API Terms of Service

Version: 2.1

Updated: July 2023

These API Terms of Service (the "API Terms") describe Client rights and responsibilities when accessing Pearson’s application programming interfaces (the "Pearson APIs"). These API Terms incorporate by reference the Pearson Workforce Skills Agreement and any applicable addenda thereto (collectively, the “Agreement”). Terms not otherwise defined herein shall have the meaning set forth in the Agreement.

1.     API License

1. 1. Pearson API Content accessed through the Pearson APIs and displayed or used in Client’s software application, website, product or service (collectively, Client’s “

   2. Subject to Client’s compliance with these API Terms, Pearson grant Client a limited, non-exclusive, non-sublicensable, non-transferable, non-assignable license under Pearson’s intellectual property rights to (i) Send data to Pearson for the purpose of issuing Credentials; (ii) use the Pearson APIs to develop, test, operate and support Client’s Application; (iii) distribute or allow access to Client’s integration of the Pearson APIs within Client’s Application to end users of Client’s Application; and (iv) to display the API Content accessed through the Pearson APIs within Client’s Application.

2. Access Tokens

   1. To begin using the Pearson APIs, Client must first obtain Access Tokens from Pearson. “Access Tokens” means the necessary security keys, secrets, tokens, and other credentials to access the applicable Pearson APIs. The Access Tokens enable us to associate Client’s activity on the Pearson APIs with Client’s Application and the Users using it.

   2. Client may store the Application-specific alphanumeric user IDs that Pearson provide to Client for identifying users of Client’s Application ("User Tokens") or the authentication tokens that Pearson provide to Client when an User authenticates Client’s Application to their Pearson account ("OAuth Access Tokens").

   3. All activities that occur using Client’s Access Tokens, User Tokens and OAuth Access Tokens are Client’s responsibility. Keep Access Tokens secret. Client shall not sell, share, transfer, or sublicense them to any other party other than Client’s employees or independent contractors.

3.     Use of Pearson APIs and Pearson API Content

a) Client shall not:

1. 1. 1. Use the Pearson APIs to disrupt, interfere with, or attempt to gain unauthorized access to Services, servers, devices, or networks connected to or which can be accessed via the Pearson APIs;

      2. Use the APIs, or any information accessed or obtained using the Pearson APIs, for the purpose of migrating Users or other Pearson customers away from a Pearson Offering, except in connection with use of the Pearson APIs by Client’s Application or unless expressly permitted by Pearson pursuant to a duly executed written agreement;

      3. Attempt to circumvent the limitations Pearson sets on use of the Pearson APIs;

      4. Use the Pearson APIs, or any data obtained using the Pearson APIs, to conduct performance testing of a Pearson offering unless expressly permitted by Pearson pursuant to a duly executed written agreement;

      5. Use the APIs, or any data obtained using the Pearson APIs, to identify, exploit or publicly disclose any potential security vulnerabilities;

      6. Falsify or alter any unique referral identifier in, or assigned to an Application, or otherwise obscure or alter the source of queries coming from an Application to hide a violation of this agreement;

      7. Request or publish information impersonating an User or Issuer or misrepresent any User, Issuer or other third party in using the Pearson APIs;

      8. Use the Pearson APIs or API Content for any illegal purposes or breach any laws or regulations regarding privacy or data protection, or violate the rights of third parties;

      9. Materially change the scope of processing or use of previously collected API Content, unless expressly agreed with Pearson pursuant to a written agreement;

      10. Obfuscate or hide Client’s deployment or use of any Pearson buttons, sign-in functionality, consent or authorization flows from Client’s users;

      11. Copy, adapt, reformat, reverse-engineer, disassemble, decompile, decipher, translate or otherwise modify any Pearson API, Access Token, API Content, Pearson Offering or other information or service from Pearson, through automated or other means; or

      12. Access, store, display, or facilitate the transfer of any Pearson API Content obtained through the following methods: scraping, crawling, spidering or using any other technology or software to access Pearson API Content outside the Pearson APIs (such API Content, collectively, "Non-Official API Content”). This restriction applies (1) whether the Non-Official API Content was obtained directly or indirectly through a third party, such as a customer or third party developer, and (2) whether or not the Non-Official API Content is stored or displayed in the Application or some other resource, product or service.

b) Sharing API Content. Client shall only share API Content in compliance with these API Terms, applicable law and regulations, and all other applicable terms and policies, and only in the following circumstances:

1. 1. 1. When required under applicable law or regulation (Client must retain proof of the applicable legal or regulatory requirement or request and provide it to Pearson upon request); or

      2. With other third parties, when Client ensures that any such third parties comply with these API Terms and all other applicable terms and policies as if they were in Client’s place. Client are responsible for the acts and omissions of such third-parties.

4.     Storage of API Content

1. 1. Client must not capture, copy or store any API Content or any information expressed by the API Content (such as hashed or transformed data), except to the extent permitted by these API Terms and the Agreement. If Client are required to keep API Content under applicable law or regulation, Client must retain proof of the applicable legal or regulatory requirement or request and provide it if Pearson asks for it.

   2. Client must store all API Content in a manner which enables Client to identify, segregate and selectively delete such API Content.  The API Content must not be stored in a data repository that would enable any third-party access (other than Service Providers or the User to which it relates). 

   3. If Client have received API Content in error, Client must immediately report this to us, delete that API Content, and provide proof of deletion if Pearson ask for it.

5.  Caching API Content for Performance 

1. 1. Client must refresh the API Content on a regular basis and no less frequently than every 30 days.

   2. Solely to improve Client’s Application’s performance, Client may cache the API Content for up to 30 days from a request for that API Content through the Pearson APIs before permanent deletion. Unless otherwise set forth in this Section or in any applicable Additional Terms, Client does not have any right to store the API Content beyond this limited 30-day period.

   3. Client must immediately delete all API Content collected through the Pearson APIs about a particular User, including the User Token and the OAuth Access Token, upon request by that User, when the User uninstalls Client’s Application or when the User closes their account with Client.  

6.  Other Deletion: Client must immediately delete all API Content when:

1. 1. Such API Content has been stored for more than 30 days;

   2. Pearson terminates Client’s use of the Pearson APIs for breach of these API Terms, except when doing so would cause Client to violate any law or obligation imposed by a governmental authority;

   3. Retaining the API Content is no longer necessary for a legitimate business purpose that is consistent with these API Terms and all other applicable terms and policies; or

   4. Required by applicable law or regulations.

7.  Service Providers

1. 1.  A “Service Provider” is an entity Client uses to provide Client services in connection with any API Content. Client will not use a Service Provider in connection with Client’s use or processing of API Content unless such Service Provider first agrees in writing to do the following:

      1. Use API Content solely for Client and at Client’s direction in order to provide services Client requested in a manner that is consistent with these API Terms, all other applicable terms and policies, and Client’s privacy policy, and for no other individual or entity and for no other purpose, including for the Service Provider’s own purposes; and

      2. In the event the Service Provider engages another Service Provider (“Sub-Service Provider”) to provide the services requested, ensure the Service Provider requires the Sub-Service Provider in writing to comply with the above requirements.

   2. Upon Pearson’s request, Client must provide a list of Client’s Service Providers and Sub-Service Providers including up-to-date contact information for each, the types and volume of API Content shared, and proof of written agreements with Client’s Service Providers to demonstrate compliance with this Section.

   3. Pearson may prohibit Client’s use of any Service Provider or Sub-Service Provider in connection with Client’s use of API Content upon reasonable belief that Client has violated these API Terms or other applicable terms or policies or (2) Client are negatively impacting the Pearson System, and will provide notice to Client if Pearson do. Promptly upon such notice, Client must stop using that Service Provider or Sub-Service Provider in connection with Client’s use of API Content.

8.     Brand Use Guidelines

1. 1. Subject to these API Terms and subject to the Pearson Brand Guidelines, available online at https://info.credly.com/trademark-and-brand-use, Pearson grants Client a limited, revokable, non-exclusive, non-sublicensable, and non-transferable license during the Duration to display trade names, trademarks, service marks, logos and domain names that Pearson makes available to Client (collectively “Brand Features”) within the Application and to accurately promote or advertise Client’s integration of the Pearson APIs in Client’s Application.

   2. Client agree not to display Pearson Brand Features (a) in any way that violates applicable law, including laws regarding libel, slander, obscenity and infringement or (b) in any way that is misleading, implies that Client’s Application is approved, created or endorsed by Pearson (or otherwise embellishing Client’s relationship with Pearson).

9.    Support and Updates

Pearson may modify or release subsequent versions of the Pearson APIs and require that Client use those subsequent versions.  Unless Pearson releases a new version of the APIs for security or legal reasons, Pearson will provide a Client with a commercially reasonable amount of notice.