API Terms of Service
Last updated: June 2026
1. Acceptance
By accessing the Osapher API you agree to these API Terms of Service in addition to Osapher's main Terms of Service.
2. API Access
API access is available to users on the Osapher SMB platform (Starter and Agency plans) and the Osapher Enterprise KYB platform (Starter and Growth plans). A public M2M verification API is also available without authentication for basic entity lookups — see rate limits below. API credentials are personal and must not be shared or transferred.
3. Permitted Use
You may use the Osapher API to:
- Query entity identity data for businesses you represent or have authorisation to verify
- Deploy schema to websites under your management
- Access AI audit results for domains you manage
- Build integrations for your own products and services
- Run KYB entity verification checks against live ABR and NZBN registries on behalf of Enterprise customers
- Receive and verify HMAC-SHA256 signed webhook payloads from the Osapher monitoring engine
- Query the public M2M verification endpoint for registry-anchored business identity data
4. Prohibited Use
You must not use the Osapher API to:
- Bulk-harvest ABR or NZBN data for commercial resale
- Build competing entity verification products using our API output
- Query entities without authorisation from the entity
- Circumvent rate limits or access controls
- Reverse engineer our schema generation algorithms
- Use Enterprise KYB API results as the sole basis for AML/CTF compliance without maintaining your own independent compliance program as required by applicable law
5. Rate Limits
API rate limits apply per plan:
- Public M2M API (/api/v1/verify/:abn): 30 requests per 60 seconds — no authentication required
- SMB Starter: included within plan, subject to fair use
- SMB Agency: included within plan, subject to fair use
- Enterprise Starter: 50 KYB verifications per month
- Enterprise Growth: 150 KYB verifications per month
- Enterprise: custom contract-defined verification volume
Exceeding rate limits will result in temporary suspension of API access. Enterprise customers requiring higher limits should contact enterprise@osapher.com.
6. Data Ownership
You retain ownership of data you provide to the API. Osapher retains ownership of schema templates, scoring algorithms, and platform infrastructure. Registry data remains the property of the relevant government registry. Webhook payloads delivered by Osapher are signed with HMAC-SHA256 using your whsec_ secret. You are responsible for verifying the X-Osapher-Signature header before processing any webhook payload.
7. Liability
Osapher is not liable for decisions made based on API output. Registry data accuracy is subject to the relevant registry's terms. See our Registry Data Disclaimer for details.
8. Changes to API
Osapher reserves the right to modify or deprecate API endpoints with 30 days notice to API users. Enterprise customers will be given reasonable advance notice of material changes to API terms.
Contact: api@osapher.com