2.3. API and Development Accounts
2.3.1. The Customer is granted a limited, non-exclusive, revocable, non-transferable and terminable right to Use the Visma API’s to integrate non- Visma software applications with the Software (Integrated Application).
For development accounts and access to development environments, an ISV agreement is required, please see 2.3.15.
Note that separate conditions from the Customer’s ISV may apply for Integrated Applications, such as with regards to configuration or setup.
2.3.2. Visma API’s are provided “as is” as described in 1.4.3. Visma shall strive to inform about changes to API’s in advance according to 1.3.1, however, Visma reserves the right to make modifications to or discontinue the Visma API’s, and/ or support thereof, at its sole discretion at any time, and without any obligation or liability accruing therefrom. Modifications may require that the Integrated Application use a supported version of the Visma API (supported versions may vary from API and API, and is described in the API Documentation).
2.3.3. Visma reserves the right to charge Fees for any Visma API or Development Environment in the future, including making the right of use contingent upon payment of such Fees.
2.3.4. Visma claims no ownership or control over the Customer’s or ISV’s applications or systems c.f. 4.2.4, except to the extent such applications or systems contain intellectual property from Visma, c.f. 4.2.1 and 4.2.2.
2.3.5. Any unauthorised Use of an API and/ or Development Account or Development Environment may result in immediate inactivation of the account, revocation of the right of use granted in 2.3.1 (Customers) or 2.3.15 (ISV) and may also result in termination c.f. 4.6.2.
2.3.6. The Customer may terminate the right of use for the API at any time by discontinuing use of the Visma API’s.
2.3.7. The Customer shall ensure that the Integrated Application and related systems, such as web servers and databases, are configured to provide appropriate security through organisational, technical and physical security measures, designed to ensure the confidentiality, integrity, availability and resilience of the application, Software and any Data.
2.3.8. Any Breaches of security or Data, such as an intrusion or unauthorised access, or discovery of a vulnerability, shall be reported by the Customer without undue delay to email@example.com, in accordance with the Responsible Disclosure Policy, available at https://www.visma.com/trust-centre/security/products-and-services/bug-bounty-and-responsible-disclosure/. If the communication is of a sensitive or confidential nature, the Customer may encrypt the report using Visma’s PGP-key, which is available from the same page.
Acceptable use of Visma API’s
2.3.9. Any Use of Visma API’s may not be in violation of any law or regulation or the individual rights of any person, such as privacy rights and intellectual property rights.
2.3.10. Any Integrated Application shall be of a complimentary or value-added nature to Visma’s services and customers.
2.3.11. Visma API’s may be used for commercial purposes, however:
- Direct access to or use of the Visma API may not be provided, sublicensed, sold, transferred or otherwise made available to third parties (except users of the Integrated Application), nor circumvented.
- Data may not be aggregated or syndicated from Visma API’s for the purposes of selling, transferring or otherwise making such Data, in any form, available to parties other than users of the Integrated Application for the internal business purposes of such end users.
2.3.12. No advertising or other third-party content may be placed in Visma’s Software. Data or other content from Visma’s Software may not be used for advertising, including in particular profiling, in the Integrated Application or elsewhere, unless authorised and based on an appropriate legitimate basis.
2.3.13. The Customer or ISV shall not transfer or process harmful code, data or similar (such as viruses) to or with the Visma API, nor use the Visma API for unlawful or malicious purposes.
2.3.14. The Customer may not give the impression that it or its Use of the Visma API is associated with, sponsored by or endorsed by Visma, except after express prior approval from Visma.
For ISV’s and developers: Development Accounts and Development Environments
2.3.15. Access to and use of Visma’s Development Environments (if available for the relevant Software) by ISV’s requires that the ISV enters into an ISV partner agreement with Visma. Access to and use of Visma’s Development Environments by the Customer may require that the customer enter into a development agreement with Visma. Further details are available from https://www.visma.com/visma-partner-programme, or directly from Visma.
2.3.16. The ISV (upon entering into the ISV partner agreement) or the Customer as applicable, is granted a limited, non-exclusive, revocable, non-transferable and terminable right to Use Visma’s Development Environments and Visma API’s to integrate, develop, test and support the ISV’s or its customers Integrated Applications, or the Customer’s Integrated Applications, or such software applications not yet integrated for the purpose of integrating it, with Software from Visma. (Development Account).
2.3.17. Documentation, data and information regarding the use of the Visma API’s (API Documentation) and Development Environments, is made available during the registration process, and updated according to 1.3.1. It is the ISV’s or Customer’s, as applicable, responsibility to keep up to date with and abide by such documentation. Such documentation may vary from API to API and environment to environment.
2.3.18. In the event of conflict between any additional terms and conditions for a particular Development Environment and/ or API Documentation and the TOS, the additional terms and conditions shall supersede the TOS.
2.3.19. Development Account Users are for named individual users only, and may not be shared. Registration for a Developer account must be performed manually, and not by scripts.
2.3.20. After registering for a Development Account, the ISV or Customer, as applicable, will be provided with the necessary security keys, tokens or other credentials in order to access and use the Visma Development Environments, the Visma API’s, and to enable Visma to authenticate and associate ISV’s or Customers API- activity with the Integrated Applications and use thereof (API Credentials).
2.3.21. API Credentials, their confidentiality and all Use thereof, and all Use of Visma’s Development Environments, are the responsibility of the ISV or Customer, as applicable. API Credentials shall be kept confidential and may not be sublicensed, sold, transferred or otherwise made available to third parties, nor circumvented.
2.3.22. Development environments may not be used as production environments, and shall solely be used for testing, development and support of Integrated Applications. If the development environment supports test accounts, the test account must not interact with any non- test accounts.
2.3.23. The ISV or Customer, as applicable, shall not transfer or process harmful code, data or similar (such as viruses) to or with the Development Environments, nor use the Development Environments for unlawful or malicious purposes.
2.3.24. Development Environments are provided “as is” as described in 1.4.3. Visma will strive to inform about changes to development environments in advance according to 1.3.1, however, Visma reserves the right to make modifications to, delete, restore or discontinue any Development Environment or part thereof including data, and/ or support thereof, as well as placing limits and restrictions on e.g. data use, at its sole discretion at any time, and without any obligation or liability accruing therefrom.
2.3.25. The ISV or Customer, as applicable, shall not obfuscate or hide any Visma communications, sign-in functionality or authorisation flows from users, nor communicate with users in a manner that may be reasonably likely to confuse users as being a message from Visma or Visma personnel.
2.3.27. Visma API’s and the API Credentials, may not be used to assist or enable governmental authorities to gain access to Data in a manner that would constitute breach of Visma’s general obligations of confidentiality for its customers Data or obligations as a Data Processor according to 3.2.2 i), such as by avoiding serving the legal process directly to Visma.