API terms and conditions (basic)
These terms and conditions are designed to cover: (i) the provision of an application programming interface (API) by a supplier to a customer; (ii) the use of that API by customer applications, including the processing of customer-supplied data on the supplier's systems; and (iii) the provision of associated support and maintenance.
This is the shortest version of our API services T&Cs template. Nonetheless, the T&Cs cover these core areas in some detail.
One of the first operative terms in the T&Cs sets out the customer's basic right to use the API. Typically, this would be a non-exclusive, non-transferable right to access and use the API - perhaps by means of pre-agreed applications - for the customer's business purposes. The right may be limited by reference to the number of API calls made or by some other resource utilisation measure.
The first schedule to the API services T&Cs is a service level agreement (SLA) defining the obligation of the supplier to maintain the availability of the API. This is optional.
The customer acknowledges that the API services will be updated from time to time, although controls on the supplier's right to roll-back existing functionality and/or change interface elements may be included.
A second SLA is included as the second schedule to the API services T&Cs. This contains details regarding the supplier's obligations to respond to requests for support services and to resolve issues raised by the customer. Again, this is optional.
As well as the core services clauses, these API services T&Cs incorporate standard clauses covering charges and payments, confidentiality, the processing of personal data under the UK and EU General Data Protection Regulations (GDPRs), warranties relating to the services, disclaimers of liability, the term of the contract, and methods of termination.Ask about this document
API terms and conditions (basic) contents
- Definitions: definitions.
- Term: commencement of term; end of term (initial and renewal periods); each services order form creates distinct contract.
API Services: provision of API services access credentials; grant of licence to use API services; limitations on use of API services; prohibitions on the use of the API services; security of access credentials (API services); availability of API services and SLA; no damaging use of API services; no excessive use of the API services; no unlawful use of API services; no access to platform code.
- CustomerData: licence ofCustomerdata; licence ofCustomerdata for machine learning purposes; licence ofCustomerdata for aggregation purposes; warranties relating toCustomerdata; back-up ofCustomerdata (API services); restoration ofCustomerdata.
- Scheduled maintenance and
Modifications: right to conduct scheduled maintenance and modify (API services); acknowledgement of modifications byCustomer(API services); limitations on right to modify (API services); notice or prohibition of significant modifications (API services); notice of modifications generally (API services); security modifications (API services); notice of scheduled maintenance (API services); times for provision of scheduled maintenance; maximum aggregate time for scheduled maintenance (API services). Support Services: support services provision; standard of support services; support services in accordance with SLA; suspension of support services.
- No assignment of
Intellectual Property Rights: no assignments of intellectual property rights.
- Charges: obligation to pay charges; time-base charges limitations; amounts inclusive or exclusive of VAT; variation of charges.
- Payments: issue of invoices; time for payment of charges following invoice; payment methods; interest on late payments; interest on late payments.
- Confidentiality obligations: Providerconfidentiality undertaking;Customerconfidentiality undertaking; disclosure of confidential information to certain persons; exceptions to confidentiality obligations; disclosures of confidential information mandated by law etc; parties to stop using confidential information upon termination; parties to delete confidential information following termination; confidentiality obligations after termination.
- Data protection: compliance with data protection laws; warranty of Customer's right to disclose personal data (GDPR); details of personal data processed bythe Provider(GDPR); purposes of processing of personal data bythe Provider(GDPR); duration of personal data processing byProvider(GDPR); personal data processed byProvideron instructions (GDPR); authorised international transfers of personal data (GDPR); informingCustomerof illegal instructions (GDPR); personal data processed byProvideras required by law (GDPR); confidentiality obligations onProviderpersons processing personal data (GDPR); security of personal data processed byProvider(GDPR); appointment of sub-processor byProvider(GDPR); authorisation forProviderto appoint sub-processors (GDPR);Providerto assist with exercise of data subject rights (GDPR);Providerto assist with compliance (GDPR); obligation to notifyCustomerof personal data breach (GDPR);Providerto provide data protection compliance information (GDPR); deletion of personal data byProvider(GDPR);Providerto allow audit (GDPR); changes to data protection law.
- Warranties: first party general warranties; API services general warranties; warranty of legality of API services; API services intellectual property infringement warranty; breach of API services infringement warranty; second party warranty of authority; exclusion of implied warranties and representations.
- Limitations and exclusions of liability: caveats to limits of liability; interpretation of limits of liability; no liability for force majeure; no liability for loss of profits; no liability for loss of revenue; no liability for loss of use; no liability for loss of opportunities; no liability for loss of data or software (subject to back-up obligations); no liability for consequential loss; per event liability cap upon services contract; aggregate liability cap upon services contract.
- Termination: termination without cause (optionally asymmetric); termination by either party without cause; termination upon breach; termination upon insolvency; termination upon non-payment; rights of termination supplemental or exclusive.
- Effects of termination: surviving provisions upon termination; termination does not affect accrued rights; charges on termination of contract.
- Subcontracting: no subcontracting without consent; subcontracting permitted; first party responsible for subcontracted obligations; subcontracting of hosting.
- General: no waiver; severability; variation written and signed; no assignment without written consent; no third party rights; entire agreement; governing law; exclusive jurisdiction.
- Interpretation: statutory references; section headings not affecting interpretation; calendar month meaning; no ejusdem generis.
Schedule 1 (Availability SLA)
- Introduction to availability SLA: purpose of API services availability SLA; informal definition of uptime (API services).
- Availability: uptime commitment (API services); measurement of uptime; reporting of uptime measurements.
- Service credits: earning service credits (API services); amount of service credits; application of service credits (API services); service credits are sole remedy; service credits upon termination (API services).
- Exceptions: list of exceptions to availability commitment.
Schedule 2 (Support SLA)
- Introduction: introduction to support SLA.
- Helpdesk: helpdesk obligation; purpose of support services helpdesk; access to helpdesk; times of helpdesk availability; all requests for support to go through helpdesk.
- Response and resolution: API services support issue categorisation; allocation of support issue severity categories; support response times; contents of response to support request; support resolution times.
- Provision of
Support Services: support services to be provided remotely.
- Limitations on
Support Services: excessive use of hosted services support; API support services training and misuse limitations.
Schedule 3 (Data processing information)
- Categories of data subject: prompt for categories of data subject.
- Types of
Personal Data: prompt for types of personal data.
- Purposes of processing: prompt for personal data processing purposes.
- Security measures for
Personal Data: prompt for security measures for personal data.
- Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.