For integrators

API Terms of Service

These terms govern use of the SnapAct APIs — Trust API, Verified Inventory API, Connect API, and Verified Delivery Proof — by approved integrators (businesses with a server-side API key). For consumer use of the SnapAct mobile app and partner dashboard, see our consumer Terms of Service.

Effective date: May 19, 2026

By generating, accepting, or using a SnapAct API key, your business agrees to these API Terms of Service ("API Terms"). If you do not agree, do not use the APIs. These API Terms supplement, but do not replace, any signed Master Services Agreement or Order Form between your business and SnapAct.

1. Parties & scope

These API Terms are between SnapAct Limited ("SnapAct", "we", "us") and the business entity ("Integrator", "you") on behalf of which an authorised representative accepted these terms or generated an API key. "API" means any one or more of the SnapAct APIs (Trust API, Verified Inventory API, Connect API, Verified Delivery Proof, and successors) accessible to approved integrators via Bearer-authenticated HTTP endpoints.

2. API access & keys

  • Approval. API access is granted at SnapAct's discretion. You must complete an integration review before a production key is issued.
  • Server-side only. API keys are server-side credentials. You may not embed keys in mobile apps, browser-based JavaScript, public repositories, or any client surface a third party can read.
  • Confidentiality. You must treat the API key secret value as you would a password. Compromise must be reported to [email protected] within 24 hours of discovery; we will revoke and reissue.
  • Scopes. Each key is issued with explicit scopes (e.g. trust_v1_partner, delivery_v1_proof). You may not attempt to access scopes not assigned to your key.
  • Rate limits. Each key has a per-minute request cap shown in the partner dashboard and in the response headers when exceeded (HTTP 429 with Retry-After). Exceeding caps repeatedly may result in temporary or permanent revocation.

3. Permitted use

You may use the APIs to:

  • Verify SnapAct partners as part of your own onboarding, underwriting, or risk-decisioning workflow.
  • Display verified-inventory data inside your own product, with attribution to "SnapAct verified" where the verification status is shown.
  • Receive and process signed webhooks for events you have subscribed to.
  • Cache API responses for the time period explicitly indicated by the response's freshness fields (e.g. trust-score freshness of 24 hours).

4. Prohibited use

You may not:

  • Resell, republish, or sublicense SnapAct API data as a standalone data product to third parties without a separate written agreement.
  • Use SnapAct APIs to build a competing verification, inventory, or delivery-proof product.
  • Aggregate API responses to reverse-engineer the SnapAct trust score formula or other proprietary scoring algorithms.
  • Use the APIs to identify, profile, or contact SnapAct partners or buyers outside the scope of your stated business purpose.
  • Use the APIs in any manner that violates Nigerian law, NDPR, GDPR (for European data subjects), or other applicable data-protection regulations.
  • Attempt to circumvent rate limits, scopes, signature verification, or other technical controls.

5. Fees & billing

Fees, call quotas, overage rates, and billing cadence are stated on the Order Form executed between Integrator and SnapAct. The Sandbox allowance is a one-time evaluation of 10 API calls with no billing and no Order Form required. Production access fees are sized to call volume, service-level requirements, and support tier; terms are confirmed in writing before any production key is issued. All fees are stated in NGN unless an Order Form explicitly specifies another currency. Overage above contracted volumes is invoiced according to the cadence set in the Order Form.

6. Data & redistribution

  • SnapAct retains ownership of all data returned by the APIs, including trust scores, inventory records, and delivery proofs. The Integrator receives a non-exclusive, revocable licence to use the data inside its own product for the duration of the agreement.
  • Personal data. Where API responses include personal data (e.g. buyer phone numbers in escrow records you've consented to receive), Integrator processes that data as a data processor on behalf of SnapAct. A separate Data Processing Agreement (DPA) governs that processing — request at [email protected].
  • Caching. Cached data must be refreshed against the live API at minimum every 24 hours, or earlier if the response's signed_at timestamp is older than the documented freshness window.
  • Deletion on termination. Within 30 days of agreement termination, Integrator must purge all SnapAct API data from primary stores and within 90 days from backups.

7. Service levels

Production access without a written SLA is provided on a best-effort basis. Operational status is published in real time at status.snapact.io.

Where Integrator's Order Form includes a written uptime SLA (typically 99.9% monthly), SnapAct provides usage credits when the target is missed under the terms of that Order Form. Scheduled maintenance windows on SLA-backed accounts are announced no fewer than 72 hours in advance.

8. Liability & indemnity

The APIs are provided "as is". To the maximum extent permitted by law, SnapAct disclaims all warranties not expressly stated in these API Terms. SnapAct's aggregate liability under these API Terms for any 12-month period is limited to the fees paid by Integrator during that period; or, if no fees have been paid, to NGN 100,000. Neither party is liable for indirect, incidental, or consequential damages.

Integrator will indemnify SnapAct against any third-party claims arising from Integrator's misuse of the APIs, violation of these API Terms, or violation of applicable law.

9. Term & termination

  • Term. These API Terms begin when Integrator first uses an API key and continue until terminated under this section.
  • Termination for convenience. Either party may terminate with 30 days' written notice. Pre-paid fees are non-refundable beyond pro-rata unused service.
  • Termination for cause. Either party may terminate immediately on material breach of these API Terms that the other party fails to cure within 14 days of written notice. Severe misuse — including security violations, scope abuse, or attempted reverse-engineering — entitles SnapAct to immediate revocation without a cure period.
  • Effect. On termination, all keys are revoked. Integrator stops new API calls; deletes cached data per Section 6; settles any outstanding fees; survives obligations: confidentiality, data deletion, indemnity, liability cap.

10. Changes

SnapAct may update these API Terms with 30 days' notice to the email on file for the Integrator account. Material changes will be summarised in the notice. Continued use after the notice period constitutes acceptance. Integrator may terminate without penalty within the notice period if a material change is not acceptable.

11. Contact

Partnerships & commercial: [email protected]
Security disclosure: [email protected]
Privacy / data protection: [email protected]
General support: [email protected]

Order of precedence. Material commercial terms (fees, quotas, indemnification caps, SLA commitments) are confirmed in the Order Form executed between SnapAct and the Integrator. Where the Order Form conflicts with these API Terms, the Order Form controls.