/
API Terms of Use

API Terms of Use

  • Verified

    • These Terms of Use (“Terms”) govern access to and use of the Umbrella Faces APIs (the On Demand API and the Sync API) provided by Umbrella Organisation U+O AG, Wetzikon, Switzerland (“Umbrella”, “we”, “our”, “us”). By using the APIs, you (“Client”, “you”, “your”) agree to be bound by these Terms.

    Access and Authentication

    The On Demand API requires authentication via OAuth 2.0. Clients must reuse valid tokens rather than requesting a new token for each call.
    The Sync API requires authentication using either a shared secret or username/password.

    Clients are responsible for safeguarding their credentials and ensuring they are not misused. Clients should ensure integration is implemented by engineers familiar with standard authentication and security practices such as OAuth 2.0 authentication flows and calculating HMAC SHA-256 signatures.

    Permitted and Prohibited Use

    The APIs may only be used for lawful business purposes and in accordance with the official documentation.

    For the On Demand API, Clients must not send “non-update” updates (i.e., updates without actual changes) or use the search function to export all profiles instead of performing targeted lookups.

    For both APIs, Clients are expected to use the APIs responsibly to maintain overall system performance and security. Activities such as penetration testing or vulnerability scanning should only be performed with Umbrella’s prior written approval. Repeated updates of unchanged profiles or automated bulk operations that could degrade performance should be avoided.

    Umbrella reserves the right to monitor use of the APIs and to suspend or terminate access in cases of misuse.

    Rate Limits and Stability

    Umbrella may impose rate limits or other restrictions on API calls to protect system stability. Clients must respect such limits as documented or communicated. Excessive or abusive traffic may result in throttling, suspension, or additional charges.

    Data Ownership and Processing

    Umbrella retains all rights, title, and interest in the APIs and associated technology. Data accessed through the APIs belongs to the owning travel agency.

    Clients are solely responsible for ensuring that all necessary consents, agreements, and data protection measures are in place, including execution of appropriate Data Processing Agreements. Umbrella may act as a processor or subprocessor under applicable data protection laws, including GDPR and Swiss law.

    Fees and Misuse

    API usage fees are invoiced monthly to the Travel Agency in accordance with its contract with Umbrella. Costs related to implementation support, certification, or recertification are invoiced to the party implementing the API integration, such as the technology provider or third-party partner.

    For the On Demand API, the Excessive Transactions clause applies only to GET, POST, PATCH, and DELETE calls on profile endpoints.
    Usage is expected to average about one call per profile for up to 250 thousand profiles. Above that, Clients must keep call volumes proportionally lower, and Umbrella may define acceptable thresholds in consultation with the Client. Mass updates of very large datasets may be deemed excessive unless agreed in advance.

    For use cases such as HR Feeds, Umbrella accepts that an initial mass load of profiles may generate high volumes. However, repeated mass updates of unchanged profiles are not considered acceptable regardless of the total number of transactions.

    Excess usage may be charged at USD $0.01 per excess call. Umbrella will give a warning notice and reasonable timeframe before applying any charges.

    Service Levels and Availability

    The APIs are provided on an ‘as-is’ and ‘as-available’ basis. While Umbrella strives to maintain stable and reliable operation, no specific uptime or performance guarantees are provided under these Terms.

    Additional Terms

    On Demand API

    Clients using the On Demand API must not issue unnecessary update calls or attempt bulk export of profile data. Any changes to the scope of queried data must be communicated to Umbrella and may have to undergo recertification before being used in production.

    Webhook endpoints configured to receive updates from the On Demand API must support HTTPS with a valid, generally-trusted SSL/TLS certificate and a complete certificate chain. Umbrella may reject connections that fail certificate validation. Connections that fail certificate validation may be rejected.

    Sync API

    When using the Sync API, Umbrella will actively send profile updates to Client endpoints via HTTPS POST. Clients are expected to process updates promptly, ideally within a few seconds and in any case within a maximum of thirty (30) seconds. If Umbrella observes repeated timeouts or slow responses, it may suspend delivery until corrective action is taken.

    Endpoints receiving updates must support HTTPS with a valid, generally-trusted SSL/TLS certificate and a complete certificate chain. Connections that fail certificate validation may be rejected.

    Termination and Suspension

    Umbrella will generally provide a warning notice and a reasonable opportunity for the Client to address issues before applying any additional charges or restrictions. However, if Umbrella detects activity posing a serious risk to system stability or security, it may apply immediate protective measures such as temporary throttling or suspension. Umbrella will notify the Client as soon as feasible and work jointly to identify and resolve the issue.

    If reactivation requires additional verification steps, Umbrella may request a brief technical review or revalidation of the integration to ensure compliance. Any associated costs or timelines will be communicated transparently in advance.

    Umbrella may decline reactivation if prior misuse or repeated non-compliance indicates a material risk to system stability or security.

    Disclaimers and Liability

    The APIs are provided without warranties of any kind, whether express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, accuracy, or uninterrupted availability.

    Umbrella does not guarantee the accuracy, completeness, or timeliness of API data. The provisions regarding liability and remedies are governed by the terms of the main contract executed between Umbrella and the Client, which shall take precedence over these Terms.

    Governing Law and Jurisdiction

    These Terms are governed by the laws of Switzerland. Any disputes shall be subject to the exclusive jurisdiction of the courts of Zurich, Switzerland.

    Modifications

    Umbrella may update these Terms from time to time to reflect changes in legal, technical, or business requirements. Significant updates will be communicated in advance through appropriate channels, and continued use of the APIs after such notice constitutes acceptance of the revised Terms.