API Terms of Use
Legal terms governing API access, credentials, Core Wallet billing, and integrations with Vistarkriya
SUPPLEMENTARY TO PLATFORM AGREEMENTS
These API Terms apply in addition to our Terms of Service, Privacy Policy, and Refund Policy. By using the API you accept all four agreements.
Quick Navigation
Applicability and Relationship with Other Agreements
These API Terms of Use ("API Terms") govern Your access to and use of the Application Programming Interface ("API") provided by VistarKriya Marketings Private Limited (VistarKriya Marketings Private Limited) ("Company", "We", "Us", "Our"), a company incorporated under the laws of India, having its registered office at 3rd Floor, Shree Jee Plaza, New Road, Dalanwala, Dehradun, Uttarakhand 248001 and its branch office at 55, 3rd Floor, Westend Marg, Saidullajab, Near Saket Metro, New Delhi 110030.
These API Terms are supplementary to and shall be read in conjunction with the following agreements:
Conflict Resolution
In the event of any conflict between these API Terms and the agreements above on matters specific to API usage, these API Terms shall prevail. On all other matters, the Terms of Service, Privacy Policy, and Refund Policy shall continue to apply in full.
By requesting, receiving, or using API credentials, or by making any API call to the Platform, You acknowledge that You have read, understood, and agree to be bound by these API Terms together with the three agreements referenced above.
Eligibility: API access is restricted to entities and individuals who meet the eligibility criteria set out in Terms of Service §1, including the minimum age of 18 years and the legal capacity to enter into binding contracts under Indian law.
Definitions
- "API" means the RESTful Application Programming Interface (currently versioned as v1) made available by Vistarkriya, including all endpoints, authentication mechanisms, request/response formats, and associated documentation.
- "API Key" and "API Secret" mean the unique credentials issued to You for the purpose of authenticating API requests.
- "Tenant Code" means the unique identifier (typically a 6-digit numeric code) assigned to Your tenant account on the Platform.
- "Core Wallet" means the prepaid digital wallet maintained within the Platform against which all API consumption charges are debited, as further defined and governed by Refund Policy §6.
- "Pipeline Wallet" has the meaning given in Refund Policy §6. The Pipeline Wallet holds pending commissions and is not used for API consumption billing. API endpoints that report Pipeline Wallet state are read-only.
- "API Consumer" or "You" means any individual, business entity, or tenant who has been issued API credentials and accesses the API.
- "API Modules" means the distinct functional categories of the API, which currently include Wallet, CIBIL Reports, Verify Services, Marketplace, Kamao, and B2C, and may be updated by Us from time to time.
- "Third-Party Provider" means any external service provider, data source, bureau, verification agency, payment gateway, or other entity whose services are accessed, relayed, or facilitated through the API.
- "Platform" means the Vistarkriya SaaS platform (also defined as the "Service" in the Terms of Service), including the web application, dashboard, APIs, and all associated services.
- "Sandbox" means the testing environment provided by Us. POST requests in Sandbox return simulated dummy responses without wallet deductions; GET requests in Sandbox may return Your actual read-only account data, also without wallet deductions (see §7).
- "Live Mode" means the production environment where API calls result in actual data processing, real responses from Third-Party Providers, and wallet deductions.
API Access and Credentials
3.1 Discretionary Access
API access is not automatic. You must submit an API Access Request through the designated form on the Platform. Vistarkriya reserves the sole and absolute discretion to approve or reject any API access request without providing reasons.
3.2 Three-Layer Authentication
Upon approval, You will receive an API Key, API Secret, and Tenant Code. These credentials enable a three-layer authentication system comprising: (a) API Key identification, (b) HMAC-SHA256 signature verification using Your API Secret, and (c) Tenant Code validation.
3.3 Credential Security
You are solely responsible for the security and confidentiality of Your API credentials. You shall not share, publish, embed in client-side code, transmit over insecure channels, or otherwise expose Your API Key or API Secret to any unauthorized person or system.
3.4 Attribution of API Calls
All API calls made using Your credentials are deemed to have been made by You, regardless of whether You actually authorized them. Vistarkriya bears no liability for any unauthorized use resulting from Your failure to secure Your credentials.
3.5 Compromise Notification
If You suspect that Your credentials have been compromised, You must immediately notify Us at hello@vistarkriya.com and request credential regeneration. Until new credentials are issued, You remain responsible for all activity under the compromised credentials.
3.6 Revocation
Vistarkriya may, at its discretion, revoke, suspend, or regenerate Your API credentials at any time, with or without prior notice, if it determines or suspects misuse, policy violation, security risk, or any other reason it deems appropriate.
Core Wallet — Billing, Deductions, and No Refund
4.1 Prepaid Wallet Model
All API usage in Live Mode is billed exclusively through the Core Wallet. There is no invoicing, post-paid billing, or credit-based consumption for API services. You must maintain sufficient Core Wallet balance before making any API call that incurs a charge. All API pricing is denominated in Indian Rupees (INR) and is inclusive of applicable GST, consistent with Terms of Service §5.
4.2 Real-Time Deduction
When an API call is made in Live Mode that involves a chargeable service (whether fulfilled by Vistarkriya directly or through a Third-Party Provider), the applicable fee is deducted from Your Core Wallet in real time at the point of request processing. The deduction occurs irrespective of whether the API response returns a successful, partial, or failed result from the Third-Party Provider's end.
4.3 No Reversal of API Deductions
Wallet deductions for API calls are final, non-reversible, and non-refundable under all circumstances. This includes but is not limited to:
- The API call was successfully processed by Us but the Third-Party Provider returned an error, timeout, partial data, or a negative/not-found result.
- The API call returned a valid response but the data was not what You expected or desired.
- You made a duplicate API call due to retry logic, network issues, or implementation errors on Your end.
- Your system made unintended API calls due to bugs, misconfiguration, infinite loops, or testing against the Live environment instead of Sandbox.
- The Third-Party Provider's service was temporarily degraded, resulting in delayed or incomplete responses.
- You did not consume or use the API response data after receiving it.
4.4 Wallet Top-ups and Withdrawals
Any amount added to the Core Wallet, including amounts topped up specifically for API consumption, is non-refundable. Wallet balance does not expire and can be consumed against any eligible Platform service.
Withdrawals from the Core Wallet to a bank account or UPI instrument, where permitted, are governed exclusively by Refund Policy §6 — including its minimum withdrawal amount, processing window, verification requirements, and applicable TDS, processing fee, and GST deductions. Nothing in these API Terms creates an additional right to withdraw, nor restricts a withdrawal right that the Refund Policy confers.
4.5 Non-Transferable
Wallet balance is non-transferable between tenants, between API Consumers, or between any accounts on the Platform.
4.6 Pricing Revisions
Vistarkriya reserves the right to revise API pricing at any time. Updated pricing will apply to all API calls made after the revision takes effect. Continued use of the API after a pricing revision constitutes Your acceptance of the new pricing. We will make reasonable efforts to communicate pricing changes through the Platform dashboard or documentation, but the absence of explicit notification does not invalidate the revised pricing.
4.7 Pipeline Wallet Excluded from API Billing
Pipeline Wallet balances (as defined in Refund Policy §6) are not debited for API consumption. API endpoints in the Kamao Module that report Pipeline Wallet state are read-only — they do not charge against, transfer from, or release the Pipeline Wallet. Pipeline Wallet release, forfeiture, and non-withdrawability remain governed by the Refund Policy.
API Services — Independent and Third-Party Dependent
5.1 Two Categories
The API Modules fall into two categories based on their dependency on external services:
Category A — Independent Services
Services where the entire processing, data generation, and response is handled by Our own infrastructure without reliance on any Third-Party Provider. Examples include Wallet balance queries, internal data retrieval, and Platform-native operations.
Category B — Third-Party Dependent Services
Services where We act as an intermediary, relay, or aggregator, and the actual data processing, verification, report generation, or service fulfillment is performed in whole or in part by one or more Third-Party Providers. Examples include credit bureau report fetching, PAN verification, Aadhaar-based verification, bank account validation, and other KYC or verification services.
5.2 Acknowledgments for Category B
For Category B services, You acknowledge and accept the following:
- (a) No Control: We do not control the availability, accuracy, completeness, response time, or uptime of Third-Party Provider services. We shall not be liable for any failure, error, delay, downtime, data inaccuracy, or service degradation originating from a Third-Party Provider.
- (b) Discontinuation: If a Third-Party Provider discontinues, suspends, modifies, or restricts its service, We may be compelled to discontinue, suspend, or modify the corresponding API Module without prior notice, and shall have no liability for such discontinuation.
- (c) Charge at Dispatch: Wallet deductions for Third-Party Dependent services are charged at the point of Our request dispatch to the Third-Party Provider. Once the request is dispatched, the cost is incurred by Us regardless of the Third-Party Provider's response. The wallet deduction stands regardless of the outcome.
- (d) Provider Categories vs Identity: The categories of Third-Party Providers (e.g., credit bureaus, KYC verification providers, payment gateways) are disclosed in Privacy Policy §4. We are not, however, obligated to disclose which specific provider serviced any individual API call, nor to disclose endpoint-level technical details.
- (e) Substitution: We may switch, add, or remove Third-Party Providers at any time without notice to You, provided that the functional nature of the API Module remains substantially similar.
5.3 For both Category A and Category B services, the no-refund policy stated in §4 above and in the Refund Policy applies without exception.
Rate Limits, IP Whitelisting, and Fair Usage
- 6.1 Rate Limits: API access is subject to rate limits. If You exceed the permitted rate of API calls within a given time window, Your requests will be throttled or rejected with an HTTP 429 (Rate Limited) response. Thresholds are published in the API documentation and may be updated from time to time.
- 6.2 IP Whitelisting: Every API Key requires a minimum of 1 and a maximum of 5 whitelisted IP addresses. API calls originating from non-whitelisted IPs are rejected with HTTP 403 and error code
AUTH_IP_BLOCKED. - 6.3 Anti-Circumvention: You shall not attempt to circumvent rate limits through any means, including rotating API Keys, using multiple accounts, proxying requests through distributed systems, or any other technique designed to evade rate controls.
- 6.4 Fair Usage: We reserve the right to impose additional rate limits, usage quotas, or fair usage restrictions on any API Consumer or API Module if We determine that the usage pattern is excessive, abusive, or detrimental to Platform stability or to the experience of other tenants.
Sandbox and Live Mode
We provide a Sandbox environment for testing and development purposes. Sandbox behavior differs from Live Mode as follows:
POST in Sandbox
Returns predefined simulated responses. No wallet deduction. Do not treat as production-grade.
GET in Sandbox
May return Your actual read-only account data (e.g., wallet balance). No wallet deduction.
POST in Live
Real processing via Third-Party Providers. Wallet deductions apply.
GET in Live
Real data. Wallet deductions apply where the endpoint is metered.
- 7.1 Your Responsibility: It is Your sole responsibility to ensure that Your application is configured to use the Sandbox environment during development and testing. We shall not be responsible for any wallet deductions arising from API calls mistakenly directed to the Live environment.
- 7.2 Sandbox POST Data: Simulated POST responses in Sandbox are fictional and must not be treated as real, accurate, or representative of Live Mode responses for SLA, billing, or compliance purposes.
- 7.3 Sandbox GET Data: GET responses in Sandbox reflect Your actual read-only account state but are still served without wallet deduction. No Sandbox response — POST or GET — should be relied upon for production billing-dispute purposes.
- 7.4 Modification: We may modify, limit, or discontinue the Sandbox environment at any time without notice.
Prohibited Uses
You shall not use the API for any purpose that is unlawful, prohibited by these API Terms, or prohibited by the Terms of Service. Without limiting the generality of the foregoing, You specifically agree not to:
- (a) Resell, sublicense, redistribute, or commercially share API responses, data, or reports obtained through the API with any third party, unless expressly authorized by Us in writing.
- (b) Use the API to build a competing product, service, or platform that replicates or substantially imitates the functionality of the Platform.
- (c) Scrape, harvest, cache, store, or create derivative databases from API responses beyond what is necessary for Your immediate business use.
- (d) Reverse engineer, decompile, disassemble, or attempt to derive the source code, algorithms, or architecture of the API or the Platform.
- (e) Use the API to transmit malicious code, execute injection attacks, or attempt to exploit any vulnerability in the API, the Platform, or any connected Third-Party Provider.
- (f) Impersonate another tenant, manipulate request headers, forge HMAC signatures, or tamper with authentication mechanisms.
- (g) Use the API for any activity that violates applicable data protection laws, including the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and any rules framed thereunder.
- (h) Make API calls for benchmarking, load testing, or stress testing the Platform without prior written authorization from Us.
- (i) Use credit bureau data, verification results, or any personal data obtained through the API in a manner inconsistent with the consent obtained from the data subject or in violation of the purpose for which the data was accessed.
Data Handling and Privacy
- 9.1 Privacy Policy Applies: Any personal data, sensitive personal data, financial data, or bureau data accessed through the API is subject to the Privacy Policy. You must comply with all applicable data protection laws in handling such data.
- 9.2 Purpose Limitation: You shall use the data obtained through the API solely for the legitimate business purpose for which the API call was made. You shall not use such data for unsolicited marketing, profiling, scoring, or any purpose not authorized by the data subject.
- 9.3 Security Measures: You shall implement adequate technical and organizational security measures to protect data received through the API from unauthorized access, disclosure, alteration, or destruction.
- 9.4 API Logs: We log all API requests and responses, including timestamps, IP addresses, request parameters, and response metadata. API logs are retained as Log Files under the schedule set out in Privacy Policy §6 (currently 3 years), and may be used for security, audit, compliance, and dispute resolution purposes.
Intellectual Property
- 10.1 The API, including its design, architecture, endpoints, documentation, authentication mechanisms, error codes, response formats, and all associated intellectual property, is and shall remain the exclusive property of VistarKriya Marketings Private Limited.
- 10.2 These API Terms grant You a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to use the API solely for the purpose of integrating with the Platform for Your business operations. This license does not confer any ownership, title, or proprietary right in the API.
- 10.3 You shall not use Our name, logo, trademarks, or brand assets in connection with Your API integration without prior written consent.
Termination
11.1 Termination by Us
We may terminate or suspend Your API access at any time, with or without notice, for any reason, including but not limited to:
- (a) Breach of these API Terms or any of the three related agreements (Terms of Service, Privacy Policy, Refund Policy).
- (b) Insufficient Core Wallet balance persisting beyond a reasonable period, or suspected fraudulent wallet activity.
- (c) Misuse, abuse, or excessive usage that impacts Platform stability.
- (d) A request or direction from any regulatory authority, law enforcement agency, or court of competent jurisdiction.
- (e) Discontinuation of the API service or the Platform, in whole or in part.
- (f) Your account on the Platform being terminated, suspended, or deactivated for any reason.
11.2 Termination by You
You may discontinue Your use of the API at any time by ceasing to make API calls. If You wish to formally close Your API access, You may request credential revocation by writing to hello@vistarkriya.com.
11.3 Effect of Termination
Upon termination of API access, whether initiated by You or by Us:
- (a) All rights and licenses granted under these API Terms terminate immediately.
- (b) You must immediately cease all use of the API and destroy or delete any cached API responses, credentials, and documentation in Your possession.
- (c) Wallet on API-only termination: Where only API access is terminated and Your underlying Platform account remains active, any remaining Core Wallet balance is not refundable on account of API termination, but may continue to be consumed against other Platform services. Withdrawal rights (if any) remain governed by Refund Policy §6.
- (d) Wallet on full account termination: Where Your underlying Platform account is also terminated, wallet treatment (including any forfeiture of Core Wallet and Pipeline Wallet balances on violation-based termination) is governed by Refund Policy §9.
- (e) We are not liable for any loss, damage, disruption, or cost You incur as a result of API access termination.
- (f) Survival: Sections 4 (Wallet & No Refund), 5 (Third-Party Disclaimer), 8 (Prohibited Uses), 9 (Data Handling), 10 (IP), 12 (Disclaimers), 13 (Limitation of Liability), 14 (Indemnification), 16 (Governing Law), and 17 (Force Majeure) shall survive termination.
Disclaimers and No Warranty
12.1 "AS IS" / "AS AVAILABLE"
The API is provided on an "AS IS" and "AS AVAILABLE" basis. We make no representations or warranties of any kind, whether express, implied, statutory, or otherwise, regarding the API, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, reliability, or availability.
12.2 We do not warrant that:
- (a) The API will be available at all times without interruption, error, or downtime.
- (b) API responses will be accurate, complete, current, or error-free, particularly for Third-Party Dependent services.
- (c) Defects in the API will be corrected within any specific timeframe.
- (d) The API will meet Your specific requirements or expectations.
12.3 No SLA Unless Separately Agreed
We do not provide any uptime guarantee or Service Level Agreement (SLA) for the API unless explicitly agreed in a separate written agreement. Any uptime, latency, or performance figures shown in marketing materials, API documentation, dashboards, or other communications are aspirational targets only and are not contractually binding.
Limitation of Liability
- 13.1 Excluded Damages: To the maximum extent permitted by applicable law, VISTARKRIYA MARKETINGS PRIVATE LIMITED, its directors, officers, employees, affiliates, and agents shall not be liable for any indirect, incidental, special, consequential, punitive, or exemplary damages arising out of or in connection with Your use of the API, including but not limited to loss of revenue, loss of profit, loss of data, loss of business opportunity, business interruption, or cost of procurement of substitute services, even if We have been advised of the possibility of such damages.
- 13.2 Aggregate Cap: Our total aggregate liability arising out of or in connection with these API Terms, whether in contract, tort, negligence, strict liability, or otherwise, shall in no event exceed the total amount You paid to Us through wallet deductions for API usage in the twelve (12) months immediately preceding the event giving rise to the claim. This cap is consistent with Terms of Service §11.
Indemnification
You agree to indemnify, defend, and hold harmless VistarKriya Marketings Private Limited, its directors, officers, employees, affiliates, and agents from and against any and all claims, demands, actions, losses, damages, costs, and expenses (including reasonable attorney's fees) arising out of or in connection with:
- (a) Your use or misuse of the API.
- (b) Your violation of these API Terms or any applicable law.
- (c) Your violation of any third-party right, including intellectual property rights, privacy rights, or data protection obligations.
- (d) Any claim by a data subject or regulatory authority arising from Your handling of data obtained through the API.
- (e) Any unauthorized use of the API through Your credentials.
Modifications to API and These Terms
- 15.1 We reserve the right to modify, update, deprecate, or discontinue any API Module, endpoint, feature, or functionality at any time, with or without prior notice.
- 15.2 We reserve the right to amend these API Terms at any time. The updated version will be posted on the Platform with a revised "Last Updated" date. Your continued use of the API after any amendment constitutes Your acceptance of the amended terms.
- 15.3 It is Your responsibility to periodically review these API Terms for changes.
Governing Law, Jurisdiction, and Dispute Resolution
16.1 Governing Law
These API Terms shall be governed by and construed in accordance with the laws of India, without regard to its conflict of law principles.
16.2 Good-Faith Negotiation
Any dispute, controversy, or claim arising out of or relating to these API Terms shall first be attempted to be resolved through good-faith negotiation between the parties for a period of thirty (30) days from written notice of the dispute.
16.3 Arbitration
If the dispute is not resolved through negotiation, it shall be referred to and finally resolved by arbitration in accordance with the Arbitration and Conciliation Act, 1996 (as amended).
- Number of Arbitrators: One (1) sole arbitrator, mutually appointed by the parties; if the parties cannot agree on a sole arbitrator within fifteen (15) days of arbitration being invoked, the appointment shall be made in accordance with the Arbitration and Conciliation Act, 1996 (and, where applicable, by the Uttarakhand High Court).
- Seat and Venue: Dehradun, Uttarakhand, India.
- Language: English or Hindi.
- Arbitration Fees: To be borne by the losing party unless otherwise determined by the arbitrator.
You agree to attempt resolution through Our internal grievance process before initiating arbitration. The arbitrator's decision shall be final and binding on both parties.
16.4 Class Action Waiver
Consistent with Terms of Service §13, You agree that any dispute resolution proceedings under these API Terms will be conducted only on an individual basis and not in a class, consolidated, or representative action. You waive any right to participate in a class action lawsuit or class-wide arbitration against Us.
16.5 Jurisdiction
Subject to the arbitration provision above, You irrevocably submit to the exclusive jurisdiction of the courts located in Dehradun, Uttarakhand, India for any legal proceedings arising out of or relating to these API Terms.
Force Majeure
We shall not be liable for any failure or delay in performing Our obligations under these API Terms if such failure or delay results from circumstances beyond Our reasonable control, including but not limited to:
- Acts of God, natural disasters, earthquakes, floods, fire, pandemics, epidemics
- War, terrorism, civil unrest, or armed conflict
- Government actions, orders, or regulations
- Changes in RBI policies, banking regulations, or financial sector guidelines
- Third-Party Provider outages, API failures, bureau-side downtime, or service degradation
- Internet or telecommunications failures
- Power outages or infrastructure failures
- Cyberattacks, hacking, or security breaches beyond Our reasonable control
- Any other event described in Terms of Service §14
During a force majeure event Our obligations shall be suspended for the duration of such event, and no refund or compensation shall be due, including no reversal of Core Wallet deductions already incurred at the point of dispatch.
Severability
If any provision of these API Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent.
Entire Agreement
These API Terms, together with the Terms of Service, Privacy Policy, and Refund Policy, constitute the entire agreement between You and VistarKriya Marketings Private Limited with respect to API access and usage, and supersede all prior or contemporaneous oral or written communications, proposals, and representations with respect to the API.
Contact Information
For questions, concerns, or notices related to these API Terms:
VistarKriya Marketings Private Limited
Email: hello@vistarkriya.com
Phone: 8766268711
Website: https://vistarkriya.com
Registered Office:
3rd Floor, Shree Jee Plaza, New Road,
Dalanwala, Dehradun, Uttarakhand 248001
Branch Office:
55, 3rd Floor, Westend Marg, Saidullajab,
Near Saket Metro, New Delhi 110030
Acknowledgment & Acceptance
By Using the API, You Acknowledge:
- You have read and understood these API Terms in their entirety.
- You agree to be legally bound by all provisions herein.
- You understand these API Terms apply in addition to the Terms of Service, Privacy Policy, and Refund Policy, and that all four agreements collectively govern Your relationship with Us in respect of API access.
- You accept that wallet deductions for API calls are final and non-reversible, while broader wallet rights (including withdrawal of Core Wallet balance) remain governed by the Refund Policy.
- You accept the twelve (12)-month aggregate liability cap and the class action waiver.
- You agree to mutually-appointed arbitration in Dehradun, Uttarakhand under Indian law, with fallback appointment under the Arbitration and Conciliation Act, 1996.
- If submitting data of others through the API, You have obtained their consent and will indemnify Us against any claims arising from such submission.
These API Terms are an integral part of Your overall agreement with Us. In case of any conflict between these API Terms, the Terms of Service, Privacy Policy, and Refund Policy on API-specific matters, these API Terms shall prevail; on all other matters, the more restrictive provision shall apply.
Questions About These API Terms?
VistarKriya Marketings Private Limited
Registered Office:
3rd Floor, Shree Jee Plaza, New Road, Dalanwala, Dehradun, Uttarakhand 248001
Branch Office:
55, 3rd Floor, Westend Marg, Saidullajab, Near Saket Metro, New Delhi 110030