Legal

Developer API Terms

Version 1.0 · Last updated May 30, 2026 · Effective May 30, 2026

These terms govern access to and use of the WorkspaceCMS Developer API (the “API”). They supplement, and are governed by, the master Terms of Service, Privacy Policy, and Acceptable Use Policy. In the event of a conflict, the more specific terms control.

1. Tier eligibility

The Developer API requires the Premium plan or higher. Tenants on lower plans may view the OpenAPI spec at app.1digital.ai/docs/workspacecms-api-openapi.json but cannot generate or use API keys. Upgrade via the dashboard billing page to enable access.

2. Rate limits

  • 600 requests / minute per active key
  • 50,000 requests / day per tenant (across all keys)
  • 5 active keys per tenant

Exceeding any limit returns HTTP 429 with a Retry-After header and the six standard X-RateLimit-* headers (also present on every 2xx response) so SDKs can throttle automatically. Need higher limits? Contact us for an Enterprise quote — individual limits are not raised ad-hoc.

3. Security and key handling

Keys are issued in wcms_live_* format and shown once. Tenant is solely responsible for securely storing and rotating its keys. Lost keys must be revoked and regenerated. Keys are tenant-scoped — sharing a key across tenants, with third parties, or via public-facing client code is prohibited. Tenant must notify us promptly upon suspected key compromise.

4. Acceptable use

Prohibited: scraping at industrial scale; resale of API access; using the API as the primary backend for a separate commercial product without a written agreement; circumventing rate limits via multiple accounts; or any use that breaches the master Acceptable Use Policy. Reasonable read/write integration with the tenant’s own systems (headless frontends, BI dashboards, internal automations) is permitted.

5. Revocation

1Digital may revoke any key for breach of these terms, abuse of rate limits, or a credible security concern. Where feasible we will provide prior notice. Tenant may revoke its own keys at any time from the dashboard.

6. Data & privacy

API responses contain only the tenant’s own data. Tenant is the data controller of that content; 1Digital is the data processor for API responses per the master Terms and Privacy Policy. Subprocessors used in serving the API are listed in the Privacy Policy (Vercel for edge execution, Supabase for storage and authentication).

7. Request logging

We log request metadata — tenant ID, key ID, route path, HTTP status, latency, rate-limit scope — for 30 days to support abuse-prevention, debugging, and the in-dashboard usage analytics. Request and response bodies are not stored. Retention may be extended only for entries flagged for security or billing investigation.

8. No SLA without Enterprise

Standard Premium API access has no uptime guarantee beyond commercially reasonable best-effort. An uptime SLA, defined rate-limit ceilings above the defaults, IP allowlisting, and custom-retention request logs are available under an Enterprise agreement — contact sales.

9. Downgrade

Downgrading from Premium revokes API access immediately. Existing keys persist in the dashboard for 90 days so access can be re-activated by re-upgrading; after 90 days the keys are permanently deleted.

10. No warranty

THE API IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, AND NON-INFRINGEMENT. USE OF THE API IS AT THE TENANT’S SOLE RISK.

11. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, 1DIGITAL’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THE DEVELOPER API IS LIMITED TO THE FEES PAID BY THE TENANT FOR THE AFFECTED SERVICE IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM. 1DIGITAL IS NOT LIABLE FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, OR LOST-PROFITS DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY.

12. Indemnification

Tenant shall defend, indemnify, and hold harmless 1Digital, its affiliates, and personnel from any claim, loss, or liability arising from:

  • misuse of API keys, including third-party use of leaked keys;
  • content sent or received through the API in breach of these terms;
  • violation of applicable law by the tenant’s integration; or
  • infringement of any third-party right by the tenant’s use of the API.

13. Export controls and sanctions

Tenant represents that it is not located in, and will not provide API access to any person located in, a country or region subject to comprehensive U.S. trade sanctions, and that it is not on any U.S. government denied-party list. Tenant will comply with all applicable export-control laws when integrating the API.

14. Intellectual property

The API, the OpenAPI specification, the Developer Guide, the WorkspaceCMS dashboard, the SDKs we publish, and all related documentation are the proprietary work of 1Digital Agency and are protected by copyright and other intellectual-property laws. We grant tenant a non-exclusive, non-transferable, revocable right to use the API solely for tenant’s permitted use described in these terms. No other licence is granted by implication or estoppel.

15. Survival

Sections 3 (Security), 4 (Acceptable Use), 6 (Data & Privacy), 7 (Request Logging), 10 (No Warranty), 11 (Limitation of Liability), 12 (Indemnification), and 14 (Intellectual Property) survive termination of API access for any reason and for as long as is reasonably necessary to enforce the rights and obligations described.

16. Changes to these terms

We may update these terms on 30 days’ notice to the workspace owner email. Continued use of the API after the effective date constitutes acceptance.

17. Contact

Developer-API questions, abuse reports, security disclosures, and Enterprise inquiries: info@1digitalagency.com. Mailing-address notice information is in Terms §13.5.