API and Developer Terms

API and Developer Terms

Effective Date: November 18, 2025
Last Updated: May 26, 2026

These API and Developer Terms (“API Terms”) govern your access to and use of any application programming interfaces, developer tools, webhooks, widgets, embed codes, SDKs, documentation, sandbox environments, testing tools, verification endpoints, lookup services, and related technical services made available by prooflookup.com/ (“ProofLookup,” “the Service,” “we,” “us,” or “our”).

By accessing or using any ProofLookup API, developer feature, integration, or technical interface, you agree to these API Terms, our Terms of Service, Privacy Policy, Acceptable Use Policy, Abuse & Public Safety Policy, and any additional rules, limits, or documentation we publish. If you do not agree, you must not access or use the API.

1. Relationship to Other Terms

These API Terms supplement and form part of our broader legal terms. If there is a conflict between these API Terms and the general Terms of Service, these API Terms will control only with respect to API, developer, integration, webhook, and automated access matters.

All use of the API remains subject to our Terms of Service, Privacy Policy, Acceptable Use Policy, Verification & Certificate Lookup Policy, Abuse & Public Safety Policy, Data Retention & Deletion Policy, Security Policy, and Disclaimer.

2. Description of the API

The ProofLookup API may allow authorized users, site owners, merchants, issuers, developers, or integration partners to create, submit, retrieve, validate, manage, display, or verify certain records, certificates, proof pages, product verification data, lookup codes, QR code references, public verification pages, metadata, status values, or related information.

The API may include production endpoints, sandbox endpoints, private endpoints, public lookup endpoints, webhooks, authentication services, rate-limited query services, import/export tools, or integration features.

We may add, modify, restrict, suspend, rename, replace, or discontinue any API feature, endpoint, field, response format, data model, rate limit, authentication method, or integration at any time.

3. API Access Is a Privilege, Not a Right

API access is provided at our discretion. We may approve, deny, limit, suspend, revoke, or terminate API access at any time, with or without notice, if we believe your access or use creates legal, technical, operational, security, abuse, reputational, public safety, fraud, data protection, or business risk.

We are not obligated to provide API access, maintain any endpoint indefinitely, support any integration, or continue compatibility with any specific third-party system.

4. Developer Accounts and Credentials

You may be required to create an account, request API access, generate API keys, configure webhooks, register applications, or provide verification information before using the API.

You are responsible for:

  1. keeping API keys, tokens, secrets, credentials, signing keys, and webhook secrets confidential;
  2. using secure storage and transmission practices;
  3. restricting access to authorized personnel only;
  4. rotating credentials when necessary;
  5. promptly notifying us if credentials are lost, exposed, leaked, stolen, misused, or suspected to be compromised;
  6. all activity performed using your credentials, whether authorized by you or not.

You must not publish, share, sell, transfer, embed in public code repositories, expose in client-side code, hard-code into distributed applications, or otherwise disclose API keys or secrets.

5. Authentication and Security Requirements

You must use authentication, encryption, access controls, and security measures appropriate for the sensitivity of the data and the nature of your integration.

You agree to:

  1. use HTTPS for all API requests where available or required;
  2. validate webhook signatures or security tokens where provided;
  3. protect user data, issuer data, verification records, certificate records, product records, and lookup data from unauthorized access;
  4. implement reasonable logging, monitoring, and alerting for your integration;
  5. avoid storing unnecessary data;
  6. delete cached or exported data when no longer needed or when required by law or policy;
  7. comply with applicable privacy, data protection, consumer protection, cybersecurity, and recordkeeping laws.

You must not bypass authentication, exploit vulnerabilities, use unauthorized credentials, scrape private endpoints, or access data you are not authorized to access.

6. Permitted Uses

Subject to these API Terms, you may use the API only for lawful, authorized, and approved purposes related to ProofLookup functionality, such as:

  1. creating or managing records you are authorized to create or manage;
  2. verifying lookup codes, certificates, product identifiers, proof pages, or public verification records;
  3. integrating ProofLookup with your own website, application, merchant system, certificate system, product verification system, internal dashboard, customer portal, or authorized workflow;
  4. displaying verification results to authorized users or the public where permitted;
  5. receiving webhook notifications for legitimate operational purposes;
  6. exporting your own authorized records, subject to applicable limits and policies.

Any use outside the intended, documented, authorized, or approved scope is prohibited unless we give written permission.

7. Prohibited Uses

You must not use the API, developer tools, integrations, webhooks, or automated access to:

  1. create, generate, validate, promote, or distribute fake, fraudulent, misleading, counterfeit, forged, or unauthorized certificates, proof records, verification pages, lookup codes, product authenticity claims, inspection records, compliance records, warranties, credentials, badges, labels, or similar materials;
  2. misrepresent the authenticity, origin, issuer, approval status, certification status, compliance status, ownership, warranty, safety, identity, source, quality, or legitimacy of any product, person, business, document, asset, certificate, code, or record;
  3. impersonate any company, brand, issuer, manufacturer, inspector, laboratory, government agency, school, professional body, platform, or person;
  4. submit false, deceptive, unlawful, unsafe, infringing, harmful, or unauthorized data;
  5. misuse public verification results to imply endorsement, official approval, legal compliance, regulatory clearance, product safety, medical validity, financial reliability, or government recognition where no such status exists;
  6. scrape, harvest, mine, copy, bulk download, index, mirror, resell, or redistribute ProofLookup data except as expressly permitted;
  7. build a competing service, database, verification platform, certificate lookup system, product authenticity platform, or data broker service using ProofLookup data or API access;
  8. reverse engineer, benchmark for publication, stress test, probe, scan, attack, or attempt to discover non-public API features, source code, vulnerabilities, internal systems, or limits without written authorization;
  9. use the API for spam, phishing, malware, fraud, credential theft, fake login pages, illegal goods, dangerous services, public safety threats, harassment, doxxing, or other prohibited activity;
  10. use the API to generate links, pages, codes, QR codes, or records that conceal illegal, harmful, abusive, deceptive, or public-safety-risk content;
  11. bypass, disable, overload, evade, or interfere with rate limits, authentication, monitoring, auditing, logging, abuse detection, security controls, or usage limits;
  12. share, rent, sell, sublicense, or provide API access to third parties without our written permission;
  13. use multiple accounts, rotating credentials, proxy networks, botnets, disposable identities, or automated signups to evade limits or enforcement;
  14. submit personal data, sensitive data, regulated data, or confidential third-party data unless you have lawful authority and appropriate safeguards;
  15. use API responses as the sole basis for high-risk decisions involving legal rights, employment, credit, insurance, housing, medical care, public safety, or other regulated decisions without independent review and lawful basis.

8. Verification Results Are Not Absolute Proof

ProofLookup may provide lookup, display, verification, or record-management functionality, but API responses and public lookup results are not a guarantee of authenticity, legality, quality, safety, ownership, compliance, regulatory approval, product performance, or truthfulness.

A “valid,” “active,” “found,” “matched,” or similar API response only indicates that a record matching the query exists or is currently displayed according to the information available to the Service at that time. It does not guarantee that the underlying claim, certificate, product, issuer, seller, document, code, or data is complete, accurate, lawful, current, or independently verified by us.

You must not present API results in a way that overstates what ProofLookup confirms.

9. Your Data Responsibilities

You are solely responsible for the data you submit, import, publish, connect, expose, or make available through the API.

You represent and warrant that:

  1. you have all necessary rights, permissions, licenses, consents, and authority to submit and process the data;
  2. your data is accurate, lawful, non-infringing, and not misleading;
  3. your use of the data complies with applicable laws and your own privacy notices, contracts, customer commitments, and policies;
  4. your data does not violate any intellectual property, privacy, publicity, consumer protection, unfair competition, product safety, export control, sanctions, or other rights or laws;
  5. your data does not create public safety, fraud, abuse, or security risk.

You must promptly correct, disable, delete, or update inaccurate, expired, unauthorized, disputed, or unsafe records.

10. Personal Data and Privacy

If you use the API to process personal data, you are responsible for determining your legal role and obligations under applicable privacy and data protection laws.

You agree to:

  1. collect and process personal data only with a lawful basis;
  2. provide required notices and obtain required consents;
  3. honor applicable access, correction, deletion, objection, restriction, portability, opt-out, and other privacy rights;
  4. avoid submitting sensitive personal data unless necessary and lawful;
  5. implement appropriate technical and organizational safeguards;
  6. notify us promptly if your integration causes or contributes to a security incident involving ProofLookup data;
  7. not use API data for unlawful profiling, surveillance, discrimination, or unauthorized marketing.

Our processing of information is also governed by our Privacy Policy.

11. Rate Limits, Quotas, and Fair Use

We may set, change, or enforce rate limits, quotas, usage caps, concurrency limits, storage limits, webhook limits, endpoint-specific limits, or other restrictions at any time.

You must not attempt to bypass or manipulate limits by using multiple accounts, multiple keys, proxy networks, distributed traffic, rotating IPs, cached credentials, unauthorized scraping, request replay, or similar methods.

We may throttle, delay, reject, block, suspend, or terminate requests, keys, accounts, endpoints, or integrations that exceed limits, degrade performance, create operational burden, or appear abusive.

12. API Changes and Deprecation

We may modify, update, replace, deprecate, or remove API features, endpoints, parameters, fields, authentication methods, SDKs, webhook formats, response structures, documentation, or data models at any time.

Where practical, we may provide notice of material changes, but we are not required to do so.

You are responsible for monitoring documentation, testing integrations, updating your systems, and maintaining compatibility.

13. Sandbox, Testing, and Non-Production Use

If we provide a sandbox or test environment, it is for development and testing only.

You must not use sandbox data, test credentials, sample certificates, sample proof pages, sample QR codes, or test verification records as real, production, public, legal, commercial, or customer-facing proof.

We may reset, delete, modify, restrict, or disable sandbox environments and test data at any time.

14. Webhooks and Automated Notifications

If you use webhooks, you are responsible for securing webhook endpoints, validating signatures or tokens where available, handling duplicate deliveries, preventing replay attacks, and ensuring that your endpoint does not expose sensitive information.

Webhook delivery is not guaranteed. Events may be delayed, duplicated, lost, modified, or discontinued.

You must not rely on webhooks as the only method for legally, financially, operationally, or safety-critical processes.

15. Caching and Storage

You may cache API responses only as necessary for your authorized integration and subject to documentation, policies, and applicable law.

You must not cache or store data longer than necessary. You must delete or refresh cached data when records are deleted, suspended, expired, corrected, disputed, or updated, or when we instruct you to do so.

You must not create a permanent mirror, shadow database, public index, resale database, training dataset, or competing lookup system using API data.

16. Attribution and Branding

You must not use the ProofLookup name, logo, branding, trademarks, badges, labels, verification marks, or interface elements in a way that suggests endorsement, official certification, partnership, sponsorship, regulatory approval, or affiliation unless we provide written permission.

You must not modify, obscure, misuse, imitate, or falsely display ProofLookup branding or verification indicators.

We may require attribution, disclaimers, or specific display language for certain integrations.

17. No Resale or Sub-Licensing

You may not sell, rent, lease, sublicense, redistribute, white-label, package, or provide access to the API, API responses, verification data, certificate lookup data, proof records, or developer tools to third parties unless we provide written permission.

You may not use ProofLookup API access to operate a third-party verification service, public data resale service, certificate authority, compliance database, product authenticity marketplace, or similar business without written permission.

18. AI, Machine Learning, and Automated Analysis

You must not use API data, lookup data, certificate records, proof records, public verification results, user records, screenshots, or metadata to train, fine-tune, evaluate, benchmark, or improve artificial intelligence systems, machine learning models, large language models, classifiers, or automated decision systems without our written permission.

You must not use automated systems to infer private, sensitive, confidential, or unauthorized information from ProofLookup data.

19. Security Testing

You must not conduct vulnerability scanning, penetration testing, load testing, scraping, fuzzing, exploit testing, credential testing, or automated security testing against the API or Service without written authorization.

Security issues should be reported according to our Security Policy.

20. Monitoring and Audit Rights

We may monitor API usage, requests, responses, logs, traffic patterns, error rates, authentication events, destination behavior, webhook activity, and other technical signals for security, reliability, abuse prevention, billing, compliance, and enforcement.

We may require information about your application, integration, use case, data flows, security controls, privacy practices, or end users. Failure to provide requested information may result in suspension or termination of API access.

We may audit or review your integration where we believe it creates risk or violates these API Terms.

21. Suspension and Termination

We may suspend, revoke, restrict, rotate, disable, delete, or terminate API keys, tokens, accounts, endpoints, webhooks, integrations, applications, or access at any time, with or without notice, if we believe:

  1. you violated these API Terms or other policies;
  2. your integration is insecure, abusive, misleading, unlawful, or harmful;
  3. your data is inaccurate, fraudulent, unsafe, unauthorized, or infringing;
  4. your API usage creates excessive load or operational burden;
  5. your account or credentials are compromised;
  6. your use creates legal, privacy, security, public safety, reputational, or business risk;
  7. we are required or requested to act by law, legal process, payment processors, hosting providers, security vendors, regulators, law enforcement, or affected parties.

Upon suspension or termination, you must immediately stop using the API, delete or secure credentials, and delete API data where required by us, law, or policy.

22. Fees and Paid API Features

Some API features may be free, paid, limited, metered, usage-based, subscription-based, or available only by written agreement.

We may change pricing, limits, plans, features, access levels, or availability at any time.

Failure to pay applicable fees may result in suspension or termination of API access.

23. Support

We may provide documentation, examples, support, or guidance at our discretion.

We do not guarantee response times, continued support, bug fixes, backward compatibility, integration assistance, or custom development unless separately agreed in writing.

24. Service Availability

The API may be unavailable, delayed, limited, inaccurate, interrupted, degraded, suspended, or discontinued at any time.

We do not guarantee uptime, latency, response times, delivery, accuracy, data completeness, backward compatibility, or permanent availability of any API feature.

You are responsible for designing your integration to handle errors, downtime, timeouts, retries, duplicate events, degraded service, rate limits, and unavailable endpoints.

25. No Warranties

The API and developer tools are provided on an “as is” and “as available” basis.

To the fullest extent permitted by law, we disclaim all warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular purpose, title, non-infringement, availability, accuracy, reliability, security, and uninterrupted operation.

We do not warrant that the API will meet your requirements, that records will be accurate, that verification results will be complete, that abuse will be detected, that data will not be lost, or that integrations will remain compatible.

26. Limitation of Liability

To the fullest extent permitted by law, we will not be liable for indirect, incidental, special, consequential, exemplary, punitive, or similar damages, including lost profits, lost revenue, lost data, data corruption, business interruption, loss of goodwill, reputational harm, customer claims, compliance failures, product recall costs, failed verification, false positives, false negatives, or costs of substitute services.

We are not liable for damages arising from:

  1. API downtime, changes, deprecation, rate limits, suspension, or termination;
  2. incorrect, outdated, fraudulent, incomplete, disputed, missing, or unauthorized records;
  3. your integration errors, security failures, data handling, or misuse;
  4. third-party systems, networks, hosting providers, CDNs, payment processors, or applications;
  5. unauthorized access caused by exposed credentials or insecure implementation;
  6. decisions made based on API responses or verification results;
  7. enforcement actions taken under these API Terms or other policies.

Our total liability for all claims arising out of or relating to the API, developer tools, integrations, or these API Terms shall not exceed the greater of the amount you paid us for API access in the twelve months before the claim arose or USD $100.

27. Indemnification

You agree to defend, indemnify, and hold harmless ProofLookup, its owners, operators, affiliates, officers, directors, employees, contractors, agents, service providers, and licensors from and against all claims, liabilities, damages, losses, costs, expenses, fines, penalties, and fees, including reasonable attorneys’ fees, arising out of or related to:

  1. your use of the API;
  2. your application, integration, website, system, or service;
  3. your data, records, certificates, proof pages, lookup codes, product claims, or verification results;
  4. your violation of these API Terms or other policies;
  5. your violation of law or third-party rights;
  6. fraud, abuse, spam, phishing, malware, public safety risks, fake certificates, counterfeit claims, or misleading proof associated with your API usage;
  7. security incidents, exposed credentials, or unauthorized access caused by your systems or personnel;
  8. disputes between you and your users, customers, issuers, vendors, manufacturers, buyers, or third parties.

28. Export, Sanctions, and Restricted Use

You must comply with all applicable export control, sanctions, trade, and anti-corruption laws.

You must not use the API if you are located in, organized under the laws of, ordinarily resident in, or acting on behalf of any country, region, person, entity, or organization subject to applicable sanctions or restrictions where such use is prohibited.

29. Governing Law and Dispute Resolution

These API Terms are governed by the laws of the State of Delaware, USA, without regard to conflict of law principles.

Any dispute arising out of or relating to these API Terms, the API, developer tools, integrations, or automated access shall be resolved exclusively in the state or federal courts located in Delaware, unless applicable law requires otherwise.

You consent to the personal jurisdiction and venue of those courts.

Nothing in these API Terms prevents us from seeking injunctive or equitable relief in any court of competent jurisdiction to stop abuse, unauthorized access, security threats, intellectual property infringement, public safety risks, data misuse, or violation of these API Terms.

30. Changes to These API Terms

We may update these API Terms at any time by posting a revised version on the Service or otherwise notifying you.

The revised API Terms become effective when posted unless otherwise stated.

Your continued use of the API after changes become effective means you accept the updated API Terms.

If you do not agree to the updated API Terms, you must stop using the API.

31. Contact

For API questions, developer access, security reports, abuse concerns, or policy questions, contact:

[email protected]

By accessing or using the ProofLookup API or developer tools, you acknowledge that you have read, understood, and agree to these API Terms.