API 1. Purpose & scope
These API Terms govern your access to and use of JN Short’s APPLICATION PROGRAMMING INTERFACES, WEBHOOKS, SDKs, DEVELOPER TOOLS AND DOCUMENTATION (collectively, the “API”). They apply in addition to the TERMS OF SERVICE (the “Terms”), the ACCEPTABLE USE POLICY (AUP), the PRIVACY POLICY and any SERVICE LEVEL AGREEMENT (SLA). CAPITALISED TERMS not defined here have the meaning given in the Terms. If there is a conflict, the order of precedence is as set out in the Terms.
API 2. Access, keys & ownership
2.1 API Access. We may provide one or more API keys, client IDs/secrets, OAuth credentials or signing keys (each an “API KEY”) to enable access. WE MAY ACCEPT OR REJECT APPLICATIONS FOR API ACCESS AT OUR DISCRETION.
2.2 Key Ownership & Non‑Transferability. API KEYS ARE PERSONAL TO THE ACCOUNT/WORKSPACE AND, WHERE APPLICABLE, TO THE INDIVIDUAL USER. THEY ARE NON‑TRANSFERABLE AND MUST NOT BE SHARED OUTSIDE YOUR ORGANISATION OR WITH UNAUTHORISED PERSONS. Sub‑accounting or reselling access is PROHIBITED without our written consent.
2.3 Security of Credentials. YOU MUST TREAT API KEYS AS SECRETS: store only in secure server‑side environments; DO NOT embed in client‑side code or public repositories; rotate on a reasonable schedule; use environment variables or secret stores; and restrict by IP, origin or scope where the platform supports it. You MUST notify us WITHOUT UNDUE DELAY at security@jnshort.com if you suspect loss, theft or compromise. WE MAY REVOKE AND REISSUE KEYS.
2.4 Monitoring & Audit. We may MONITOR API USAGE for operational, security, anti‑abuse and billing purposes, including inspecting metadata and headers, and sampling payloads where necessary to diagnose issues and enforce the AUP. We may request reasonable logs to investigate misuse. We inspect payload content only to the minimum extent necessary for security, quality and abuse prevention, and we handle any personal data in accordance with Privacy Policy § 5.
2.4a Audit cooperation. Upon reasonable notice and during normal business hours, you will cooperate by providing logs or evidence strictly necessary to investigate suspected abuse or security incidents related to your use of the API, subject to confidentiality obligations.
2.5 Teams & Roles. ORGANISATION ADMINS are responsible for managing developer access and roles. Keys issued to team members remain under the organisation’s control and must be revoked on departure or role change.
2.6 Sandbox vs Production. We may offer SANDBOX/TEST environments. TEST KEYS MUST NOT BE USED IN PRODUCTION. Sandbox data may be deleted at any time.
API 3. Rate limits, quotas & fair use
3.1 Limits. Access is subject to PUBLISHED RATE LIMITS, QUOTAS AND CONCURRENCY CAPS in the developer documentation and/or response headers (e.g., `X‑RateLimit‑Limit`, `X‑RateLimit‑Remaining`, `X‑RateLimit‑Reset`). WE MAY ADJUST LIMITS from time to time for system health. You may request increases via support but approval is not guaranteed.
3.2 Back‑off & Retries. ON 429 (TOO MANY REQUESTS) OR 503 RESPONSES, YOU MUST IMPLEMENT EXPONENTIAL BACK‑OFF and honour `Retry‑After` headers. Do not open multiple accounts or rotate keys/IPs to evade limits.
3.3 Fair Use. YOU MUST NOT generate artificial traffic, excessive polling, or inefficient patterns that degrade the Service (e.g., N+1 fetching where bulk endpoints exist). Use webhooks where available.
3.4 Caching. Respect cache headers and TTLs. Do not cache personal data longer than necessary; follow your disclosed retention schedule and lawful basis.
API 4. Permitted use & restrictions
4.1 Permitted Use. You may use the API to integrate JN Short functionality into your products, automate your lawful workflows, and manage your own short links, QR codes, bio pages, files (where enabled), and analytics, SUBJECT TO THE TERMS AND THIS POLICY.
4.2 Prohibited Use. YOU MUST NOT:
(a) REPLICATE, SUBSTANTIALLY RECREATE OR BUILD A COMPETING SERVICE using the API or derived analytics, or use the API to benchmark for publication without our written consent;
(b) RESELL, SUB‑LICENSE OR PROVIDE THE API ON A SERVICE‑BUREAU OR MULTI‑TENANT BASIS to third parties outside your organisation, except via approved partner programmes;
(c) SCRAPE OR HARVEST other users’ content or analytics, or attempt to access data you are not authorised to access;
(d) CIRCUMVENT SECURITY, AUTHENTICATION, RATE LIMITS, OR TECHNICAL PROTECTIONS;
(e) INTERFERE WITH PLATFORM INTEGRITY (e.g., traffic flooding, malformed payloads, recursive redirects);
(f) USE THE API FOR UNLAWFUL PURPOSES or in breach of the AUP (including malware, phishing, fraud, CSAM, hate/terror content, unlawful gambling, or high‑risk financial scams);
(g) USE RESPONSES OR LOGS TO TRAIN, FINE‑TUNE OR IMPROVE GENERATIVE MODELS that would compete with JN Short’s core services, except with our written consent; This does not restrict your internal use of telemetry to improve your own security or quality models that do not replicate or compete with the Service.
(h) MISREPRESENT YOUR RELATIONSHIP WITH US or imply endorsement, certification or partnership without written permission.
4.3 Reverse Engineering. Except to the extent that restrictions are prohibited by applicable law, YOU MUST NOT reverse engineer or attempt to extract source code, models or algorithms from the API or SDKs.
API 5. Data protection, privacy & lawful use
5.1 Your Role. YOU ARE THE CONTROLLER for personal data you send to or receive from the API about your end users/visitors. YOU MUST HAVE A LAWFUL BASIS (e.g., CONTRACT, LEGITIMATE INTERESTS, CONSENT) and provide TRANSPARENT DISCLOSURES. For EU/EEA data, comply with GDPR/ePrivacy requirements (including consent for non‑essential cookies/trackers).
5.2 Our Role. For Business Customers, WE ACT AS PROCESSOR for visitor analytics and related data processed via the API on your documented instructions, as set out in the DPA incorporated into the Terms.
5.3 Sensitive Data. DO NOT SEND SPECIAL CATEGORIES OF PERSONAL DATA (e.g., health, biometric, precise geolocation), payment card PANs, or government ID numbers via the API unless the endpoint expressly supports it and you have a lawful basis and appropriate safeguards.
5.4 Children. YOU MUST NOT knowingly collect data from children via the API where prohibited or without appropriate PARENTAL CONSENT mechanisms required by local law.
5.5 Data Subject Rights. YOU MUST HONOUR ACCESS, ERASURE, OBJECTION AND OTHER RIGHTS. Where we act as PROCESSOR, WE WILL ASSIST YOU via documented mechanisms.
5.6 Data Retention & Deletion. LIMIT YOUR RETENTION to what is necessary and disclosed to users. Use provided deletion endpoints to remove data when no longer needed or upon valid request. WE MAY RETAIN LOGS for security and operations as disclosed in our Privacy Policy.
5.7 Telemetry. We may collect TECHNICAL METADATA (e.g., request IDs, timing, error codes) to operate and improve the API. We do not use your content to market to your users.
API 6. Branding, attribution & naming
6.1 Attribution. FREE‑TIER OR TRIAL USE OF THE API MAY REQUIRE ATTRIBUTION such as “Powered by JN Short” in your interface where JN Short functionality is presented. We will specify placement in the developer guidelines.
6.2 Brand Use. YOU MAY NOT USE OUR NAMES, LOGOS OR TRADE MARKS except as permitted by written permission or brand guidelines we publish. You must not register or use domain names, app names or handles that are confusingly similar to our marks.
6.3 Publicity. We may identify your organisation as a customer/partner (name and logo) unless you opt out by e‑mailing legal@jnshort.com.
API 7. Security requirements for clients
7.1 Secure Development. Follow secure coding practices, input validation and output encoding. Use TLS for all communications with the API.
7.2 Key Hygiene. Rotate keys, scope keys by environment and minimal permissions, and revoke keys on compromise. NEVER embed secrets in client apps, front‑end code or public repos.
7.3 Webhooks. VALIDATE SIGNATURES where provided, use HTTPS, implement idempotency and rate limiting, and secure endpoints behind authentication where feasible.
7.4 Incident Reporting. REPORT SECURITY INCIDENTS WITHOUT UNDUE DELAY to security@jnshort.com and co‑operate to mitigate harm.
API 8. Compliance, sanctions & export controls
You must comply with all applicable LAWS AND REGULATIONS, including sanctions and export‑control laws. WE MAY RESTRICT OR TERMINATE ACCESS where required by law or government order.
API 9. Versioning, changes & deprecation
9.1 Versioning. We use semantic or date‑based versioning for the API where applicable. NEW VERSIONS MAY INTRODUCE CHANGES that are not backward‑compatible.
9.2 Deprecation. We will provide at least **90 DAYS’ NOTICE** before deprecating a STABLE API version, except where we must act sooner for SECURITY, LEGAL OR PERFORMANCE REASONS. Beta/experimental endpoints may change without notice.
9.3 Documentation. YOU MUST FOLLOW THE PUBLISHED DOCUMENTATION. We may update docs as features evolve.
API 10. Fees & billing
API usage may be included in your plan or billed separately (e.g., per‑request, per‑event or overage). Where overages apply, fees are calculated from our metering systems. TAXES apply as stated in the Billing Policy. NON‑PAYMENT MAY RESULT IN SUSPENSION OR KEY REVOCATION.
API 11. Suspension & termination
We may SUSPEND OR TERMINATE API ACCESS (in whole or part) where: (a) you breach these terms, the Terms or AUP; (b) we detect abuse, security risk, non‑payment or legal exposure; or (c) we sunset the API. We will provide a STATEMENT OF REASONS where required by law (e.g., under the DSA). Upon termination, YOU MUST CEASE ALL USE, DELETE KEYS, AND DELETE OR ANONYMISE ANY CACHED PERSONAL DATA OBTAINED VIA THE API unless retention is required by law. Following termination for any reason, we will provide a reasonable window for you to export non‑personal configuration data where technically feasible. You must delete or anonymise any cached personal data obtained via the API unless retention is required by law, and you must certify deletion upon request.
API 12. Warranties, disclaimers & liability
THE API IS PROVIDED “AS IS” AND “AS AVAILABLE”. TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE EXCLUDE ALL WARRANTIES NOT EXPRESSLY STATED IN THE TERMS. OUR LIABILITY IS LIMITED AS SET OUT IN THE TERMS (INCLUDING ANY CAP BASED ON FEES PAID IN THE PRECEDING 12 MONTHS). NOTHING EXCLUDES LIABILITY THAT CANNOT BE EXCLUDED UNDER MANDATORY LAW, AND CONSUMER RIGHTS ARE NOT AFFECTED WHERE APPLICABLE.
API 13. Support & contact
Support for the API is provided via the channels listed in our developer documentation and standard support hours unless otherwise agreed. Contact: **support@jnshort.com** (general), **security@jnshort.com** (security), **legal@jnshort.com** (legal).