Use of Company API
A. Using the Company API
1. License
The Company grants Customer a non-exclusive, non-transferable, and non-sublicensable (except as expressly permitted herein) license to use the API solely to do the following and subject to the restrictions set forth in this Agreement:
a) Enable your Application to interact with Company’s databases to retrieve information necessary to facilitate Customer’s permitted use of Company Services through your Application;
b) Make limited intermediate copies of Company Content only as necessary to perform an activity permitted under this Agreement. All intermediate copies should be deleted when they are no longer required for the purpose for which they were created;
c) Process, analyse, rearrange, reorganize or present Company Content within your Application;
2. Access Keys
The Company will provide you with Access Keys that permit you to access the Company’s databases. The Access Keys are the property of the Company and may be revoked if you share them with any third party (other than as allowed under this Agreement), if they are compromised, if you violate any term of this Agreement, or if the Company terminates this Agreement.
3. API Call Limitations
The number of API calls you will be permitted to make during any given period may be limited. The Company will determine call limits based on various factors, including the ways your Application may be used or the anticipated volume of use associated with your Application. The Company may, in its sole discretion, charge you for API calls that exceed the call limits or terminate your access to the API in accordance with these terms.
4. Restrictions
Customer will not and will not facilitate or enable others to:
a) Distribute, publish, or allow access or linking to the Company API or Company Content from any location or source other than your Application.
b) Enable or permit use or disclosure of Company Services other than as authorized under this Agreement.
c) Commercialize (that is, sell, rent, trade or lease), copy or store the Company Content;
d) Use, copy, distribute or modify the API or Company Content in any "service bureau" or "timesharing" business;
e) access the Company Technology for any other purposes other than retrieval of Company Content to which Customer is authorized to obtain.
d) Modify, decompile, reverse engineer or otherwise alter the Company Technology, Company API or Company Content.
e) Use robots, spiders, scraping or other technology to access or use Company Technology or Content or the Web Site or the Company Services in general to obtain any information beyond what Company provides to you under this Agreement.
f) Use the API in a manner that exceeds reasonable request volume, constitutes excessive or abusive usage or otherwise fails to comply or is inconsistent with any reasonable instructions or policy published by the Company.
g) use the Company API to: (i) infringe on Company or Company’s licensor’s copyright, patent, trademark, trade secret or other property rights or rights of publicity or privacy; (ii) transmit any viruses or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system or data; or (iii) interfere, disrupt or attempt to use the Company Technology to gain unauthorized access to any computer system, server, network or account for which it does not have authorization to access or at a level exceeding its authorization; or (iv) in general create liability for us or cause us to lose (in whole or in part) the Company Services of our ISPs or other suppliers.
5. Suspension/termination
In the event of any breach by Customer of the restrictions set out herein, Company will provide Customer notice of the same, and if it is not corrected within ten (10) days, Company may (i) suspend all API access rights and other Company Services provided to the Customer or, in the event this does not prevent a breach, terminate the Agreement. In the event any such breach causes immediate material harm or significant risks, as determined by Company, to the Company Technology or Company Services, Company may immediately suspend all access rights and other Company Services to any breaching party, provided that Company shall provide Customer with immediate notice of such suspension. The Company will resume Company Services hereunder when such breach is remedied and all issues related thereto are resolved, without prejudice to its right to terminate this Agreement.
In addition, Company may suspend or terminate API access (a) if it is required to do so by law; (b) when the Service Order has expired or been terminated; (c) when providing such access to the Service could create a substantial economic burden as determined by Company in its reasonable good faith judgment; or (d) providing API access to the Service could create a security risk or material technical burden as determined by Company in its reasonable good faith judgment
6. Modification of the API, Sites and Services.
Company may modify the API, permitted API calls, its databases, the WebSite or Company Services and permitted uses of the same under this Agreement, or any of the benefits and/or features provided in connection with your use of the API at any time. Company will provide one (1) month’s written notice to your designated contact of any such Modifications that may affect your Application. These changes may require Customer to make changes to its Application at its own cost to continue to be compatible with or interface with the API or Company Sites or Company Services.
B. API Security Standards
Customer will comply with the following API Security Standards (“Security Standards”):
1. Security Audits
1.1 Audit. Company reserves the right to periodically audit the Systems to ensure compliance with the requirements of this Exhibit. Non-intrusive network and application security scans may be performed randomly without prior notice.
1.2 Audit after a Security Breach Incident. For purposes of these Security Standards, a “Security Breach” is defined as a breach of security of Customer facility, systems or site where Company Content has been acquired by an unauthorized person. In the event of a Security Breach, Company may suspend or terminate Customer’s access to the API and Company Content and Company may conduct a security audit.
1.3 Company Results and Customer Response. Company will provide Customer with detailed results of any security audit performed by Company pursuant to these Security Standards. Customer will be granted thirty (30) days to resolve any issues Company has identified through a security audit. Should Customer fail to resolve such identified issues, Company may immediately suspend or terminate Customer’s access to the API and Company Content without notice to Customer.
2. Security Incidents and Response
2.1 Notification and Timing. Notwithstanding any other legal obligations Customer may have, Customer agrees to immediately notify Company in writing upon Customer’s discovery of a Security Breach. Customer agrees to use commercially reasonable efforts to notify Company of Customer’s detection of a Security Breach no more than twenty-four (24) hours after detection of a Security Breach. Notwithstanding the foregoing, under no circumstances will more than two (2) days pass between Customer’s detection of a Security Breach and Company being notified.
2.2 Notification Format. Customer’s notification of a Security Breach in accordance with the requirements set forth above will take the form of an email to Company. Such notification email will include: a problem statement, expected resolution time (if known), and the name and phone number of Customer’s representative that Company can contact to obtain incident updates.
3. Security Precautions: Best Practices.
Customer agree to adhere at all times to reasonable security practices, as specified in current industry literature on topics relevant to Customer’s interaction with Company. In the event such best practices conflict with these Security Standards, Customer will comply with these Security Standards.
4. Data Security: Data Storage.
Customer agrees to maintain reasonable safeguards to protect the security of the following information, whether provided by a Company User to Customer or obtained from Company through the API:
- Company User Email Addresses
- Authentication Tokens
- Company User ID
- Any other Company User data
Company User IDs used to authenticate access to the API must be kept secret and confidential and under no circumstances be exposed to the public. If Company believes that Company User IDs have been compromised, Company reserves the right to immediately terminate access and issue a new Company User ID to Customer.