API Terms of Use

Applicability and Relationship with Other Agreements

These API Terms of Use ("API Terms") govern Your access to and use of the Application Programming Interface ("API") provided by VistarKriya Marketings Private Limited (VistarKriya Marketings Private Limited) ("Company", "We", "Us", "Our"), a company incorporated under the laws of India, having its registered office at 3rd Floor, Shree Jee Plaza, New Road, Dalanwala, Dehradun, Uttarakhand 248001 and its branch office at 55, 3rd Floor, Westend Marg, Saidullajab, Near Saket Metro, New Delhi 110030.

These API Terms are supplementary to and shall be read in conjunction with the following agreements:

• Terms of Service
• Privacy Policy
• Refund Policy

By requesting, receiving, or using API credentials, or by making any API call to the Platform, You acknowledge that You have read, understood, and agree to be bound by these API Terms together with the three agreements referenced above.

Eligibility: API access is restricted to entities and individuals who meet the eligibility criteria set out in Terms of Service §1, including the minimum age of 18 years and the legal capacity to enter into binding contracts under Indian law.

Definitions

• "API" means the RESTful Application Programming Interface (currently versioned as v1) made available by Vistarkriya, including all endpoints, authentication mechanisms, request/response formats, and associated documentation.
• "API Key" and "API Secret" mean the unique credentials issued to You for the purpose of authenticating API requests.
• "Tenant Code" means the unique identifier (typically a 6-digit numeric code) assigned to Your tenant account on the Platform.
• "Core Wallet" means the prepaid digital wallet maintained within the Platform against which all API consumption charges are debited, as further defined and governed by Refund Policy §6.
• "Pipeline Wallet" has the meaning given in Refund Policy §6. The Pipeline Wallet holds pending commissions and is not used for API consumption billing. API endpoints that report Pipeline Wallet state are read-only.
• "API Consumer" or "You" means any individual, business entity, or tenant who has been issued API credentials and accesses the API.
• "API Modules" means the distinct functional categories of the API, which currently include Wallet, CIBIL Reports, Verify Services, Marketplace, Kamao, and B2C, and may be updated by Us from time to time.
• "Third-Party Provider" means any external service provider, data source, bureau, verification agency, payment gateway, or other entity whose services are accessed, relayed, or facilitated through the API.
• "Platform" means the Vistarkriya SaaS platform (also defined as the "Service" in the Terms of Service), including the web application, dashboard, APIs, and all associated services.
• "Sandbox" means the testing environment provided by Us. POST requests in Sandbox return simulated dummy responses without wallet deductions; GET requests in Sandbox may return Your actual read-only account data, also without wallet deductions (see §7).
• "Live Mode" means the production environment where API calls result in actual data processing, real responses from Third-Party Providers, and wallet deductions.

API Access and Credentials

Core Wallet — Billing, Deductions, and No Refund

API Services — Independent and Third-Party Dependent

5.3 For both Category A and Category B services, the no-refund policy stated in §4 above and in the Refund Policy applies without exception.

Rate Limits, IP Whitelisting, and Fair Usage

• 6.1 Rate Limits: API access is subject to rate limits. If You exceed the permitted rate of API calls within a given time window, Your requests will be throttled or rejected with an HTTP 429 (Rate Limited) response. Thresholds are published in the API documentation and may be updated from time to time.
• 6.2 IP Whitelisting: Every API Key requires a minimum of 1 and a maximum of 5 whitelisted IP addresses. API calls originating from non-whitelisted IPs are rejected with HTTP 403 and error code AUTH_IP_BLOCKED.
• 6.3 Anti-Circumvention: You shall not attempt to circumvent rate limits through any means, including rotating API Keys, using multiple accounts, proxying requests through distributed systems, or any other technique designed to evade rate controls.
• 6.4 Fair Usage: We reserve the right to impose additional rate limits, usage quotas, or fair usage restrictions on any API Consumer or API Module if We determine that the usage pattern is excessive, abusive, or detrimental to Platform stability or to the experience of other tenants.

Sandbox and Live Mode

We provide a Sandbox environment for testing and development purposes. Sandbox behavior differs from Live Mode as follows:

• 7.1 Your Responsibility: It is Your sole responsibility to ensure that Your application is configured to use the Sandbox environment during development and testing. We shall not be responsible for any wallet deductions arising from API calls mistakenly directed to the Live environment.
• 7.2 Sandbox POST Data: Simulated POST responses in Sandbox are fictional and must not be treated as real, accurate, or representative of Live Mode responses for SLA, billing, or compliance purposes.
• 7.3 Sandbox GET Data: GET responses in Sandbox reflect Your actual read-only account state but are still served without wallet deduction. No Sandbox response — POST or GET — should be relied upon for production billing-dispute purposes.
• 7.4 Modification: We may modify, limit, or discontinue the Sandbox environment at any time without notice.

Prohibited Uses

You shall not use the API for any purpose that is unlawful, prohibited by these API Terms, or prohibited by the Terms of Service. Without limiting the generality of the foregoing, You specifically agree not to:

• (a) Resell, sublicense, redistribute, or commercially share API responses, data, or reports obtained through the API with any third party, unless expressly authorized by Us in writing.
• (b) Use the API to build a competing product, service, or platform that replicates or substantially imitates the functionality of the Platform.
• (c) Scrape, harvest, cache, store, or create derivative databases from API responses beyond what is necessary for Your immediate business use.
• (d) Reverse engineer, decompile, disassemble, or attempt to derive the source code, algorithms, or architecture of the API or the Platform.
• (e) Use the API to transmit malicious code, execute injection attacks, or attempt to exploit any vulnerability in the API, the Platform, or any connected Third-Party Provider.
• (f) Impersonate another tenant, manipulate request headers, forge HMAC signatures, or tamper with authentication mechanisms.
• (g) Use the API for any activity that violates applicable data protection laws, including the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and any rules framed thereunder.
• (h) Make API calls for benchmarking, load testing, or stress testing the Platform without prior written authorization from Us.
• (i) Use credit bureau data, verification results, or any personal data obtained through the API in a manner inconsistent with the consent obtained from the data subject or in violation of the purpose for which the data was accessed.

Data Handling and Privacy

• 9.1 Privacy Policy Applies: Any personal data, sensitive personal data, financial data, or bureau data accessed through the API is subject to the Privacy Policy. You must comply with all applicable data protection laws in handling such data.
• 9.2 Purpose Limitation: You shall use the data obtained through the API solely for the legitimate business purpose for which the API call was made. You shall not use such data for unsolicited marketing, profiling, scoring, or any purpose not authorized by the data subject.
• 9.3 Security Measures: You shall implement adequate technical and organizational security measures to protect data received through the API from unauthorized access, disclosure, alteration, or destruction.
• 9.4 API Logs: We log all API requests and responses, including timestamps, IP addresses, request parameters, and response metadata. API logs are retained as Log Files under the schedule set out in Privacy Policy §6, and may be used for security, audit, compliance, and dispute resolution purposes.

Intellectual Property

• 10.1 The API, including its design, architecture, endpoints, documentation, authentication mechanisms, error codes, response formats, and all associated intellectual property, is and shall remain the exclusive property of VistarKriya Marketings Private Limited.
• 10.2 These API Terms grant You a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to use the API solely for the purpose of integrating with the Platform for Your business operations. This license does not confer any ownership, title, or proprietary right in the API.
• 10.3 You shall not use Our name, logo, trademarks, or brand assets in connection with Your API integration without prior written consent.

Termination

Disclaimers and No Warranty

12.2 We do not warrant that:

• (a) The API will be available at all times without interruption, error, or downtime.
• (b) API responses will be accurate, complete, current, or error-free, particularly for Third-Party Dependent services.
• (c) Defects in the API will be corrected within any specific timeframe.
• (d) The API will meet Your specific requirements or expectations.

Limitation of Liability

• 13.1 Excluded Damages: To the maximum extent permitted by applicable law, VISTARKRIYA MARKETINGS PRIVATE LIMITED, its directors, officers, employees, affiliates, and agents shall not be liable for any indirect, incidental, special, consequential, punitive, or exemplary damages arising out of or in connection with Your use of the API, including but not limited to loss of revenue, loss of profit, loss of data, loss of business opportunity, business interruption, or cost of procurement of substitute services, even if We have been advised of the possibility of such damages.
• 13.2 Aggregate Cap: Our total aggregate liability arising out of or in connection with these API Terms, whether in contract, tort, negligence, strict liability, or otherwise, shall in no event exceed the total amount You paid to Us through wallet deductions for API usage in the twelve (12) months immediately preceding the event giving rise to the claim. This cap is consistent with Terms of Service §11.

Indemnification

You agree to indemnify, defend, and hold harmless VistarKriya Marketings Private Limited, its directors, officers, employees, affiliates, and agents from and against any and all claims, demands, actions, losses, damages, costs, and expenses (including reasonable attorney's fees) arising out of or in connection with:

• (a) Your use or misuse of the API.
• (b) Your violation of these API Terms or any applicable law.
• (c) Your violation of any third-party right, including intellectual property rights, privacy rights, or data protection obligations.
• (d) Any claim by a data subject or regulatory authority arising from Your handling of data obtained through the API.
• (e) Any unauthorized use of the API through Your credentials.

Modifications to API and These Terms

• 15.1 We reserve the right to modify, update, deprecate, or discontinue any API Module, endpoint, feature, or functionality at any time, with or without prior notice.
• 15.2 We reserve the right to amend these API Terms at any time. The updated version will be posted on the Platform with a revised "Last Updated" date. Your continued use of the API after any amendment constitutes Your acceptance of the amended terms.
• 15.3 It is Your responsibility to periodically review these API Terms for changes.

Governing Law, Jurisdiction, and Dispute Resolution

Force Majeure

We shall not be liable for any failure or delay in performing Our obligations under these API Terms if such failure or delay results from circumstances beyond Our reasonable control, including but not limited to:

• Acts of God, natural disasters, earthquakes, floods, fire, pandemics, epidemics
• War, terrorism, civil unrest, or armed conflict
• Government actions, orders, or regulations
• Changes in RBI policies, banking regulations, or financial sector guidelines
• Third-Party Provider outages, API failures, bureau-side downtime, or service degradation
• Internet or telecommunications failures
• Power outages or infrastructure failures
• Cyberattacks, hacking, or security breaches beyond Our reasonable control
• Any other event described in Terms of Service §14

During a force majeure event Our obligations shall be suspended for the duration of such event, and no refund or compensation shall be due, including no reversal of Core Wallet deductions already incurred at the point of dispatch.

Severability

If any provision of these API Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent.

Entire Agreement

These API Terms, together with the Terms of Service, Privacy Policy, and Refund Policy, constitute the entire agreement between You and VistarKriya Marketings Private Limited with respect to API access and usage, and supersede all prior or contemporaneous oral or written communications, proposals, and representations with respect to the API.

Contact Information

For questions, concerns, or notices related to these API Terms:

Acknowledgment & Acceptance

These API Terms are an integral part of Your overall agreement with Us. The Terms of Service governs all matters; the Refund Policy, Privacy Policy, and these API Terms supplement it. In case of conflict between these documents, the Terms of Service shall prevail, except that on API-specific matters these API Terms shall prevail.