Tag: api

January 19, 2023 Contracts

Why are API access agreements important?

api access agreements

Twitter has been in the news lately for what some seem to imply has been a problematic termination of third-party developers from its platform. This is a good occasion to talk about API access agreements in general, what they should cover, and why they are important.

An API (Application Programming Interface) access agreement is a legal document that outlines the terms and conditions under which a third-party developer can access and use an API. These agreements are important because they ensure that the API owner maintains control over their system and that the third-party developer understands and agrees to the terms and conditions of use.

System security and stability

One of the key provisions in an API access agreement relates to security. As APIs are used to access sensitive data and perform critical functions, it is essential that the API is protected from unauthorized access and misuse. The API owner should set strict security requirements for the third-party developer, such as data encryption and authentication protocols, to ensure that the API is used in a secure manner. The API owner may also wish to set limits on how often calls can be made to the API, so that the system is not overloaded or otherwise subject to diminished performance.

Intellectual property protection

Another key provision in an API access agreement relates to copyright. The API owner should have the right to control the use of their API, including the right to limit the third-party developer’s use of the API as needed to protect intellectual property rights. The API owner should also ensure that the third-party developer agrees not to copy, distribute, or otherwise use the API in a manner that is outside of an agreed scope.

These are contracts

API access agreements are contracts, and as such, they are legally binding. The API owner must be able to maintain control of its system for the system to function properly. This means that the API owner should have the right to revoke access to the API if the third-party developer breaches the terms of the agreement or if the API is being used in a manner that is not in compliance with the agreement.

Avoiding problems with termination

When terminating access to an API, the provider can treat a third-party developer fairly by providing adequate notice and a clear explanation for the termination. The developer should also negotiate for a reasonable amount of time to transition to an alternative solution or to retrieve any data it has stored within the API. Additionally, the provider may wish to make a good faith effort to assist the developer in finding a suitable alternative solution. If the termination is due to a breach of the API access agreement, the provider may provide the developer with specific details about the breach and allow for an opportunity for the developer to cure the breach before terminating access. A developer should also consider trying to negotiate a provision that says it is entitled to compensation from the developer for any losses or damages incurred as a result of an improper termination. Overall, the provider should approach the termination process in a fair, transparent and reasonable manner, taking into account the developer’s business needs and interest.

API access agreements are an essential part of the API ecosystem. They help ensure that the API owner maintains control over its system, that the third-party developer understands and agrees to the terms and conditions of use, and that the API is used in a secure and compliant manner. It is important that the parties understand the key provisions in an API access agreement and seek to comply with them in order to use the API successfully.

See also: Court will not aid company that was banned from accessing Facebook API

Evan Brown is a technology and intellectual property attorney in Chicago. Follow him on Twitter at @internetcases.

October 1, 2019 Contracts, Litigation

Court will not aid company that was banned from accessing Facebook API

Facebook’s ability to decisively police the integrity of its platforms was without question a pressing public interest.

Plaintiffs provided software-as-a-service to help their clients locate social media content, gain approval to use that content, and then re-purpose it in the clients’ own advertising and marketing activities.

Previously, plaintiffs had operated in partnership with Facebook, whereby plaintiffs had access to the Facebook Open Graph API. In late August 2019 (a few weeks after a Business Insider article identified plaintiffs as misusing the Instagram platform) Facebook terminated the marketing partnership and access to the API.

After efforts to informally resolve the situation failed, plaintiffs, perhaps emboldened by the Ninth Circuit’s recent decision in hiQ v. LinkedIn, sued Facebook and Instagram asserting a number of claims, including breach of contract and tortious interference, and also sought a declaratory judgment that plaintiffs did not violate the Computer Fraud and Abuse Act. Plaintiffs sought a temporary restraining order that would have restored access to the platforms pending the case’s determination on the merits. But the court denied the motion. 

No irreparable harm likely

The court rejected plaintiffs’ argument that they would suffer irreparable harm if access was not restored. It found that plaintiffs’ allegations of imminent harms shared a common fatal flaw in that they merely alleged speculative harm – they did not sufficiently demonstrate that irreparable harm was likely to occur.

Plaintiffs did establish for purposes of this motion that much (though not all) of the work they conducted for clients before losing API access involved Facebook. But the court found that plaintiffs had not sufficiently shown that they would actually lose current customers, or fail to acquire new prospective customers, if access were not restored. 

Further, the court found that plaintiffs’ CEO’s statement that “this will soon reach a tipping point where [plaintiffs] can no longer operate” was not specific enough to demonstrate there was irreparable harm. “The extraordinary relief of a pre-adjudicatory injunction demands more precision with respect to when irreparable harm will occur than ‘soon.’ Such vague statements are insufficient evidence to show a threat of extinction.”

Not in the public’s interest

The court also found that the “public’s interest caution[ed] against issuing injunctive relief at this time.” 

Plaintiffs argued that the public interest favored an injunction because one would prevent the imminent destruction of plaintiffs’ business, preserve employee jobs, and generally allow plaintiffs to continue operating. Additionally, they argued that the public interest would be served by enjoining defendants’ wrongful conduct.

Defendants argued that the public had an interest in allowing Facebook to exclude those who act impermissibly on its platform and jeopardize user privacy by, in this instance, automating data collection and scraping content en masse. Defendants argued that the public has an interest in allowing them latitude to enforce rules preventing abuse of their platforms.

The court decided that awarding injunctive relief at this stage would compel Facebook to permit a suspected abuser of its platform and its users’ privacy to continue to access its platform and users’ data for weeks longer, until a preliminary injunction motion could be resolved. Moreover, as precedent within Facebook’s policy-setting organization and potentially with other courts, issuing an injunction at this stage could handicap Facebook’s ability to decisively police its social-media platforms in the first instance. Facebook’s enforcement activities would be compromised if judicial review were expected to precede rather than follow its enforcement actions.

And although the public certainly has some interest in avoiding the dissolution of companies and the accompanying loss of employment, the court found that Facebook’s ability to decisively police the integrity of its platforms was without question a pressing public interest. In particular, the court noted, the public has a strong interest in the integrity of Facebook’s platforms, policing of those platforms for abuses, and protection of users’ privacy.

Stackla, Inc. v. Facebook Inc., No. 19-5849, 2019 WL 4738288 (N.D. Cal., September 27, 2019)

September 11, 2009 Contracts, Copyright

Do Twitter’s new terms of service forsake third party developers?

Twitter announced its new Terms of Service yesterday. One big issue deals with copyright ownership. This is one of the perennial questions in the law of social media: “who owns the user-created content?” Twitter nods to this issue when it states that “Twitter is allowed to ‘use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute’ your tweets because that’s what we do. However, they are your tweets and they belong to you.”

That’s all well and good. And by not being too grabby, Twitter avoids stirring up a brouhaha like Facebook did earlier this year for a little while when it claimed a very broad license in users’ content. In that situation, some pointed out that Facebook could use your content forever, even after you deleted your account. No doubt Twitter was motivated by an aversion to controversy of this sort when it decided to not claim a perpetual license.

But is Twitter being too cautious? The license it claims in the new terms of service does not specify a duration. That’s user-friendly, because such a license is probably terminable at will by the user. Under cases like Walthal v. Rusk, 172 F.3d 481 (7th Cir. 1999), Twitter would no longer have the authority to use, copy, reproduce, etc. the tweets of a user that no longer permitted such use be made. Deleting one’s account would be a good indication that such a license was being revoked. And the user could follow up with an express statement to Twitter that the license no longer exists.

Still all well and good. But let’s look at the “ecosystem” that has been nourished by the Twitter API, and which Twitter bolsters in its new terms of service. (“We encourage and permit broad re-use of Content. The Twitter API exists to enable this.”)

Third party developers can build apps that, among other things, cache users’ Tweets and make them available for mashup, organization, etc. and redisplay. These acts by the third party developer are an exercise of rights of the copyright holder, i.e., the individual Twitter user. The terms of service allow Twitter to sublicense these rights to the third party developer, so there is no problem so long as the individual Twitter user is under the terms of service.

What happens, though, in the situation we were just discussing where the individual user revokes the license to Twitter? These cached copies out there in the possession of third party developers all of a sudden become unauthorized, because Twitter no longer has the sublicensable right to allow the tweets’ copying and redistribution by others.

In such a situation, are third party developers who continue to display the content left blowing in the wind, as infringers of erstwhile Twitter users’ copyright rights?

Notice sign photo courtesy Flickr user szlea under this Creative Commons license.

Scroll to top