Introduction
EV have information security controls in place to keep the organisation, its people, its information, and its customers safe and are committed to meeting and maintaining high standards with regards to information security.
This document outlines EV’s Acceptable Use Policy for API’s; the approach to acceptable use of its API software, and hardware assets, which is in line with the EV’s ethics, products and services provided, and all legal and regulatory obligations.
Purpose
This Acceptable Use Policy is incorporated by reference into the Customer’s Agreement with EValue (EV). It governs how the Customer (on its own behalf and on behalf of its group companies) and (where appropriate) the Customer User Community (as defined in the Customer’s Agreement, if applicable), sub-licensees, anyone accessing EV’s products or services with the Customer’s permission, or because of the Customer assisting another person in an activity that would violate this AUP if performed by the Customer.
Acceptable Use Policy
In relation to APIs:
- Only the designated "endpoint-healthcheck" API shall be used by the Customer to monitor the availability of the API endpoints. This can be called at a maximum rate of 1 call per minute.
- All production traffic will count towards the Customers' agreed credit/call allowances, including development or testing activities.
- The Customer must not exceed a maximum of 20 simultaneous calls/requests per second.
- The Sandbox environment should only be used for development and testing purposes.
- Sandbox accounts will have no SLA attached; however EV will use its reasonable endeavors to make available the Sandbox environment for Customer use.
- Where the Customers' agreed credit/call allowances are based on "End User" usage, the Customer will supply the "End User" identifier header on all requests. Where this is not supplied, each request will be treated as a request from an individual "End User" and billed accordingly.
Prohibited Use:
As a condition of use of EV’s Product or Services, the Customer agrees not to use the Services or access the Products nor permit them to be used:
- For direct stress testing and load testing of the API.
- For "End User" bulk processing of any kind, "End User" usage should be consistent with the usage of the Customers' system by individual users.
- For the purposes of caching or storing results of the APIs for longer than 24 hours in order to use those results on different days for different forecasts (for the avoidance of doubt, the Customer shall be permitted to store or cache the results of APIs for audit trail and regulatory purposes).
- For enumerating all possible inputs.
- For exhaustively calling the APIs for the purposes of extracting the underlying data.
- For purposes of promoting unsolicited advertising or sending spam.
- To simulate communications from EV or another service or entity in order to collect identity information, authentication credentials, or other information ('phishing').
- In any manner that disrupts the operations, business, equipment, websites or systems of the Supplier or any other person or entity (including any denial of service and similar attacks) including excessive use of shared system resources.
- To promote any unlawful activity.
- In violation of export laws, controls, regulations or sanction policies of the United States or the Customer's applicable jurisdiction.
- To represent or suggest that EV endorses any other business, product or service unless the Supplier has separately agreed to do so in writing.
- In any manner which may impair any other person's use of EV's Products or use of any other services provided by EV to any other person.
- In any manner to probe, scan, penetrate or test the vulnerability of EV's system or network.
- To attempt to circumvent any authentication measures, security controls or mechanisms, whether by passive or intrusive techniques.
- To attempt to circumvent any password or user authentication methods of any person; or
- In any manner inconsistent with the Supplier's reasonable instructions or other instructions provided by the Supplier from time to time.
Review and Maintenance
EV may amend the AUP from time to time to advise of further reasonable restrictions and/or enhancements on the Customer's use of EV's APIs or Software. A revised version of the AUP will be published at http://www.ev.uk or in the event of a material change to the AUP, EV will provide the Customer with thirty (30) days written notice.
The revised AUP will become effective on the first to occur of:
- The Customer's execution of a new or additional order that incorporates the revised AUP by reference.
- The first day of a renewal term for an Order that begins at least thirty (30) days after the time that the revised AUP has been posted.
- Thirty (30) days following EV's written notice to the Customer of a material change to the AUP.
If for any reason, this revised AUP adversely affects the Customer's use of the API's and Software, the Customer may terminate its Agreement with EV by giving EV written notice of its objection and the reason for its objection no later than thirty (30) days following the date that the revised AUP would otherwise have become effective. On these grounds, EV will not charge the Customer an early termination fee.
If the Customer wishes to continue using the APIs or Software for up to an additional ninety (90) days, EV will not, at its option, enforce the revision during this time and the Customer will continue to be subject to the prior version of the AUP.
If the Customer chooses to terminate its Agreement, EV may, at its option, decide to waive the changes to the AUP for that Customer and keep the Customer's Agreement in place for the remainder of the term. In such circumstances the Customer shall not be able to terminate as mentioned in this paragraph above.