Gateway API Product Attachment

Last Updated June 07, 2022

This document is a “Product Attachment” as defined in the General Terms entered into by Client and Active and is subject to, and incorporates by reference, the provisions of the General Terms. This Product Attachment is effective as of the date it is “accepted” (in accordance with the Preamble to the General Terms). Any capitalized terms not defined herein have the meaning ascribed to them in the General Terms.

1. SERVICES AND LICENSE GRANT.

1.1 Active hereby grants Client a limited, non-exclusive, revocable, non-transferable, royalty free license (without the right to sublicense) to use the Gateway API, which includes access to Access Codes (as defined below), (the “API Service(s)”) solely for the purpose of Client’s internal development efforts to develop applications to work in conjunction with Active Products (“Client Interface”). For further clarification, “API” means Active’s application programming interface, which may include object code, software libraries, software tools, sample source code, published specifications and other documentation. Client acknowledges that the API gives Client access to Client data stored in the applicable Product(s) to which Client will be integrating using the API Service (use thereof subject to the applicable Products terms and conditions) and that portions of that data may be sensitive (“Data”). As such, the Client understands and acknowledges that Client has a defined security and privacy program that must be in place in order to use the API Service and transfer and hold any Data, and Client agrees to be responsible for any access to the API. Upon request, Client will provide Active with evidence that Client has a defined security and privacy program in place. While Active strives to have its APIs available continuously, it cannot guarantee any up-time or other reliability measurements. API Services provided hereunder are deemed delivered when access is made available to Client.

1.2 Notwithstanding anything contrary in the Agreement, this Product Attachment, or a Schedule, Active reserves the right at any time to amend, limit, or restrict usage and access to the APIs for applicable legal, security, or regulatory purposes, or for any other reason in Active's reasonable discretion.

1.3 Client shall not (i) license, sublicense, sell, resell, transfer, assign, distribute, disclose, or otherwise commercially exploit or make available to any third party the API Service in any way without Active’s prior written consent; (ii) copy, modify, or make derivative works based upon the API Service, or distribute any portion of the API Service; (iii) create Internet “links” to the API Service or “frame” or “mirror” any content on any other server or wireless or Internet-based device; or (iv) reverse engineer or access the API Service or API in order to (a) build a competitive product or service, (b) build a product using similar ideas, features, functions or graphics of the API Service, or (c) copy any ideas, features, functions or graphics of the API Service.

1.4 Notwithstanding anything contrary in the Agreement, this Product Attachment, or Schedule, Active reserves the right at any time to amend, limit, or restrict usage and access to the APIs for applicable legal, security, or regulatory purposes, or for any other reason in Active's reasonable discretion.  

2. REPRESENTATIONS AND WARRANTIES. Client is responsible for any and all access to the API Service and the Access Codes. Client represents and warrants that it complies, and will continue to comply for the Term of this Product Attachment, with all applicable laws, that it will encrypt Data to then-current industry standard levels, and that it conducts, and will continue to conduct during the Term of this Product Attachment, periodic risk assessments and testing, by a qualified entity, of its safeguards to ensure the security, confidentiality and integrity of its System in compliance with then-current industry standard levels and applicable law. Upon request, Client shall provide Active evidence that Client has conducted a risk assessment or test by a qualified entity. Client shall: (i) use the API, Access Codes, and Data exclusively for its own internal purposes (i.e., not on behalf of a third party), consistent with all applicable laws, regulations, and the rights of others, including privacy and anti-spamming laws; (ii) not use the API Service to transmit, publish, or distribute any material or information: (a) for which Client does not have all necessary rights and licenses, including any material or information that infringes, violates, or misappropriates the intellectual property rights of any third party (including contractual rights, copyrights, trademarks, patents, trade dress, trade secret, common law rights, rights of publicity, privacy or moral rights); (b) that contains a computer virus, spyware, “Trojan horse”, or other malware or harmful code, files, or programs designed to disrupt or interfere with the functioning of the API Service; or (c) that is or that may reasonably be perceived as being harmful, threatening, offensive, obscene, or otherwise objectionable; (iii) keep confidential and not disclose to any third parties, and shall ensure that users keep confidential and do not disclose, any user identifications, account numbers, and account profiles; (iv) not attempt to gain access to any systems or networks that connect thereto except for the express purpose of using the API Service and/or Data for their intended use; (v) not allow access to the API Service by anyone other than Client’s users; (vii) not rent, lease, sublicense, resell, or provide access to the API Service on a time-share or service bureau basis; (viii) obtain all third-party rights necessary to develop and use the Client Interface (as defined in Section 14.1) and permit the Client Interface to connect with Active’s systems pursuant to this Product Attachment and/or Agreement and the Client will be solely responsible for, and will pay licensors or co-owners any royalties or other monies due to them related to such Client Interface; (ix) ensure that none of the materials embodied in the Client Interface or use of the Client Interface in accordance with the terms and conditions of the Agreement and this Product Attachment violate Section 2 (i) and 2 (ii)(a); (x) include any attributions, copyright information and other notices, terms, and conditions that may be required to be provided to end users (e.g., as part of the Client EULA) based on Client’s use of third party “open source” software or third party intellectual property in the Client Interface. Client shall promptly make available to Active, end users and any other third party that is entitled to it, the source code corresponding to any Client Interface or portion thereof if and in the manner required by applicable third party terms and conditions (e.g. open source software license). Client shall notify Active immediately of any unauthorized use of the Access Codes and use best efforts to immediately stop any unauthorized access.

3. OWNERSHIP. Client acknowledges and agrees that Client acquires only a license to use the API in accordance with this Agreement, and Active and/or its licensors will retain sole and exclusive ownership of and all rights, title, and interests in the API, including the following: (i) all Intellectual Property embodied or associated with the API, (ii) all deliverables and work product associated with the API, and (iii) all copies and derivative works thereof; and (iv) the API, including the source and object codes, logic, and structure, which contain and constitute valuable trade secrets of Active and its licensors.

4. TERM. The Term of this Product Attachment shall commence on the Effective Date and shall continue in force thereafter for the duration set forth in the applicable Schedule, unless modified or terminated as provided herein.

5. INDEMNITY AND RELEASE. Client understands that as the holder of the Access Codes it accepts all responsibility for the same and further releases Active from any and all liability with regard to Client’s access to, and use of, the API, as well as access to, and use and/or disclosure of, the Data and any transfer thereof. To the extent not prohibited by law, Client hereby releases, relieves, forever discharges Active from any and all liability whatsoever and Client agrees, at its own expense, to indemnify, defend and hold harmless Active, its subsidiaries, parents, affiliates and assigns, and its and their directors, officers, employees and agents (collectively, the “Indemnified Parties”) from and against any claim, loss, demand, cause of action, debt or liability, including attorneys’ fees (collectively, “Losses”), arising out of or related to: (a) any breach or alleged breach of Client’s obligations, covenants, representations and warranties under the Agreement and this Product Attachment; (b) Active’s use of the API Services and any connection between the Client Interface and Active’s systems permitted by Active; (c) Client’s products and services, including any Client development application using the API Services and other materials developed using the API Services, including any claims that Client’s development application (using the API Services) or the use thereof infringes any intellectual property rights of such third party; and (d) Client’s gross negligence or willful misconduct. In connection with this Section, Client shall have the sole responsibility, at its expense, to defend and, at its sole discretion, to settle an applicable claim, provided that any such settlement shall require Active’s prior written consent, which consent will not be unreasonably withheld. Active will: (i) give Client prompt written notice of the applicable claim; (ii) cooperate reasonably with Client (at Client’s expense) in connection with the defense and settlement of the claim; and (iii) permit Client to control the defense and settlement of the claim, subject to the requirements stated above in this Section.

6. FEES. Fees, currency, and payment terms are specified in the applicable Schedule.

7. USAGE LIMITATIONS.Active may limit the number of network calls that Client may make via the APIs. Usage limits are based on the subscription plan as set forth on the applicable Schedule. In addition to its other rights under this Product Attachment, Active may utilize technical measures to prevent over-usage and/or stop usage of the APIs after any usage limitations are exceeded. If no limits are stated in the Schedule, Client nevertheless agrees to use the APIs in a manner that, as determined by Active in its sole discretion, does not exceed reasonable request volume or does not constitute excessive or abusive usage.

8. SECURITY MEASURES.Client acknowledges and agrees that Client’s networks, operating system and the software of Client’s web server(s), routers, databases, and computer systems (collectively, “System” or “Systems”) must be configured to Internet industry standards to securely and properly operate. Client agrees to access and handle the API Service in a secure manner. Client agrees to promptly report to Active in writing any security deficiencies in, or intrusions to, Client’s Systems that Client discovers and will work with Active to immediately correct any security deficiency, and will disconnect immediately any intrusions or intruder. In the event of security deficiency or intrusion involving the API Service, Client will make no public statements (i.e., press, blogs, bulletin boards, etc.) without prior written and express permission from Active in each instance.

9. LICENSE RESTRICTIONS. Except as permitted in this Agreement, Client’s use of the API Services shall be subject to the following restrictions:

  1. Client agrees to use the API Services only in accordance with the license set forth in Section 1, and in compliance with all applicable laws, regulations or guidelines in the point of sale, customer engagement, CRM, gift card and payments processing industry or any other applicable industry;
  2. Client shall not disclose, in any manner, the API Services or any portion thereof to any third party, except as required by law, rule or regulation, or to affect an integration otherwise allowed by this Product Attachment or Agreement;
  3. Client shall not cause the API Services, or any part thereof, in any way to be disassembled, decoded, decompiled or reverse engineered, nor shall any attempt to do so be undertaken or permitted;
  4. Client shall not assign, sell, resell, rent, sublicense, transfer, distribute, disclose, or otherwise commercially exploit or make available to any third party the API Service in any way without Active’s prior written consent;
  5. Client shall not (i) modify, (ii) create derivative works of or (iii) use for general application development purposes the API Service, or any part thereof;
  6. Client shall not create Internet “links” to the API Service or “frame” or “mirror” any content on any other server or wireless or Internet-based device;
  7. Client shall not build a competitive product or service;
  8. Client shall not build a product using similar ideas, features, functions or graphics of the API Service;
  9. Client shall not copy any ideas, features, functions or graphics of the API Service;
  10. Client agrees not to attempt to connect to the Active’s network other than through the API Services provided hereunder;k) Client may make a reasonable number of copies of the API Services only to the extent required to use the API Services for the limited purposes set forth in this Agreement; provided that Client must reproduce and include the copyright, trademark symbols or other restrictive and proprietary notices and markings from the original on all copies. All copies will be subject to the terms of this Agreement; and
  11. Except as otherwise expressly permitted by Active in the API Services or as otherwise approved by Active in writing, Client shall not use any Open Source Materials in connection with the Developer Application, in any manner that would cause the Technical Information to be subject to any licensing terms or obligations applicable to Open Source Materials. For the purposes of the preceding sentence, the term “Open Source Materials” means any software that is subject to terms that, as a condition of use, copying, modification or redistribution, require such software and derivative works thereof to be disclosed or distributed in source code form, to be licensed for the purpose of making derivative works, or to be redistributed free of charge, including, without limitation, software distributed under the GNU General Public License or GNU Lesser/Library GPL.

10. API KEYS. In order to access the API Services, Active may require Client to register for a unique security key or other security mechanism. Any information provided by Client in connection with such registration must be accurate, current and complete. Active may then issue Client one or more unique security keys, tokens, passwords and/or other credentials (collectively, “Access Codes”) for accessing the API Services. Client may only access the API Services with the Access Codes issued by Active. Client may not sell, transfer, sublicense or otherwise disclose Access Codes to any third party or use such Access Codes with any third-party product or service except to affect an integration otherwise allowed by this Product Attachment or Agreement. Client is responsible for maintaining the secrecy and security of the Access Codes and for all activities that occur using its Access Codes, regardless of whether such activities are undertaken by Client or a third party and will notify Active of any unauthorized use of the Access Codes.

11. MODIFICATIONS. Client acknowledges and agrees that Active retains the right to modify and release subsequent versions of the API Services. Developer may be required to obtain and use the most recent version of the API Services in order for the API Services to continue to be compatible with Active’s Products. The features, functionality, form and components of the API Services may change without prior notice to Client and Client acknowledges and agrees that future versions of the API Services may be incompatible with any Client development application developed on previous versions of the API Services. Furthermore, Client understands and agrees that updates to the API Services may include necessary functionality and/or fixes to protect the security of the API Services and that Client’s failure to promptly obtain and use such updates may compromise Client’s ability to use the API Services and/or result in the disabling of Client’s access to such API Services. Active shall have no liability to Client for any loss or damage resulting from Client’s failure to timely obtain and use such updates. If the API Service is currently provided on a royalty-free basis, Active reserves the right to charge for the API Services (or additional features or functionality) in the future.

12. SUPPORT ACKNOWLEDGEMENT. Client acknowledges and agrees that Active has no obligation to provide Client with software upgrades or updates, enhancements or modifications to the API Services (“Support”). If Active elects at any time to provide Support, Active may terminate the Support at any time without notice to Client for any or no reason.

13. EXPORT LAW. TO THE EXTENT THAT THE CLIENT’S DEVELOPMENT APPLICATION, USING THE API SERVICES, IS SUBJECT TO UNITED STATES EXPORT LAWS AND REGULATIONS, CUSTOMER AGREES TO COMPLY THEREWITH, WHICH COMPLIANCE MAY INCLUDE RESTRICTIONS ON USE, USERS AND DESTINATIONS.

14. CLIENT INTERFACE

  1. 14.1 EVALUATION. Client will provide Active with written notification at such time that, in Client’s determination, the Client Interface is ready to connect with Active’s system. Upon receipt of such notification, Active may, in its sole discretion, provide Client with testing data, information and materials necessary to permit the Client Interface to connect with Active’s systems for the purposes of processing “dummy” (i.e., not actual) transactions. Active may, in its sole discretion, but shall not be obligated to, review the output of such “dummy” transactions in order to evaluate whether to permit the Client Interface to connect with Client’s systems in a production environment (i.e., one that processes actual transactions).
  2. 14.2 CRITERIA. The following reflects a non-exclusive list of criteria that Active may, in its sole discretion, consider when undertaking any review provided for above, and for which Client may be denied access to Active’s systems:
    1. Client Interfaces that themselves crash, or that cause any Active or third-party hardware, software or systems to crash.
    2. Client Interfaces that exhibit bugs which could cause a system to degrade and/or corrupt data.
    3. Client Interfaces that do not perform as advertised by the Client.
    4. Client Interfaces that include undocumented or hidden features inconsistent with the description of the Client Interface.
    5. Client Interfaces that store or write data to Active’s systems or applications purchased by and for use by Active (e.g. embedded code which tracks transactions passing through a payment gateway).
    6. Client Interfaces that provide incorrect diagnostic or other inaccurate device data.
    7. Client Interfaces from any client who Active determines to be “spamming” Active with many versions of similar Client Interfaces.
    8. Client Interfaces that suggest or infer that Active is a source or supplier of the Client Interface, or that Active endorses any particular representation regarding quality or functionality.
    9. To the extent that a Client Interface uses protected third-party material (e.g., trademarks, copyrights, trade secrets, inventions, or otherwise proprietary content), Client must provide Active, upon request, with reasonable evidence that all necessary third-party rights have been obtained. If Client does not have the necessary third-party rights to permit a Client Interface to interface with Active’s systems, Client should not permit Active to evaluate such Client Interface under this Agreement.
    10. Client Interfaces must comply with all legal requirements in any location where they are made available to users. Active prohibits Client Interfaces that promote or may lead to the production of an illegal item or illegal activity. Client shall be responsible for researching to ensure that each Client Interface is in compliance with all local, state, national and international laws.
  3. 14.3 CONTINUING EVALUATION In the event that Active permits the Client Interface to connect with Active’s systems, Active retains the right, in its sole discretion, but shall not be obligated, to review the operation of the Client Interface to determine, in its sole discretion, whether (i) to continue to permit such connection; (ii) the Client Interface functions as outlined in Client’s product description, (iii) the Client Interface continues to meet the criteria set forth above; (iv) the Client Interface puts any Active or consumer or any other third party data at risk; and (v) the Client Interface complies with the terms of the Agreement.
  4. 14.4 CLIENT EVALUATION. Notwithstanding any evaluation conducted by Active, any such evaluation is not intended to take the place of Client’s pre-release testing. Client should complete any and all pre-release testing before providing Active with written notification that Client’s Client Interface is ready to connect with Active’s systems.
  5. 14.5 COMMUNICATION In the event that Active has a question about the Client Interface during Active’s evaluative process, or if Active determines, in its sole discretion, that one of the criteria is not met, Active may notify Client using the email address or telephone number associated with Client’s account and may provide guidance on next steps. Active will also notify Client once a Client Interface is permitted to connect, or if Active determines that a Client Interface is not permitted to connect, with Active’s systems. If a Client Interface is not permitted to connect with Active’s systems, Active may provide Client with details on the reason(s) therefore and guidance on necessary revisions.
  6. 14.6 ACTIVE DISCRETION. Active reserves the right to determine the appropriateness of permitting a Client Interface to interface with Active’s systems in Active’s sole and absolute discretion. Active may also determine, in its sole discretion, to permit any third-party application to interface with Active’s systems. Active may terminate any transaction, or take other actions as needed to restrict access to or availability of any content, product or service that does not comply with this Agreement and/or Product Attachment or that otherwise might adversely affect Active, and as applicable, merchants, consumers, end users or other third parties. Permitting a Client Interface to interface with Active’s systems, or withdrawing any such permission previously granted, does not relieve Client of responsibility to ensure the Client Interface complies with this Agreement and/or Product Attachment or to perform other obligations under this Agreement and/or Product Attachment. For the avoidance of doubt, and notwithstanding anything in the Agreement, the Product Attachment or any other additional agreement to the contrary, Active shall have no liability, whether to Client, and as applicable, any merchant or any other third party, arising out of, relating to, or as a result of Active’s acts or omissions pursuant to this Section 14.7.
  7. 14.7 CLIENT FEEDBACK. If Client provides suggestions, ideas or other feedback to Active, Active will be free to exercise all rights in such feedback without restriction and without owing any compensation to Client.
  8. 14.8 CLIENT END USER LICENSE AGREEMENT. Any license or other agreement between Client, and as applicable, any merchant or other third party relating to a Client Interface and/or a Client Interface’s connection with Active’s systems (“Client EULA”) shall not be inconsistent with the terms of the Agreement and/or Product Attachment. Client agrees that Active’s agreements with its clients and other third parties (“Active Agreements”) may involve such third parties’ use of the Client Interface. The Active Agreements may specify, among other terms and conditions, that Active is not the licensor of any Client Interface and that Active is not a party to the Client EULA. If there are any conflicts between any Active Agreement and the Client EULA, then to the extent of such conflict, the Active Agreement will control. Active does not have any responsibility or liability related to compliance or non-compliance by Client, or as applicable, any merchant, consumer, end user or other third party under any Active Agreement or Client EULA.
  9. 14.9 PROHIBITED ACTIONS. Neither Client nor the Client Interface shall interfere with damage, access, or use in any unauthorized manner, the hardware, software, networks, technologies or other properties or Products of Active.
  10. 14.10 SUPPORT. Client will provide reasonable (and, as between Client and Active, Client will be solely responsible for providing) technical and product support for Client Interfaces as requested by, as applicable, any merchant, consumer, end user or other third party. Client will also be solely responsible for receiving and responding to complaints from any of the foregoing relating to the Client Interface.

15. DISCLAIMER CLIENT ACKNOWLEDGES AND AGREES THAT THE API SERVICE IS PROVIDED “AS IS”, “WITH ALL FAULTS”, “AS AVAILABLE” AND WITHOUT WARRANTY OF ANY KIND. TO THE FULLEST EXTENT PERMITTED BY LAW, ACTIVE EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE ARISING IN LAW, FROM A COURSE OF DEALING OR USAGE OR TRADE, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. ACTIVE DOES NOT WARRANT THAT THE API SERVICE WILL MEET CLIENT’S REQUIREMENTS OR THAT THE API SERVICE IS COMPATIBLE WITH ANY PARTICULAR HARDWARE OR SOFTWARE PLATFORM. CLIENT FURTHER ACKNOWLEDGES AND AGREES THAT ACTIVE IS NOT RESPONSIBLE FOR, AND EXPRESSLY DISCLAIMS ALL LIABILITY ARISING OUT OF, EXPLOITATION OF SECURITY VULNERABILITIES IN NON-ACTIVE TECHNOLOGIES (SUCH AS APIS AND PLUGINS), EVEN WHEN THOSE SECURITY VULNERABILITIES CAUSE HARM THROUGH, OR BY WAY OF, THE API SERVICE.

16. ACTIVE APPLICATION DEVELOPMENT. Client acknowledges and agrees that Active, whether on its own behalf or in connection with a third party, may be independently creating applications, content and other products or services that may be similar to, or competitive with, the Client Interface. Nothing in this Agreement or Product Attachment will be construed as restricting or preventing Active from creating and fully exploiting such applications, content and other items without any obligation to Client.