Outage in Bay of Plenty fibre network – We’re working fast to get you back on line

Our API terms of use set out the access conditions for a developer to gain credential to our APIs. Note for our Retail Service Providers: Where you are party to the Wholesale Services Agreement, the System and Data Access Terms of Use and API Terms of Use are issued under and governed by the Wholesale Services Agreement.

Go to API Hub

Terms of use

Current as at:  5 November 2020

1. What these Terms of Use cover

These terms apply to your access to, use of, any or all of our application programming interfaces (APIs).

2. When these API Terms of Use start to apply to you

By clicking any “Agree” button in our API Hub or by using an API you agree that:

a) you will be bound by these API Terms of Use; and

b) you accept that these API Terms of Use apply to any ongoing and continuing use of any of our APIs for which you have been granted Client Credentials prior to or after the date of publication of these terms.

By completing any registration for access or use of an API, you represent that you are an authorised representative of company, organisation, agency or service provider and that you have the requisite authority by it to accept and be bound by, these API Terms of Use.

3. Who these API Terms of Use apply to

These terms apply if you are an organisation who:

a) is party to an existing agreement with us to supply us with services or buy wholesale services from us and to whom we have granted Client Credentials either under those agreements expressly or by our conduct;

b) has been granted Client Credentials by us for use one or more of our APIs on a temporary basis.

4. How these API Terms of Use interact with Contract Agreements you have with us

These API Terms of Use incorporate:

a) the specific terms of use or conditions or security protocols stipulated as mandatory in any Access Conditions specific to an Access Permission; and

b) any terms and conditions set out in any contract or agreement you have with us that relate to confidentiality and conformance to our standards.

5. Glossary


This is an application programming interface, which is a mechanism by which a system can be made to interact with another system.

Client Credentials

This means the client ID, secret, licence key and/or any token issued exclusively to you for your organisation to access, or to our API in the applicable environment (sandbox or production), subject to the satisfaction and ongoing compliance with the applicable conditions of access.


This means all information, text, maps, drawings, address data sets, GPS co-ordinates and other materials in any form that Tuatahi First Fibre provides to you, or that you generate, collect, process, hold, store or transmit in connection with your Client Credentials.

Intellectual Property Rights

This means any copyright, patent, trademark, design right, trade secret, eligible layout, or other industrial or intellectual property right.

Major Version Changes

This means is any API version change which would remove or change existing functionality (also commonly referred to as ‘breaking changes’).

Rate Limit

This means any volume or user limitations imposed on your access to any API from time to time.

Retail Service Provider

This means a retail service provider who purchases a wholesale fibre broadband telecommunication service from Tuatahi First Fibre to a third-party end user with whom they have the direct billing relationship.

Security Incident

This means the unauthorised access, use, alteration or destruction of any Data or Systems, or other compromises or breaches of your or our electronic or physical security.

Security Vulnerability

This means a weakness at the network, operating system, database or application software level, or within associated functions (such as a physical vulnerability at the location where Tuatahi First Fibre’s Data is stored), that could allow a Security Incident to occur.


This means any electronic information technology system, including (but not limited to) hardware, software, services, websites, APIs and communications networks.

Tuatahi First Fibre, we, us and our

This means Tuatahi First Fibre Limited (registered company number 3226213) .

You and your

This means the company, organisation, agency or service provider you represent and its employees, agents, authorised representatives and contractors.

Wholesale Services Agreement

This means the agreement in place between us and any Retail Service Provider for the wholesale purchase of a fibre broadband telecommunications service.

6. Application for Client Credentials

The application process is subject to the following and is subject to change at our sole discretion (with such changes communicated on the API Hub):

a) you must complete any registration form or process that we require or specify to be granted client conditions;

b) we reserve all rights to determine any conditions that require to be satisfied for the issuance of any Client Credentials; and

c) we reserve the right to require any existing user who has previously been issued with Client Credentials prior to the introduction of any API registration process to register. This is at our sole discretion and your continued use or access is contingent on you completing a registration request, if deemed necessary by us.

7. Issue of Client Credentials

Once we issue you with Client Credentials, you are granted a non-exclusive, non-transferable, terminable, limited licence under our Intellectual Property Rights in the API to use the API for the specific purposes you described in your application for Client Credentials.

8. Your warranties to Us

You warrant on an ongoing and continued basis that as at the date of your application for Client Credentials and during all continued use of those Client Credentials that:

a) all information in your application for Client Credentials is true, correct, accurate, up to date, including any information relating to your likely user or volume usage of any API;

b) you have all required protocols in place to ensure you comply with any conditions of access; and

c) your internal protocols and use, collection and storage of, any Data complies will all applicable laws (including, but not limited to, all relevant requirements of the Privacy Act 2020 where such data is personal information as defined by that act or any subsequent act).

9. Your obligations regarding Client Credentials

You agree and accept that:

a) you are obliged to keep your Client Credentials secure whether selected or generated by you or issued by us;

b) you must not share your Client Credentials without express permission from us. You may not share or transfer those credentials to, or allow them to be used by, any other person (whether natural, incorporated or machine);

c) you must ensure that your employees, agents and sub-contractors are aware of and comply with these API Terms of Use.

d) you must notify us as soon as you become aware of any breach of security or unauthorised use of your Client Credentials (this includes any unauthorised access to our APIs through your systems);

e) you must inform us if you cease to comply with any conditions of access;

f) you must notify us within 24 hours if any of the following occurs:

i. if you cease to hold a valid licence key (including where the licence key is cancelled by us) for an API;

ii. if your password policy changes and no longer meet the access criteria relating to password protocols; and

iii. you have or suspect you may have experienced a Security Incident,

g) you must cease to use the APIs if any of the above scenarios above from (i) to (iii) inclusive occur until we have reinstated your Client Credentials subject to our satisfaction (in our sole discretion) that you have re-satisfied that you are compliant with any conditions of access;

h) you may only utilise your Client Credentials in accordance with any Rate Limit;

i) you may only apply your Client Credentials in accordance with the purpose stated in your registration application; and

j) your use of scripts, automation or other forms of machine-based login are only to be undertaken using the security tokens issued by us and against officially supported API endpoints.

10. Testing and acceptance

The following apply to you:

a) You must perform user acceptance testing of the API against any acceptance criteria notified to you as applicable in any conditions of access; and

b) You are deemed to have accepted the API upon going into a production environment.

11. Our API versioning

We may, from time to time notify you that we have or will:

a) alter the Rate Limit applicable to your use of any APIs, this site or the Data;

b) replace, update or upgrade the API and or the Data (including the data schema or structure of the Data), and that those changes may require you to make updates to your systems or applications accessing the API;

c) make changes to our APIs from time to time to enhance and improve them;

d) decommission a deprecated API; and

e) make test or non-production versions of APIs available to you.

12. Prohibitions relating to Client Credentials

You must not:

a) decompile, disassemble, copy, modify, reverse engineer, or attempt to derive the source code of any API made available to you by us;

b) do anything that may damage or interfere with any Systems or Data made available to you by us;

c) access (or seek to access) Data relating to any other Retail Service Providers, other service companies to us or any end user that is serviced by another Retail Service Provider;

d) distribute, disclose, market, rent, lease, assign, novate, sublicense or otherwise transfer possession or receipt of the Data received via any API or any of your rights or obligations under these Terms of Use to any third party unless such disclosure is required for the purposes stated and agreed to in the Client Credentials; and

e) on-sell or supply any Data to any third parties.

13. Audit

We reserve the following rights in respect of auditing your use of Client Credentials:

a) we have the right to perform an audit on all and any use of your Client Credentials in our environments;

b) we reserve the right to request evidence of your policies, procedures or technical controls that enforce policies or any aspect of any conditions of access to APIs;

c) we reserve the right to request that you provide evidence and results of a recent security assessment covering the scope of your service delivery to us (where applicable);

d) we reserve the right to require you to engage an accredited independent third-party (at your sole cost) to undertake an assessment as outlined in the sub-clause above, where no such assessment exists or the assessment is older than 3 years from the date of request;

14. Security Assessment

If a security assessment reveals that your processes do not meet the minimum standards required by this agreement or reveals significant deficiencies that result in an unacceptable level of risk to our Systems or Data then you must promptly meet with us to discuss and agree appropriate corrective steps and apply those steps without delay.

15. Suspension and Termination of Client Credentials

We reserve the following rights in respect of suspension or termination of your Client Credentials:

a) we can immediately withdraw, block or terminate your access to the API and this site without notice if we detect or reasonably believe that:

i. there is or has been any misuse by you of your Client Credentials; or

ii. you are in breach of your ongoing compliance obligations with the Access Conditions;

iii. A Security Incident has been experienced by you or caused by you;

iv. we suspect you may be contributing to or causing a Security Vulnerability;

v. you are exceeding any Rate Limit imposed;

vi. you are no longer a Retail Service Provider in a current Wholesale Services Agreement with us.

b) we shall supply you with 10 calendar days’ notice to you through any applicable portal we operate or through the other business as usual notification mechanisms; and

c) we reserve the right to withdraw or disable your Client Credentials where you have not utilised your account or permissions for a period of 90 calendar days.

16. Our Warranties to you

The following applies in respect of any warranties we offer to you:

a) we give no warranties (express or implied) that the APIs or the Data will meet your requirements;

b) we do not warrant or make any representation or commitment that we shall make production versions of any non-production APIs or any similar applications available as a production release and this extends to any tools or functionality included in non-production APIs; and

c) we make no guarantees as to the continuous availability of any API.

17. Our liability to you

The following applies in respect of the liability of Tuatahi First Fibre Limited to you:

a) to the maximum extent permitted by law, we exclude all liability to you or any third party under or in connection with your use of any Platform, API or the Data, regardless of whether the liability arises in contract, tort (including negligence), statute or otherwise; and

b) if we are liable to you or any third party under or in connection with these API Terms of Use for any reason, our maximum aggregate liability, whether in contract, tort (including negligence), statute or otherwise, is limited to NZD100.

18. Your liability to indemnify us

The following applies in respect of your liability to indemnify us:

a) you indemnify us from and against any claim, proceeding, damage, liability, loss, cost or expense (including legal costs on a solicitor and own client basis), whether arising in contract, tort (including for negligence), statute or otherwise, arising out of or in connection with your or your customer’s breach of these API Terms of Use or any act or omission by you or your customer in relation to the API; and

b) you will be liable for all acts and omissions of any person who uses the Client Credentials.

19. Intellectual property and confidentiality

a) We own, or license from a third party, all rights, title and interest, including Intellectual Property Rights, in and to the API and the Data all other software and systems used by us and our licensors in connection with the API and the Data any other documents or materials you access through the API.

b) You may not:

i. use any of our trademarks, business names or logos without our express written approval;

ii. not remove or tamper with any logos, business names or trademarks, or disclaimer or copyright notice attached to or used in relation to an API, any Data or our services;

iii. promote or provide any goods or services in any way which is misleading or deceptive or which suggests the goods or services are provided or endorsed by, or in any way affiliated with, us or any other member of Tuatahi First Fibre Limited; and

iv. make any statement or claim relating to any Data being approved, recommended or endorsed by us or any other member of Tuatahi First Fibre Limited, except as approved by us in writing.

20. Miscellaneous

The following shall apply:

a) use of the APIs and Data are for the purposes of a business and that the Consumer Guarantees Act 1993 does not apply;

b) no failure, delay or indulgence by Us in exercising any power or right under these API Terms of Use will operate as a waiver of that power or right. A single or partial exercise of any power or right will not preclude further exercises of that power or right or the exercise of any other power or right under these API Terms of Use ;

c) if any part of these API Terms of Use is held by any court or administrative body to be illegal, void or unenforceable, that determination will not impair the enforceability of the remaining parts of these API Terms of Use which will remain in full force;

d) no assignment or transfer any of your rights or obligations under these API Terms of Use (or any Client Credentials granted under them) may be effected without our prior written consent.

e) these API Terms of Use are governed by and is to be construed in accordance with New Zealand law. You and Tuatahi First Fibre submit to the exclusive jurisdiction of the Courts of New Zealand in relation to all disputes arising out of or in connection with these API Terms of Use.