Current as at: 5 November 2020
These terms apply to your access to, use of, any or all of our application programming interfaces (APIs).
By clicking any “Agree” button in our API Hub or by using an API you agree that:
These terms apply if you are an organisation who:
a) is party to an existing agreement with us to supply us with services or buy wholesale services from us and to whom we have granted Client Credentials either under those agreements expressly or by our conduct;
b) has been granted Client Credentials by us for use one or more of our APIs on a temporary basis.
b) any terms and conditions set out in any contract or agreement you have with us that relate to confidentiality and conformance to our standards.
This is an application programming interface, which is a mechanism by which a system can be made to interact with another system.
This means the client ID, secret, licence key and/or any token issued exclusively to you for your organisation to access, or to our API in the applicable environment (sandbox or production), subject to the satisfaction and ongoing compliance with the applicable conditions of access.
This means all information, text, maps, drawings, address data sets, GPS co-ordinates and other materials in any form that Tuatahi First Fibre provides to you, or that you generate, collect, process, hold, store or transmit in connection with your Client Credentials.
Intellectual Property Rights
This means any copyright, patent, trademark, design right, trade secret, eligible layout, or other industrial or intellectual property right.
Major Version Changes
This means is any API version change which would remove or change existing functionality (also commonly referred to as ‘breaking changes’).
This means any volume or user limitations imposed on your access to any API from time to time.
Retail Service Provider
This means a retail service provider who purchases a wholesale fibre broadband telecommunication service from Tuatahi First Fibre to a third-party end user with whom they have the direct billing relationship.
This means the unauthorised access, use, alteration or destruction of any Data or Systems, or other compromises or breaches of your or our electronic or physical security.
This means a weakness at the network, operating system, database or application software level, or within associated functions (such as a physical vulnerability at the location where Tuatahi First Fibre’s Data is stored), that could allow a Security Incident to occur.
This means any electronic information technology system, including (but not limited to) hardware, software, services, websites, APIs and communications networks.
Tuatahi First Fibre, we, us and our
This means Tuatahi First Fibre Limited (registered company number 3226213) .
You and your
This means the company, organisation, agency or service provider you represent and its employees, agents, authorised representatives and contractors.
Wholesale Services Agreement
This means the agreement in place between us and any Retail Service Provider for the wholesale purchase of a fibre broadband telecommunications service.
6. Application for Client Credentials
The application process is subject to the following and is subject to change at our sole discretion (with such changes communicated on the API Hub):
a) you must complete any registration form or process that we require or specify to be granted client conditions;
b) we reserve all rights to determine any conditions that require to be satisfied for the issuance of any Client Credentials; and
c) we reserve the right to require any existing user who has previously been issued with Client Credentials prior to the introduction of any API registration process to register. This is at our sole discretion and your continued use or access is contingent on you completing a registration request, if deemed necessary by us.
7. Issue of Client Credentials
Once we issue you with Client Credentials, you are granted a non-exclusive, non-transferable, terminable, limited licence under our Intellectual Property Rights in the API to use the API for the specific purposes you described in your application for Client Credentials.
8. Your warranties to Us
You warrant on an ongoing and continued basis that as at the date of your application for Client Credentials and during all continued use of those Client Credentials that:
a) all information in your application for Client Credentials is true, correct, accurate, up to date, including any information relating to your likely user or volume usage of any API;
b) you have all required protocols in place to ensure you comply with any conditions of access; and
c) your internal protocols and use, collection and storage of, any Data complies will all applicable laws (including, but not limited to, all relevant requirements of the Privacy Act 1993 where such data is personal information as defined by that act or any subsequent act).
9. Your obligations regarding Client Credentials
You agree and accept that:
a) you are obliged to keep your Client Credentials secure whether selected or generated by you or issued by us;
b) you must not share your Client Credentials without express permission from us. You may not share or transfer those credentials to, or allow them to be used by, any other person (whether natural, incorporated or machine);
d) you must notify us as soon as you become aware of any breach of security or unauthorised use of your Client Credentials (this includes any unauthorised access to our APIs through your systems);
e) you must inform us if you cease to comply with any conditions of access;
f) you must notify us within 24 hours if any of the following occurs:
i. if you cease to hold a valid licence key (including where the licence key is cancelled by us) for an API;
ii. if your password policy changes and no longer meet the access criteria relating to password protocols; and
iii. you have or suspect you may have experienced a Security Incident,
g) you must cease to use the APIs if any of the above scenarios above from (i) to (iii) inclusive occur until we have reinstated your Client Credentials subject to our satisfaction (in our sole discretion) that you have re-satisfied that you are compliant with any conditions of access;
h) you may only utilise your Client Credentials in accordance with any Rate Limit;
i) you may only apply your Client Credentials in accordance with the purpose stated in your registration application; and
j) your use of scripts, automation or other forms of machine-based login are only to be undertaken using the security tokens issued by us and against officially supported API endpoints.
10. Testing and acceptance
The following apply to you:
a) You must perform user acceptance testing of the API against any acceptance criteria notified to you as applicable in any conditions of access; and
b) You are deemed to have accepted the API upon going into a production environment.
11. Our API versioning
We may, from time to time notify you that we have or will:
a) alter the Rate Limit applicable to your use of any APIs, this site or the Data;
b) replace, update or upgrade the API and or the Data (including the data schema or structure of the Data), and that those changes may require you to make updates to your systems or applications accessing the API;
c) make changes to our APIs from time to time to enhance and improve them;
d) decommission a deprecated API; and
e) make test or non-production versions of APIs available to you.
12. Prohibitions relating to Client Credentials
You must not:
a) decompile, disassemble, copy, modify, reverse engineer, or attempt to derive the source code of any API made available to you by us;
b) do anything that may damage or interfere with any Systems or Data made available to you by us;
c) access (or seek to access) Data relating to any other Retail Service Providers, other service companies to us or any end user that is serviced by another Retail Service Provider;
e) on-sell or supply any Data to any third parties.
We reserve the following rights in respect of auditing your use of Client Credentials:
a) we have the right to perform an audit on all and any use of your Client Credentials in our environments;
b) we reserve the right to request evidence of your policies, procedures or technical controls that enforce policies or any aspect of any conditions of access to APIs;
c) we reserve the right to request that you provide evidence and results of a recent security assessment covering the scope of your service delivery to us (where applicable);
d) we reserve the right to require you to engage an accredited independent third-party (at your sole cost) to undertake an assessment as outlined in the sub-clause above, where no such assessment exists or the assessment is older than 3 years from the date of request;
14. Security Assessment
If a security assessment reveals that your processes do not meet the minimum standards required by this agreement or reveals significant deficiencies that result in an unacceptable level of risk to our Systems or Data then you must promptly meet with us to discuss and agree appropriate corrective steps and apply those steps without delay.
15. Suspension and Termination of Client Credentials
We reserve the following rights in respect of suspension or termination of your Client Credentials:
a) we can immediately withdraw, block or terminate your access to the API and this site without notice if we detect or reasonably believe that:
i. there is or has been any misuse by you of your Client Credentials; or
ii. you are in breach of your ongoing compliance obligations with the Access Conditions;
iii. A Security Incident has been experienced by you or caused by you;
iv. we suspect you may be contributing to or causing a Security Vulnerability;
v. you are exceeding any Rate Limit imposed;
vi. you are no longer a Retail Service Provider in a current Wholesale Services Agreement with us.
b) we shall supply you with 10 calendar days’ notice to you through any applicable portal we operate or through the other business as usual notification mechanisms; and
c) we reserve the right to withdraw or disable your Client Credentials where you have not utilised your account or permissions for a period of 90 calendar days.
16. Our Warranties to you
The following applies in respect of any warranties we offer to you:
a) we give no warranties (express or implied) that the APIs or the Data will meet your requirements;
b) we do not warrant or make any representation or commitment that we shall make production versions of any non-production APIs or any similar applications available as a production release and this extends to any tools or functionality included in non-production APIs; and
c) we make no guarantees as to the continuous availability of any API.
17. Our liability to you
The following applies in respect of the liability of Tuatahi First Fibre Limited to you:
a) to the maximum extent permitted by law, we exclude all liability to you or any third party under or in connection with your use of any Platform, API or the Data, regardless of whether the liability arises in contract, tort (including negligence), statute or otherwise; and
18. Your liability to indemnify us
The following applies in respect of your liability to indemnify us:
b) you will be liable for all acts and omissions of any person who uses the Client Credentials.
19. Intellectual property and confidentiality
a) We own, or license from a third party, all rights, title and interest, including Intellectual Property Rights, in and to the API and the Data all other software and systems used by us and our licensors in connection with the API and the Data any other documents or materials you access through the API.
b) You may not:
i. use any of our trademarks, business names or logos without our express written approval;
ii. not remove or tamper with any logos, business names or trademarks, or disclaimer or copyright notice attached to or used in relation to an API, any Data or our services;
iii. promote or provide any goods or services in any way which is misleading or deceptive or which suggests the goods or services are provided or endorsed by, or in any way affiliated with, us or any other member of Tuatahi First Fibre Limited; and
iv. make any statement or claim relating to any Data being approved, recommended or endorsed by us or any other member of Tuatahi First Fibre Limited, except as approved by us in writing.
The following shall apply:
a) use of the APIs and Data are for the purposes of a business and that the Consumer Guarantees Act 1993 does not apply;