Legal

API Terms of Use

Last updated: 28 May 2026

The terms that govern access to and use of the Orbit Commerce APIs.

1. Acceptance

These API Terms of Use (the “API Terms”) apply to anyone who accesses or uses any application programming interface, software development kit, webhook, or other technical interface we provide for the Orbit Commerce platform (collectively, the “APIs”).

By creating API credentials, calling an API, or installing one of our SDKs, you accept these API Terms on your own behalf and on behalf of any organisation you represent. If you do not agree to these API Terms, do not use the APIs.

2. Relationship to Other Agreements

These API Terms apply alongside the Terms of Service, the Acceptable Use Policy, and any Partner Program Agreement, Agency Program Agreement, or Data Processing Addendum that applies to you. Where there is a conflict between these API Terms and the Terms of Service in respect of the APIs, these API Terms prevail.

3. Licence

Subject to your compliance with these API Terms, we grant you a limited, non-exclusive, non-transferable, non-sublicensable, revocable licence to access and use the APIs solely to interact with the Service in line with the published documentation and any scopes a Vendor has granted you. This licence does not give you ownership of any part of the APIs or the Service.

4. Scope and Vendor Authorisation

Where an API call accesses or affects data belonging to a Vendor, you must have a valid authorisation from that Vendor (in the form of an OAuth grant, app installation, or signed agreement). You must only request the scopes you need and you must drop scopes you no longer need. You must respect the Vendor’s instructions to revoke access promptly.

5. Rate Limits and Fair Use

We publish rate limits, throttles, and resource limits in the API documentation. You must respect them. You must not attempt to evade or circumvent rate limits by parallelising across multiple keys, IP addresses, or user accounts. You must implement reasonable back-off and retry logic in line with the documented response codes.

6. Security

You must:

  • store API keys, OAuth tokens, and webhook secrets securely (in a secrets manager, not in source control or front-end code);
  • rotate credentials promptly if compromise is suspected and notify us at support@orbitcommerce.net;
  • verify webhook signatures and reject unsigned or unverified payloads;
  • use TLS for all API calls and use the latest supported API version where reasonably possible;
  • comply with all security obligations in any other agreement you have with us.

7. Data Handling

You must process Vendor data and Customer Personal Data obtained through the APIs only as required to provide your service to the Vendor, only as the Vendor instructs, and in accordance with the Data Protection Laws. Where a Vendor cuts off your access (for example, uninstall, OAuth revoke, or contract end), you must stop processing and delete the relevant data within thirty (30) days, except where the law requires retention.

For public apps, you must keep Vendor and Customer data in sync with the source of truth in our systems. You must not retain stale copies that diverge from the Vendor’s actual data.

8. AI and Machine Learning Restrictions

You must not, and you must not allow any third party to, use Vendor data, Customer Personal Data, or any data obtained through the APIs to create, develop, train, fine-tune, or improve any machine learning model, large language model, or other artificial intelligence system, except where: (a) the Vendor has given specific, informed consent in writing to that use; and (b) the use complies with the Data Protection Laws. Aggregated, anonymised, and de-identified data may be used solely to operate, secure, and improve your own application.

9. Prohibited Use

You must not:

  • use the APIs to build a service that substantially replicates or competes with the Service;
  • scrape, mine, or harvest data from the APIs beyond the published documentation;
  • use the APIs to perform any activity prohibited by the Acceptable Use Policy;
  • use the APIs to interfere with, damage, or gain unauthorised access to the Service or any other system;
  • resell, redistribute, or proxy API access to any third party, except to provide your authorised app or integration;
  • use the APIs to spam, phish, harass, or deceive Vendors, Customers, or other users;
  • circumvent any of our security, authentication, or audit mechanisms.

10. Changes to the APIs

We may change, version, deprecate, or remove APIs at any time. We will use reasonable efforts to give advance notice for breaking changes through the API documentation, status page, or email to registered API contacts. You must keep your integrations up to date and migrate from deprecated endpoints within the published deprecation window.

11. Suspension and Revocation

We may suspend or revoke your API credentials, or block specific calls, where we reasonably believe that: (a) you have breached these API Terms or any other agreement; (b) your activity presents a security, stability, or privacy risk; (c) you are exceeding fair use; (d) a Vendor has withdrawn its authorisation; or (e) a regulator, court, or sanctions authority so requires.

12. Warranties and Disclaimers

The APIs are provided “as is” and “as available” and we disclaim all warranties, conditions, and representations (whether express, implied, statutory, or otherwise) to the maximum extent permitted by law, including warranties of merchantability, satisfactory quality, fitness for a particular purpose, accuracy, and non-infringement. We do not warrant that the APIs will be uninterrupted, secure, or error-free.

13. Limitation of Liability

13.1 Nothing in these API Terms excludes or limits liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be excluded under applicable law.

13.2 Subject to section 13.1, neither party will be liable for any loss of profits, revenue, business, goodwill, anticipated savings, or opportunity (whether direct or indirect), or for any indirect, special, exemplary, punitive, or consequential loss, however arising.

13.3 Subject to sections 13.1 and 13.2, and to the extent that the APIs are made available without separate paid Fees from you, our total aggregate liability arising out of or in connection with these API Terms is limited to one hundred pounds sterling (£100). Where you pay separate paid Fees for API access, the cap in section 19 of the Terms of Service applies instead.

14. Indemnification

You will defend, indemnify, and hold us harmless from any third-party claim and any damages, fines, penalties, and reasonable legal costs arising from: (a) your application or use of the APIs; (b) your breach of these API Terms; (c) your handling of Vendor data or Customer Personal Data; or (d) your breach of any law.

15. Changes

We may amend these API Terms from time to time. For material changes that adversely affect your rights or obligations, we will give at least thirty (30) days’ notice through the developer portal or by email. Continued use of the APIs after the effective date constitutes acceptance.

16. Governing Law

These API Terms are governed by the laws of England and Wales and the courts of England and Wales have exclusive jurisdiction.

Contact

Developer support: support@orbitcommerce.net

Security: support@orbitcommerce.net

Legal: support@orbitcommerce.net