If these Guidelines conflict with any of the above, the stricter rule or obligation applies.By accessing or using the Boomerang Developer API, you confirm that you have read, understood, and agree to be bound by these Usage Guidelines.
Your use of the Boomerang Developer API is permitted only where:
Authorisation
You are properly authorised to integrate with the relevant servers, communities, or systems (for example, as owner, administrator, or with documented delegated authority).
Compliance
Your integration must comply at all times with the Boomerang Terms of Service, the Boomerang Privacy Policy, and all applicable laws and regulations, including relevant privacy and data-protection requirements.
As-is service
You understand that the API is provided strictly , with no , uptime guarantees, or dedicated support, and you design your integration to tolerate changes, outages, and revocation of access.
Read-only design
You treat the API as . You must not rely on, or attempt to exploit, any mechanism to modify Boomerang data, configuration, or behaviour.
Authentication, security, and good-faith operation
You must:
Keep API keys and credentials confidential, stored only in secure back-end systems or .
Limit access to keys to personnel and systems that genuinely require it.
Rotate keys immediately if compromise is suspected or if any individual who previously had access to those keys no longer does.
Log and monitor usage in a way that allows you to detect abuse under your credentials.
You are responsible for all activity performed using your keys, whether or not you personally initiated it.You must operate your integration in good faith by:
Respecting any documented or inferred and backing off on errors, throttling, or timeouts.
Using caching and conservative polling intervals instead of high-frequency or wasteful calls.
Handling schema extensions, new fields, or other non-breaking changes without disruption.
Designing failure behaviour so that, if the API is unavailable, your systems fail safely.
Attempt to modify, delete, or circumvent Boomerang data, configuration, or enforcement.
Bypass, weaken, or interfere with authentication, authorisation, rate limiting, or other technical controls.
Perform security scanning, fuzzing, stress testing, or similar activities against production endpoints.
Engage in scraping, profiling, resale, or other exploitation of data in ways that users would not reasonably expect.
Facilitate harassment, targeted abuse, evasion of moderation, or any unlawful, fraudulent, or misleading activity.
Rely on the API as a primary or single point of control for safety-critical or regulated systems without independent safeguards.
If you are uncertain whether a planned use is consistent with these requirements, you must treat it as prohibited until it has been reviewed. You may request an assessment by emailing [email protected], and the activity remains prohibited unless and until it is approved in writing.
Boomerang may, at its discretion and without liability to you:
Modify, suspend, or discontinue the Developer API, in whole or in part.
Introduce, amend, or remove endpoints, fields, rate limits, or modules.
Monitor aggregate usage to protect service stability and user safety.
Throttle, restrict, or revoke access for any key, integration, or user that, in Boomerang’s reasonable opinion, breaches these Guidelines or poses a risk to Boomerang, its users, or third parties.
You are solely responsible for ensuring that your systems can tolerate these changes and for updating or disabling your integration if access is limited or withdrawn.
If any provision of these Usage Guidelines is found to be invalid or unenforceable, the remaining provisions continue in full force and effect.Nothing in these Guidelines limits any other rights or remedies available to Boomerang under the Boomerang Terms of Service, the Boomerang Privacy Policy, or applicable law.
