This Acceptable Use Policy ("AUP") defines how you can and cannot use the Chaiz API. It applies to Customer ("you" or "your"), including your employees, contractors, agents, and your end-user customers ("Consumers"). This AUP is referred to and incorporated into the Chaiz API License. This AUP also contains technical information, which we advise you to read before implementing the Chaiz API. This AUP is referred to and incorporated into the Chaiz API License. This AUP also contains technical information, which we advise you to read before implementing the Chaiz API.
Document hierarchy: This AUP works together with the API License.
Audience: This document is written primarily for developers and users implementing the Chaiz API.
Updates: We may update this AUP from time to time. We'll notify you via email at least 30 days before material changes take effect. Continued use of the API 30 days after notice of changes means you accept the updated AUP. Non-material changes and information updates take effect as soon as they are published, as a courtesy we may notify you that a new version containing non-material updates has been published. We advise that you keep yourself familiarised with this AUP as it contains important information that will enhance your use of the Chaiz API.
The Chaiz API is provided at no additional charge when you have a commercial agreement with us. Here's what you're authorized to do:
You may use the Chaiz API to:
For complete endpoint documentation, request/response formats, and code examples, see our Postman API Documentation at [link to be provided].
Important for developers: The Chaiz API is a marketplace platform that depends on third-party VSC Providers. Prices can and will fluctuate based on the search criteria provided (vehicle details, location, coverage preferences) as well as external factors including VSC Provider decisions, regulatory changes, and market conditions.
Available offerings may change with little or no notice due to:
Build your application to handle these realities:
We do not guarantee the availability of any specific VSC Provider, plan, product, or pricing.
You are responsible for keeping your API credentials secure and for all activity that occurs using your credentials, whether authorized by you or not. Implement industry-standard security measures to protect credentials from unauthorized access, use, or disclosure.
If credentials are compromised: Contact us immediately at legal@chaiz.com. You are liable for any unauthorized use of your credentials until you notify us. We may revoke credentials at any time if we believe they've been compromised or are being used in violation of this AUP.
Note: For certain queries, we send a token as part of the URL to ensure unique calls. These tokens are designed for frontend use and change with every query.
To ensure fair access and system stability, we enforce rate limits of 100 requests per minute per API key. If you have high-volume use cases, reach out and we can discuss your specific needs.
When you hit a rate limit: You'll receive an HTTP 429 (Too Many Requests) response with a Retry-After header. Implement exponential backoff in your retry logic.
Required optimizations: You must design your application to minimize unnecessary API calls. Implement caching for VSC data, but be aware that prices may change during the caching period. We encourage you to talk with us to determine a caching strategy appropriate for your use case that balances data freshness with performance. Monitor your API usage and promptly address any situations causing unusually high request volumes or abnormal usage patterns.
Fair use: Even within rate limits, your usage must be reasonable. We may throttle or suspend access if we detect unusual spikes in traffic, patterns suggesting abuse or data scraping, or usage that degrades service for other users.
You're responsible for providing and maintaining all network connections, hardware, and software needed to connect to the Chaiz API, including ensuring your systems can handle SSL/TLS connections. We're not responsible for issues with your network or infrastructure, data compromised during transmission over networks we don't control, or performance issues caused by your systems or internet connection.
Quote generation delays: Getting VSC quotes can take multiple seconds—up to 20 seconds in some cases—due to the complexity of queries involving multiple providers and eligibility checks. Build your application to account for these delays with appropriate waiting states if presenting results live to users. We recommend calling the API asynchronously whenever possible so that results are available when users need to see them.
Contract generation delays: When customers complete checkout on the Chaiz site, contract generation may take up to 24 hours due to provider reviews, automated checks in the origination pipeline, and other factors outside Chaiz's control. If you implement status checking via webhook or API calls, be aware of these timeframes and set expectations accordingly.
When you use the Chaiz API, you're accessing proprietary data about Vehicle Service Contracts, including Chaiz's own Expert reviews, ratings, analysis, and pricing. This data is provided solely to enable you to display offerings to consumers and facilitate purchases through Chaiz.
Permitted uses: You may display VSC information accurately to consumers in your application, temporarily cache data to improve performance, present side-by-side comparisons of available plans, and show pricing and coverage information as provided by the API.
Prohibited uses: You may not store VSC data for purposes other than display, create derivative databases or comparison tools outside your authorized application, use VSC data to train AI/ML models, conduct market research for third parties, scrape or bulk download data, reverse engineer pricing algorithms or business logic, modify or misrepresent coverage terms or pricing, or alter or claim ownership of Chaiz Expert reviews, ratings, or analysis.
What's ours is ours, and what's yours is yours. Chaiz owns all VSC data, Expert reviews, and proprietary analysis provided through the API. You own your application and business data. For details on transaction data and consumer information ownership, see Section 4.2 of the API License.
Privacy obligations: You must obtain all necessary consumer consents before collecting and transmitting data to Chaiz. If you provide personally identifiable information (PII) through the API, we may use portions of that data (such as ZIP code) to generate results and will use it to pre-fill checkout experiences to improve user experience. It is your responsibility to decide when to send us PII and to ensure you have the required consent and permissions from your end users.
You're responsible for complying with applicable data protection laws (CCPA, VCDPA, etc.). VSC data will be shared with VSC Providers and finance companies to fulfill contracts. See Section 4.4 of the API License and Section 7 of your Affiliate Agreement for complete data handling requirements. Review our Privacy Policy.
See Section 4.2 of the API License for complete intellectual property restrictions. In short:
Security violations: You must not attempt to gain unauthorized access by circumventing security measures, access the API through any means other than those we provide, use the API through unauthorized third-party intermediaries, probe or test system vulnerabilities, breach authentication measures, access unauthorized data or systems, or introduce malware or malicious code.
Technical abuse: You must not exceed rate limits or attempt to circumvent throttling, overburden our systems, degrade performance for other users, implement workarounds to bypass API restrictions, use automated tools to systematically retrieve data beyond normal API calls, or scrape content from Chaiz web properties.
Intellectual property violations: You must not reverse engineer, decompile, or disassemble the API, create derivative works of the API, extract or attempt to extract source code, remove proprietary notices, or use Chaiz trademarks without permission (see Section 4.3 of your Affiliate Agreement for trademark usage rights).
Misuse and misrepresentation: You must not use the API for any unlawful purpose, misrepresent the availability, pricing, or terms of VSCs to consumers, violate any VSC Provider's terms and conditions, pose privacy or security risks to Chaiz, VSC Providers, or consumers, make false or misleading statements about Chaiz or its services, or imply endorsement or partnership that doesn't exist.
Consequences: If you violate this AUP, we may immediately suspend or terminate your API access, revoke your credentials, block your IP addresses, or terminate your commercial agreements. We have no obligation to provide advance warning for violations. Even during suspension, you remain bound by all terms of this AUP, the API License, and your Affiliate Agreement.
We support the current API version and the immediately prior version for 90 days after a new release. Deprecated versions will stop working after the 90-day transition period. Monitor our announcements for version updates, migrate to new versions before old versions are deprecated, and test new versions in the test environment before production deployment.
API versioning: Major API versions contain breaking changes. Minor versions are non-breaking. We provide at least 30 days' advance notice before implementing breaking changes such as removing or renaming endpoints, removing or renaming required parameters, changing response data structures, removing fields from responses, or changing authentication methods. Non-breaking changes like adding new endpoints, adding optional parameters, adding new response fields, or bug fixes may be implemented without advance notice.
How we notify you: We'll send email notifications to your registered account address and update our API documentation.
The Chaiz API runs on Microsoft Azure infrastructure with Cloudflare, building on their availability and performance standards. While we aim to achieve 99.99% uptime, we do not guarantee any specific uptime percentage or service level agreement. The API may be temporarily unavailable due to maintenance, system upgrades, network issues, third-party service disruptions, security incidents, or circumstances beyond our reasonable control.
We aim to use blue-green deployments to minimize downtime in all cases. If this is not possible for any reason, we will provide reasonable advance notice and schedule maintenance during hours with the lowest request volumes to minimize impact on API users. Emergency maintenance may occur at any time without notice when necessary to address security vulnerabilities, prevent system failures, or respond to critical issues.
No credits or refunds: API downtime or service interruptions do not entitle you to credits, refunds, or other compensation, regardless of duration or impact on your business.
We actively monitor API usage to ensure service quality, detect and prevent abuse or security threats, identify performance optimization opportunities, verify compliance with this AUP, and plan infrastructure capacity. We track request volumes and patterns, response times and error rates, feature usage, geographic distribution of requests, and anomalous behavior.
We may occasionally audit your API implementation to verify compliance with this AUP. See the API License for complete audit procedures and requirements.
We may immediately suspend your API access without prior notice if you violate security requirements, exceed rate limits or abuse the service, violate intellectual property restrictions, show signs of unauthorized access or account compromise, engage in fraudulent activity, exhibit patterns indicating abuse or malicious use, generate unusual traffic that threatens system stability, or maintain inaccurate or outdated account information. We may also be required to suspend access due to legal or regulatory requirements.
For significant violations, we will contact you to discuss the issue. For minor suspensions (such as unusual traffic patterns), API headers will communicate the issue and suspension. If you believe your access was suspended in error or you've addressed the violation, contact us at legal@chaiz.com. We'll review your request and may reinstate access at our discretion, but we're not obligated to reinstate access even if you address the violation.
Your API License automatically terminates if your Affiliate Agreement is terminated, you're unable or unwilling to comply with this AUP, or we exercise our termination rights under the API License or Affiliate Agreement. See Section 8 of your Affiliate Agreement for complete termination provisions.
This AUP works in conjunction with the API License, which covers the legal grant of rights to use the API, intellectual property ownership, data processing and privacy obligations, warranties and disclaimers, limitation of liability, and indemnification for API use. All provisions of the API License remain in effect and are incorporated by reference.
We may update this AUP at any time. Material changes will be communicated with at least 30 days' notice via email to your registered account address. Continued use of the API after changes take effect constitutes acceptance of the updated terms. If you don't agree with changes, you must stop using the API and terminate your agreements.
If anything in this AUP is unclear or you have questions about what's permitted, contact legal@chaiz.com before implementing anything you're unsure about.
Questions? legal@chaiz.com or dev-support@chaiz.com
