Updated July 1, 2022
These API Terms of Service (the "API Terms") describe Client rights and responsibilities when accessing Credly’s application programming interfaces (the "Credly APIs"). These API Terms incorporate by reference the Credly Credential Management Agreement and any applicable addenda thereto (collectively, the “Agreement”). Terms not otherwise defined herein shall have the meaning set forth in the Agreement.
1. API License
a. Credly API Content accessed through the Credly APIs and displayed or used in Client’s software application, website, product or service (collectively, Client’s “Application”) is subject to these API Terms. “API Content” means any data accessed via the Credly APIs.
b. Subject to Client’s compliance with these API Terms, Credly grant Client a limited, non-exclusive, non-sublicensable, non-transferable, non-assignable license under Credly’s intellectual property rights to (i) Send data to Credly for the purpose of issuing Credentials; (ii) use the Credly APIs to develop, test, operate and support Client’s Application; (iii) distribute or allow access to Client’s integration of the Credly APIs within Client’s Application to end users of Client’s Application; and (iv) to display the API Content accessed through the Credly APIs within Client’s Application.
2. Access Tokens
a. To begin using the Credly APIs, Client must first obtain Access Tokens from Credly. “Access Tokens” means the necessary security keys, secrets, tokens, and other credentials to access the applicable Credly APIs. The Access Tokens enable us to associate Client’s activity on the Credly APIs with Client’s Application and the Earners using it.
b. Client may store the Application-specific alphanumeric user IDs that Credly provide to Client for identifying users of Client’s Application ("Earner Tokens") or the authentication tokens that Credly provide to Client when an Earner authenticates Client’s Application to their Credly account ("OAuth Access Tokens").
c. All activities that occur using Client’s Access Tokens, Earner Tokens and OAuth Access Tokens are Client’s responsibility. Keep Access Tokens secret. Client shall not sell, share, transfer, or sublicense them to any other party other than Client’s employees or independent contractors.
3. Use of Credly APIs and Credly API Content
a. Client shall not:
i. Use the Credly APIs to disrupt, interfere with, or attempt to gain unauthorized access to Services, servers, devices, or networks connected to or which can be accessed via the Credly APIs;
ii. Use the APIs, or any information accessed or obtained using the Credly APIs, for the purpose of migrating Earners or other Credly customers away from a Credly Offering, except in connection with use of the Credly APIs by Client’s Application or unless expressly permitted by Credly pursuant to a duly executed written agreement;
iii. Attempt to circumvent the limitations Credly sets on use of the Credly APIs;
iv. Use the Credly APIs, or any data obtained using the Credly APIs, to conduct performance testing of a Credly offering unless expressly permitted by Credly pursuant to a duly executed written agreement;
v. Use the APIs, or any data obtained using the Credly APIs, to identify, exploit or publicly disclose any potential security vulnerabilities;
vi. Falsify or alter any unique referral identifier in, or assigned to an Application, or otherwise obscure or alter the source of queries coming from an Application to hide a violation of the Agreement.
vii. Request or publish information impersonating an Earner or Issuer or misrepresent any Earner, Issuer or other third party in using the Credly APIs;
viii. Use the Credly APIs or API Content for any illegal purposes or breach any laws or regulations regarding privacy or data protection, or violate the rights of third parties;
ix. Materially change the scope of processing or use of previously collected API Content, unless expressly agreed with Credly pursuant to a written agreement;
x. Obfuscate or hide Client’s deployment or use of any Credly buttons, sign-in functionality, consent or authorization flows from Client’s users;
xi. Copy, adapt, reformat, reverse-engineer, disassemble, decompile, decipher, translate or otherwise modify any Credly API, Access Token, API Content, Credly Offering or other information or service from Credly, through automated or other means; or
xii. Access, store, display, or facilitate the transfer of any Credly API Content obtained through the following methods: scraping, crawling, spidering or using any other technology or software to access Credly API Content outside the Credly APIs (such API Content, collectively, “Non-Official API Content”). This restriction applies (1) whether the Non-Official API Content was obtained directly or indirectly through a third party, such as a customer or third party developer, and (2) whether or not the Non-Official API Content is stored or displayed in the Application or some other resource, product or service.
b. Sharing API Content. Client shall only share API Content in compliance with these API Terms, applicable law and regulations, and all other applicable terms and policies, and only in the following circumstances:
i. When required under applicable law or regulation (Client must retain proof of the applicable legal or regulatory requirement or request and provide it to Credly upon request); or
ii. With other third parties, when Client ensures that any such third parties comply with these API Terms and all other applicable terms and policies as if they were in Client’s place. Client are responsible for the acts and omissions of such third-parties.
4. Storage of API Content
a. Client must not capture, copy or store any API Content or any information expressed by the API Content (such as hashed or transformed data), except to the extent permitted by these API Terms and the Agreement. If Client are required to keep API Content under applicable law or regulation, Client must retain proof of the applicable legal or regulatory requirement or request and provide it if Credly asks for it.
b. Client must store all API Content in a manner which enables Client to identify, segregate and selectively delete such API Content. The API Content must not be stored in a data repository that would enable any third-party access (other than Service Providers or the Earner to which it relates).
c. If Client have received API Content in error, Client must immediately report this to us, delete that API Content, and provide proof of deletion if Credly ask for it.
5. Caching API Content for Performance
a. Client must refresh the API Content on a regular basis and no less frequently than every 30 days.
b. Solely to improve Client’s Application’s performance, Client may cache the API Content for up to 30 days from a request for that API Content through the Credly APIs before permanent deletion. Unless otherwise set forth in this Section or in any applicable Additional Terms, Client does not have any right to store the API Content beyond this limited 30-day period.
c. Client must immediately delete all API Content collected through the Credly APIs about a particular Earner, including the Earner Token and the OAuth Access Token, upon request by that Earner, when the Earner uninstalls Client’s Application or when the Earner closes their account with Client.
6. Other Deletion. Client must immediately delete all API Content when:
a. Such API Content has been stored for more than 30 days;
b. Credly terminates Client’s use of the Credly APIs for breach of these API Terms, except when doing so would cause Client to violate any law or obligation imposed by a governmental authority;
c. Retaining the API Content is no longer necessary for a legitimate business purpose that is consistent with these API Terms and all other applicable terms and policies; or
d. Required by applicable law or regulations.
7. Service Providers.
a. A “Service Provider” is an entity Client uses to provide Client services in connection with any API Content. Client will not use a Service Provider in connection with Client’s use or processing of API Content unless such Service Provider first agrees in writing to do the following:
ii. In the event the Service Provider engages another Service Provider (“Sub-Service Provider”) to provide the services requested, ensure the Service Provider requires the Sub-Service Provider in writing to comply with the above requirements.
b. Upon Credly’s request, Client must provide a list of Client’s Service Providers and Sub-Service Providers including up-to-date contact information for each, the types and volume of API Content shared, and proof of written agreements with Client’s Service Providers to demonstrate compliance with this Section.
c. Credly may prohibit Client’s use of any Service Provider or Sub-Service Provider in connection with Client’s use of API Content upon reasonable belief that Client has violated these API Terms or other applicable terms or policies or (2) Client are negatively impacting the Credly System, and will provide notice to Client if Credly do. Promptly upon such notice, Client must stop using that Service Provider or Sub-Service Provider in connection with Client’s use of API Content.
8. Brand Use Guidelines
a. Subject to these API Terms and subject to the Credly Brand Guidelines, available online at https://info.credly.com/trademark-and-brand-use, Credly grants Client a limited, revokable, non-exclusive, non-sublicensable, and non-transferable license during the Duration to display trade names, trademarks, service marks, logos and domain names that Credly makes available to Client (collectively “Brand Features”) within the Application and to accurately promote or advertise Client’s integration of the Credly APIs in Client’s Application.
b. Client agree not to display Credly Brand Features (a) in any way that violates applicable law, including laws regarding libel, slander, obscenity and infringement or (b) in any way that is misleading, implies that Client’s Application is approved, created or endorsed by Credly (or otherwise embellishing Client’s relationship with Credly).
9. Support and Updates. Credly may modify or release subsequent versions of the Credly APIs and require that Client use those subsequent versions. Unless Credly releases a new version of the APIs for security or legal reasons, Credly will provide a Client with a commercially reasonable amount of notice.