API Terms of Service

1. Definitions

• "API" means the AllergenMaps Application Programming Interface, including all endpoints, documentation, and associated tooling provided by AllergenMaps for programmatic access to the Service.
• "API Key" means the unique authentication credential issued to a registered API customer for accessing the API.
• "Allergen Data" means the proprietary allergen-to-excipient mappings, risk classifications, and categorization systems created and maintained by AllergenMaps.
• "Medication Reference Data" means publicly available information about pharmaceutical products, including brand names, generic names, NDC numbers, and manufacturer details sourced from the FDA and other public databases.
• "Rate Limit" means the maximum number of API requests permitted within a defined time period, as specified by the customer's subscription tier.
• "SLA" means the Service Level Agreement, a separate document specifying uptime guarantees and support response times for Enterprise-tier customers.

2. API Key Management

2.1 Issuance. API Keys are issued upon registration and approval of an API access application. AllergenMaps reserves the right to deny applications at its sole discretion.

2.2 Confidentiality. API Keys are confidential credentials. Customers must store API Keys securely and must not embed them in client-side code, public repositories, or any location accessible to unauthorized parties.

2.3 Revocation. AllergenMaps may revoke an API Key immediately and without notice if it determines the key has been compromised, misused, or used in violation of these API Terms.

2.4 Rotation. Customers should rotate API Keys at least every 90 days. AllergenMaps may enforce mandatory rotation and will provide reasonable notice before doing so.

2.5 IP Allowlisting. Enterprise-tier customers may configure IP allowlists to restrict API Key usage to specific network addresses. AllergenMaps recommends this practice for all production deployments.

3. Permitted Use

3.1 Clinical Reference. The API may be used to integrate allergen and excipient information into clinical workflows, electronic health record systems, pharmacy management software, and patient-facing health applications, provided that all such uses comply with Section 9 (Disclaimers) and do not present API data as medical advice.

3.2 Caching. Customers may cache API responses locally to improve performance, subject to the following maximum cache durations:

• Medication search results: 1 hour
• Medication detail (ingredient lists): 24 hours
• Allergen category definitions: 7 days
• Static reference data (manufacturers, dosage forms): 7 days

Cached data must be purged upon expiration. Customers must not serve stale data beyond these durations.

3.3 Attribution. Any application or service that displays data obtained from the AllergenMaps API must include a visible attribution stating "Powered by AllergenMaps" or "Data provided by AllergenMaps" with a link to https://allergenmaps.com.

4. Prohibited Use

Customers and their authorized users shall not:

• (a) Bulk Extract. Systematically download, scrape, or harvest the AllergenMaps database or any substantial portion thereof via the API.
• (b) Reverse-Engineer. Reverse-engineer, decompile, or otherwise attempt to derive the allergen-to-excipient mapping logic, classification algorithms, or trade secrets from API responses.
• (c) Redistribute. Redistribute, resell, sublicense, or make API data available to third parties as a standalone dataset or data service.
• (d) Share Keys. Share, transfer, or allow use of API Keys by unauthorized parties, including other organizations, affiliates, or individuals not covered by the customer's agreement.
• (e) Circumvent Limits. Circumvent, bypass, or attempt to exceed rate limits through techniques such as key pooling, request multiplexing, or distributed evasion.
• (f) Scrape. Use the API in conjunction with web scraping, automated browsing, or other techniques to reconstruct the AllergenMaps database or user interface.
• (g) Illegal Use. Use the API for any purpose that violates applicable federal, state, or local laws or regulations.

5. Rate Limits and Subscription Tiers

API access is subject to rate limits based on the customer's subscription tier:

Requests exceeding the rate limit will receive an HTTP 429 response. Customers must implement exponential backoff and retry logic. AllergenMaps reserves the right to adjust rate limits with 30 days' notice.

6. Intellectual Property

6.1 Trade Secret. The allergen-to-excipient mapping, risk classification algorithms, and categorization methodology embodied in the API constitute trade secrets of AllergenMaps. Customers acknowledge this status and agree to maintain the confidentiality of these trade secrets.

6.2 Database Copyright. The AllergenMaps database, including the selection, coordination, and arrangement of data, is protected by copyright. No license to reproduce, distribute, or create derivative works from the database is granted except as expressly stated in these API Terms.

6.3 Medication Reference Data. Medication Reference Data sourced from public FDA databases remains in the public domain. However, AllergenMaps' organization, enrichment, normalization, and presentation of such data is proprietary.

6.4 Survival. Intellectual property obligations under this Section survive termination of API access indefinitely.

7. Service Level Agreement

Enterprise-tier customers are eligible for a separate Service Level Agreement (SLA) specifying uptime guarantees, support response times, and remedies for service interruptions. The SLA is provided as a standalone document upon execution of an Enterprise agreement. Standard-tier access is provided on a best-effort basis without uptime guarantees.

8. Data and Privacy

8.1 No PHI. The API is not designed to process, store, or transmit Protected Health Information (PHI) as defined by HIPAA. Customers must not include PHI in API requests, query parameters, headers, or any communication with the API.

8.2 Audit Logging. AllergenMaps logs all API requests, including timestamps, API Key identifiers, endpoints accessed, query parameters, response codes, and IP addresses. These logs are used for security monitoring, abuse detection, and billing purposes.

8.3 Data Retention. API audit logs are retained for a minimum of 12 months. Aggregated, anonymized usage statistics may be retained indefinitely.

8.4 No Patient Data Storage. Customers must not use the API in a manner that transmits identifiable patient data to AllergenMaps. All queries should be structured using medication identifiers (NDC, brand name, generic name) without associating them with specific patients.

9. Disclaimers and Limitation of Liability

9.1 Informational Only. Data provided through the API is for informational and reference purposes only. It does not constitute medical advice, diagnosis, or treatment recommendations.

9.2 No Guarantee. AllergenMaps does not guarantee the completeness, accuracy, or timeliness of allergen data. Pharmaceutical formulations change, manufacturers may alter ingredients without notice, and cross-contamination risks may not be reflected in available data.

9.3 THE API AND ALL DATA PROVIDED THROUGH IT ARE OFFERED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

9.4 TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALLERGENMAPS' TOTAL LIABILITY FOR ALL CLAIMS ARISING FROM API ACCESS SHALL NOT EXCEED THE FEES PAID BY THE CUSTOMER DURING THE TWELVE (12) MONTHS PRECEDING THE CLAIM. IN NO EVENT SHALL ALLERGENMAPS BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES.

10. Indemnification

Customer agrees to indemnify, defend, and hold harmless AllergenMaps, its officers, directors, employees, agents, and affiliates from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or related to Customer's use of the API, violation of these API Terms, or any third-party claim that Customer's application or use of API data infringes or misappropriates any right of a third party.

11. Termination

11.1 Voluntary Termination. Either party may terminate API access with 30 days' written notice to the other party.

11.2 Immediate Termination for Breach. AllergenMaps may terminate API access immediately and without notice if the Customer breaches any material provision of these API Terms, including but not limited to prohibited use, rate limit circumvention, or unauthorized data extraction.

11.3 Data Destruction. Upon termination, Customer must destroy all cached API data, delete stored API Keys, and certify in writing that all AllergenMaps data has been purged from Customer's systems within 30 days.

11.4 Survival. Sections 1 (Definitions), 4 (Prohibited Use), 6 (Intellectual Property), 8 (Data and Privacy), 9 (Disclaimers and Limitation of Liability), 10 (Indemnification), and 12 (Governing Law) survive termination of these API Terms.

12. Governing Law and Dispute Resolution

12.1 Governing Law. These API Terms shall be governed by and construed in accordance with the laws of the State of Indiana, without regard to its conflict of law provisions.

12.2 Arbitration. Except for claims seeking emergency injunctive relief or enforcement of intellectual property rights, any dispute, claim, or controversy arising out of or relating to these API Terms or the API shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, with one arbitrator, conducted in Indianapolis, Indiana. The arbitrator's decision is final and binding. Each party shall bear its own costs and fees unless the arbitrator determines otherwise in accordance with applicable rules.

12.3 Court Jurisdiction. For claims excluded from arbitration under §12.2, the parties hereby consent to exclusive jurisdiction and venue in the state or federal courts located in Indiana.

13. Modifications

AllergenMaps reserves the right to modify these API Terms at any time. Customers will be notified of material changes at least 30 days in advance via the email address associated with their API Key registration. Continued use of the API after the effective date of modifications constitutes acceptance of the updated terms.

14. Contact

For questions about these API Terms, API access, or to report a security concern:

• Email: api@allergenmaps.com
• Documentation: /docs/api