- These terms of use ("Terms of Use") apply to and regulate:
- your use of an application programming interface, including any associated software (“API”),
- data provided through the APIs (“API Data”),
- your access to and use of aXess and any API Authenticator (both defined below),
- By undergoing the registration process to access and use the Bank’s online API portal (“aXess”), you accept and agree to these Terms. If you do not accept these Terms, you must stop accessing or using the above mentioned API services.
- Subject to your acceptance of, and compliance with, these Terms of Use, any additional terms set out in API documentation and/or as agreed between you and the Bank in respect of your access to and use of Bank APIs (“Additional Terms”), and any policies or guidelines issued and updated from to time from the Bank in relation to aXess, APIs and API Data (the“Guidelines”) you may use the APIs in software programs or applications developed by you (“Your App”).
- In the event of a conflict or inconsistency between these Terms of Use, the Additional Terms and the Guidelines, the Additional Terms will govern that conflict or inconsistency, followed by these Terms of Use.
- For ease of reference, we will refer collectively to the Terms of Use, the Additional Terms and the Guidelines as“the API Terms” below.
- As an individual, if you are accessing or using aXess and/or a Bank API on behalf of an organisation, you represent and warrant that you have the required authority to bind that organisation to the API Terms. In this case, references in the API Terms to 'you' are references to you as an individual AND to that organisation. Application process for API access
- To access and use aXess, you must first successfully register for such access and use. To apply for registration, you must provide the information that we require and ensure that any information you provide us is complete, accurate, up-to-date, true and not misleading
- Once your registration for access to aXess has been confirmed by us, you may apply to us in respect of each of Your Apps that you intend to use with our APIs. You must provide the information that we require and you must ensure that any information you provide us is complete, accurate, up-to-date, true and not misleading.
- We may reject or accept your application(s) at our sole discretion. We may require additional information, documentation or clarification in respect of any application you make, and we reserve the right not to proceed with an application until we are satisfied it is in line with the API Terms. If you don’t provide us with the information we require, or if any of the information you provide is incomplete or inaccurate, your application may be rejected. If any of the information that you provide us in support of your application changes or becomes inaccurate, you must inform us in writing, and we may reconsider your registration status.
- If your application is successful, we will issue you with a unique token or key with access-code functionality to enable Your App to access our APIs (“API Authenticator”). You will need to:
- apply for an API Authenticator for each of Your Apps that does not already have one;
- notify us of each update to or new version of Your Apps, as this may require you to obtain a new API Authenticator to continue to access and use an API; and
- obtain our prior approval each time you move Your App from the Bank’s testing environment, which we give you access to with test data, to the production environment, which allows access to production data.
- You will ensure that all information you provide to the Bank in relation to your use of Bank-issued API Authenticators is complete, accurate, up-to-date, true and not misleading in any way whatsoever. If any of the information that you provide us in support of your application for an API Authenticator changes or becomes inaccurate, you must inform us in writing.
- At any time and at our sole discretion, we may:
- impose conditions on any use of an API Authenticator or your access to aXess, or request you to enter into further agreement(s) in respect of your use of any APIs or API Data;
- revoke an API Authenticator issued to you; or
- remove your access to our APIs.
Your API use and access obligations - You must keep any API Authenticator and any username and password that we issue to you secure at all times, only use it for the organisation on whose behalf you agreed to the API Terms (if applicable) or only use it yourself, and you must not disclose or transfer these details to, or otherwise allow these details to be used by, anyone else.
- Your use of and access to our APIs must comply at all times with the API Terms, the documentation associated with each API and its endpoints (“API Specifications”) and with the use case(s) we have approved for access to our APIs. If we grant access to you for the use of an API (including any API Data), access is granted on the basis of the API Terms and the applicable API Specifications and for a personal, limited, non-exclusive, non-transferable revocable licence to the API and API Data (i.e. you are not permitted to licence, sublicense or resell any API or API Data).
- You must comply at all times with all Applicable Law in relation to your access to and use of aXess, the APIs, and the API Data.
- Your use of our APIs to is limited to a maximum of 1000 requests per minute and you undertake that Your Apps are not expected to make more than 1000 requests a minute to a given API. If you would like to use any API beyond these limits, you must obtain our express consent.
- If an API contains software or code subject to open source licences, you must use such an API in accordance with the terms of the applicable open source licences. Restrictions on API access or use
- You must not, and you must ensure that your end users do not, access or use our APIs or API Data in any manner or for any purpose which has not been expressly approved by us in writing. For the avoidance of doubt, this includes (but is not limited to):
- Any unlawful purpose, including in contravention of any Applicable Law (including sanctions laws and other laws relating to anti-money laundering, anti-bribery and corruption, tax evasion or similar tax crimes, including facilitation, and other financial crimes) or third party rights;
- Sublicensing an API for use by a third party;
- Performing an action that introduces any viruses, worms, defects, Trojan horses, malware, or any items of a destructive nature;
- Defaming, abusing, harassing, stalking, or threatening others;
- Uploading any material which is objectionable, including unlawful, obscene, libellous, harassing, or similar materials;
- Incorrectly or falsely attributing the use of the API to the Bank or the Bank Group;
- Interfering with or disrupting (or likely to interfere with or disrupt) the APIs or the servers or networks providing the APIs or API Data;
- Reverse engineering or attempt to extract the source code from any API or any related software, except to the extent that this restriction is expressly prohibited by Applicable Law; or
- Using the APIs for any activities where the use or failure of the APIs could lead to death, personal injury, or environmental damage (such as the operation of nuclear facilities, air traffic control, or life support systems).
- You must ensure that Your Apps (whether using the APIs or not) are not mistaken or misrepresented as being the Bank’s products or services. You must not promote or use Your Apps, any API Data, or any associated goods and services, in a way that implies or suggests that they are endorsed by or in any way affiliated with the Bank, or any of our related companies without our prior written permission. Security
- You must implement and regularly review robust processes and controls relating to Your use of or connection with or access to the API, including ensuring that any information, electronic communications, messages, instructions, files, documents or API Data (“Electronic Communications”) communicated via the APIs are encrypted and digitally signed.
- You must have in place all security measures required to detect and prevent unauthorised access to, or use or misuse of, aXess, our APIs and API Data, and all API Authenticators issued to you. You shall implement and regularly review robust processes and controls relating to the security of Your App and API, including:
- measures to detect and prevent unauthorised access to Your App, our APIs or API Data;
- measures to detect, prevent, remove and remedy threats of the introduction of any viruses, worms, defects, Trojan horses, malware, or any items of a destructive nature into aXess or Bank APIs;
- robust authentication processes and controls relating to access to Bank APIs through Your App; and
- a requirement to have in place place enforceable agreements with users of Your App to ensure that they do not disclose their User IDs or access the APIs from an unsecured public internet access device or personal shared computer.
- You represent, warrant and/ or undertake to ensure that any Electronic Communications sent through Your App are protected against unauthorised or accidental loss, destruction, damage, access, processing, erasure, transfer, use, modification, disclosure or misuse
- You must comply at all times with any and all security-related Guidelines notified to you by the Bank, including via aXess and as set out in in API Specifications.
- You will not attempt to access information or applications that you have not been authorised to access or use by the Bank, and, if you inadvertently gain such access, you agree to immediately notify the Bank and not to use or disseminate, reproduce, redistribute or decompile any such information or applications.
- You must notify the Bank immediately if your aXess account is accessed or used by an unauthorised person, and/or if an API Authenticator or any other Bank Confidential Information is used, misused, lost, or damaged by any unauthorised person. Privacy
- In the event that you are approved to access APIs that result in the processing of Personal Data, you may be required to enter into a separate agreement with us which sets out the terms on which such Personal Data will be processed. You must warrant and undertake to us that you will expressly inform your customers that any collection of Personal Data that involves our API(s) is carried out by you for specific purposes You must also obtain the customers' express consent for passing their Personal Data to the Bank for the purposes of, among others, (i) processing any application for the Bank's products and services by the customers, (ii) viewing account information and (iii) effecting transactions.
- You shall comply with Applicable Laws on the protection of personal data and make it clear to your customers the associated risk and liability of your applications and services when collecting data from your customers.
- You acknowledge and agree that the Bank may collect certain data in respect of your use of aXess, our APIs and API Data, and the Bank may use such data for any business purpose, including enhancing the functionality of aXess. The Bank will use and process any information you submit or upload to aXess in accordance with our Privacy Policy(https://www.sc.com/en/privacy-policy/). Confidentiality
- During your access and use of aXess, the APIs and API Data, you may obtain the Bank's Confidential Information. Subject to these Terms, you agree to treat all the Bank's Confidential Information as strictly confidential and shall not use or disclose such Confidential Information to any third party without our prior written consent. You agree to take proper care and all reasonable measures to protect the confidentiality of Confidential Information in accordance with all Applicable Law and applying not less than the same standard of care as you would apply to your own confidential information but not less than a reasonable standard of care.
- Upon termination of your access to our APIs, or at our request, you agree to destroy or return to us all of our Confidential Information in your possession or control and certify to us that this has been done. The confidentiality obligation continues to apply if any of our Confidential Information remains in your possession or control. Modifications to the APIs and these API Terms
- We may at any time change, suspend or remove access to any or all of our APIs or any API Data without incurring any liability to you. For the avoidance of doubt, the Bank is not obliged to make any modifications, including without limitation any updates and/or upgrades and is not responsible for any errors or delays in the APIs, aXess or the API Data.
- You acknowledge that a change, suspension or removal of the APIs or API Data may have an adverse impact on Your Apps. We shall have no liability of any kind to you or any end user of Your Apps in relation to any change, suspension or removal we make to the APIs or API Data, including any adverse effect arising from such change.
- We reserve our right to amend these Terms from time to time without any notice. Any access or use of aXess, our APIs and API Data after such amendments are made constitutes acceptance of the amended Terms. Liability and indemnification
- Use of aXess and our APIs is at your own risk, and you are responsible for evaluating the accuracy, completeness or usefulness of any information or other content available through aXess. All aXess content and each of the APIs and API Data are provided “as is” and to the maximum extent not prohibited by applicable law, provided without warranty of any kind, express or implied including (without limitation) fitness for a particular purpose or merchantability.
- We will not be liable for any information of yours, in any form, that is submitted to us (“Your Material”), including in relation to any loss, corruption or deletion of Your Material (including back-ups) whether arising as a consequence of our acts or omissions or otherwise
- Unless prohibited by Applicable Law, you will indemnify and keep indemnified Bank and any member of the Bank Group against all direct liabilities, losses, damages, costs (including legal costs), and direct expenses suffered or incurred by us relating to any allegation or third party legal proceeding arising from:
- your use of the APIs;
- your breach of the API Terms; or
- any content or data routed into or used with the APIs by you, those acting on your behalf, or your end users, including (without limitation) due to a failure by you or those acting on your behalf to obtain any end user consent;
- You acknowledge and agree that you will solely be responsible for any loss or damages that arise from your use of aXess, the APIs, Your Apps and API Data. Intellectual property
- The Bank owns all rights, title and interest (including any intellectual property rights) in and to aXess (including any information on it, other than Your Material), the APIs and API Data. Your access and use of our APIs is non-exclusive, and we reserve the right to develop products and services that may compete with or provide similar functionality to Your Apps.
- You warrant and represent that you or your third party licensors will own all rights, title and interest (including any intellectual property rights) in and to Your Materials, and you grant to the Bank (and members of the Bank Group) a non-exclusive and royalty free licence to use and copy Your Material for the purposes of facilitating and administering your access to and use of aXess, our APIs and API Data. You represent and warrant that the use of Your App by its users, our use and any copying of Your Material, will not violate or infringe the rights (including intellectual property rights) of any third party.
- You must not make any enhancements, derivatives, changes, modifications, alterations or adaptations (“Changes”) of or to the APIs or API Data in your Apps without our express written consent. For the avoidance of doubt, we will own all rights, title and interest in any such Changes to Bank APIs or API Data
- These API Terms do not grant either party any right, title or interest in or to the other party’s Brand-related IP. You must not use the Bank’s Brand-related IP for any purpose, unless you have our express written consent to do so. Feedback and monitoring
- The Bank may collect information about your use of the APIs. You acknowledge and agree to the Bank collecting and using this information, and monitoring your access and use of aXess our APIs and API Data.
- You agree to assist us in verifying your compliance with these API Terms by providing access to Your Apps to us on request, along with other materials related to your use of our APIs or API Data.
- From time to time, we may seek feedback from you about our APIs. You agree that we may use, including for commercial purposes, any of the feedback you provide us at our discretion. Termination of access
- We may terminate your access to aXess, the APIs and any API Data at any time.
- In the event of termination, you must cease access and use of aXess, the APIs, and all API Data without liability to you. The Bank may delete your Material from aXess and all rights (including licences) granted to you under these Terms shall immediately cease. Fees and costs
- We do not currently charge a fee for the use of aXess, but we may require payment of fees in the future for access to certain APIs or API Data. You will be notified of any new fee requirement in advance via aXess.
- You are responsible for all and any costs associated with:
- your access or use of aXess, the API Authenticators, the APIs and any API Data,
- the development of Your Apps,
- your performance of, and overall compliance with, these Terms.
Miscellaneous - You may not assign, novate, or transfer your rights under these API Terms, without the Bank's prior written consent.
- A member of the Bank Group shall have the right to enforce any rights or benefits in the API Terms. "Bank Group" means the Bank, its subsidiaries, its holding companies and subsidiaries of those holding companies.
- The API Terms shall not constitute a joint venture, partnership, co-ownership or agency relationship between the Bank and you.
- No failure or delay by the Bank in enforcing any provisions of these API Terms or rights under Applicable Law shall prejudice or restrict the rights of the Bank nor shall any waiver of its rights in relation to a breach of these API Terms operate as a waiver of any subsequent breach.
- These API Terms, and any dispute or claim arising out of or in connection with them (whether contractual or non-contractual in nature), shall be governed by and is to be construed in accordance with, the laws of Singapore.
- If any part of these API Terms are found by a court ofSingaporeto be illegal, invalid or unenforceable, they shall be severed from, and will not affect the legality, validity or enforceability of, the remainder of these API Terms.
Terms of Use: Standard Chartered Bank’s APIs
Definitions
Applicable Law means laws, rules, regulations, regulatory guidance, regulatory requirements and any form of secondary legislation, resolution, policy, guideline, concession or case law of the relevant jurisdiction from time to time having the force of law and relevant to the Bank’s provision of, and a party’s access to and use of, Bank APIs and API Data.
Bank Group means Standard Chartered Bank and:
- any person, body corporate, partnership, firm or other entity in which on or after the date of this Agreement from time to time Standard Chartered Bank directly or indirectly:
- owns more than half the capital, income, business assets or any other comparable equity or ownership interest; or
- has the power to exercise fifty percent (50%) or more of the voting rights in such entity; or
- has the legal power to direct or cause the direction or general management or affairs of the entity in question; or
- has the power to appoint or remove more than half the members of the supervisory board, board of directors or bodies legally representing such entity; or
- has the right to manage the business of such entity;
- any person, body corporate, partnership, firm or other entity which directly or indirectly has in or over Standard Chartered Bank the rights or powers listed in (a) above (a"Controller"); and
- any person, body corporate, partnership, firm or other entity in which a Controller directly or indirectly has the rights or powers listed in (a) above.
Brand-related IP means trade marks, service marks, logos, get up, trade names, business names, domain names, in each case whether registered or unregistered and including any applications for registration and any renewals or extensions of any of the foregoing.
Confidential Information means all proprietary and confidential information and materials of the Bank, the Bank Group, and/or any of their customers, clients or suppliers which is designated as such, or which by its very nature should obviously be treated as secret and confidential including any non-public information disclosed to you via aXess, APIs and API Data, trade secrets, know-how, strategies, inventions, operations, compliance information, customer lists, personal data of the Bank's customers, plans, market opportunities and business affairs (in each case whether disclosed orally, in writing, electronically or in any other form).
Personal Data means any data, records or information (in any form) relating directly or indirectly to an individual (including but not limited to past, present or future personnel, customers, suppliers, third party guarantors or sureties of any member of the Bank Group) and from which it is practicable for the identity of the individual to be directly or indirectly ascertained by reference to other data, records or information.