';
-CaasError.BAD_STATE = 'Bad state';
-CaasError.INVALID_TOKEN = 'Invalid Token';
-CaasError.INTERNAL_ERROR = 'Internal Error';
-CaasError.EXTERNAL_ERROR = 'External Error';
-
-function verifySetupToken(setupToken, callback) {
-    assert.strictEqual(typeof setupToken, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    settings.getCaasConfig(function (error, caasConfig) {
-        if (error) return callback(new CaasError(CaasError.INTERNAL_ERROR, error));
-
-        superagent.get(config.apiServerOrigin() + '/api/v1/caas/boxes/' + caasConfig.boxId + '/setup/verify').query({ setupToken: setupToken })
-            .timeout(30 * 1000)
-            .end(function (error, result) {
-                if (error && !error.response) return callback(new CaasError(CaasError.EXTERNAL_ERROR, error.message));
-                if (result.statusCode === 403) return callback(new CaasError(CaasError.INVALID_TOKEN));
-                if (result.statusCode === 409) return callback(new CaasError(CaasError.BAD_STATE, 'Already setup'));
-                if (result.statusCode !== 200) return callback(new CaasError(CaasError.EXTERNAL_ERROR, error.message));
-
-                callback(null);
-            });
-    });
-}
diff --git a/src/routes/provision.js b/src/routes/provision.js
index 9da6a49c8..e0c2a9c08 100644
--- a/src/routes/provision.js
+++ b/src/routes/provision.js
@@ -2,7 +2,6 @@
 
 exports = module.exports = {
     providerTokenAuth: providerTokenAuth,
-    setupTokenAuth: setupTokenAuth,
     setup: setup,
     activate: activate,
     restore: restore,
@@ -11,8 +10,6 @@ exports = module.exports = {
 
 var assert = require('assert'),
     auditSource = require('../auditsource'),
-    caas = require('../caas.js'),
-    CaasError = require('../caas.js').CaasError,
     config = require('../config.js'),
     debug = require('debug')('box:routes/setup'),
     HttpError = require('connect-lastmile').HttpError,
@@ -40,24 +37,6 @@ function providerTokenAuth(req, res, next) {
     }
 }
 
-function setupTokenAuth(req, res, next) {
-    assert.strictEqual(typeof req.query, 'object');
-
-    if (config.provider() !== 'caas') return next();
-
-    if (typeof req.query.setupToken !== 'string' || !req.query.setupToken) return next(new HttpError(400, 'setupToken must be a non empty string'));
-
-    caas.verifySetupToken(req.query.setupToken, function (error) {
-        if (error && error.reason === CaasError.BAD_STATE) return next(new HttpError(409, 'Already setup'));
-        if (error && error.reason === CaasError.INVALID_TOKEN) return next(new HttpError(401, 'Invalid token'));
-        if (error && error.reason === CaasError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-
-        if (error) return next(new HttpError(500, error));
-
-        next();
-    });
-}
-
 function setup(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
diff --git a/src/server.js b/src/server.js
index de813b767..1ccd448a6 100644
--- a/src/server.js
+++ b/src/server.js
@@ -112,7 +112,7 @@ function initializeExpressSync() {
     // public routes
     router.post('/api/v1/cloudron/setup', routes.provision.providerTokenAuth, routes.provision.setup);    // only available until no-domain
     router.post('/api/v1/cloudron/restore', routes.provision.restore);    // only available until activated
-    router.post('/api/v1/cloudron/activate', routes.provision.setupTokenAuth, routes.provision.activate);
+    router.post('/api/v1/cloudron/activate', routes.provision.activate);
     router.get ('/api/v1/cloudron/status', routes.provision.getStatus);
 
     router.get ('/api/v1/cloudron/avatar', routes.settings.getCloudronAvatar); // this is a public alias for /api/v1/settings/cloudron_avatar