Bokio API - Terms of Use
1. Introduction
1.1 These API Terms of Use (the “API Terms of Use”) describe the conditions under which all of the application programming interfaces (the “API”) made available by Bokio Group AB, 556873-7877 and/or Bokio AB, 559053-8426 (collectively referred to as “Bokio”) can be used by developers and/or the developers company (the “Developer”) to develop and maintain an application that connects to Bokio (the “Application”) and by end-users of the Application (the “End User”) for linking third-party applications with the Application. The End User and/or Developer who has access to the API will hereinafter be referred to as the “API User”.
1.2 These API Terms of Use shall also apply to any individual within the Developer's organisation who accesses or uses the API through the Developer's account, or through any other means attributable to the Developer's organisation and are considered API Users. For the avoidance of doubt, such API Users shall also be bound by these API Terms of Use.
1.3 API Users using the API on behalf of a Developer warrant that they have full power and authority to use any API on behalf of such Developer, including accepting on behalf of such Developer to be bound by these API Terms of Use. In such case, “you” and “your” will refer to such Developer.
1.4 By using the API, the API User agrees to be legally bound by these API Terms of Use. If the API User does not agree to the API Terms of Use, you are not authorised to use the API.
2. License
Subject to these API Terms of Use, Bokio hereby grants to the API User a personal, non-exclusive, non-transferable, non-sublicensable, revocable, and limited right to access and use the API to develop, test, and to maintain and integrate, and to exchange certain information through an integration with the Application. Bokio will provide the API User with credentials that can be used to access the API.
3. API User's Obligations
3.1 The API User is entrusted to use the API in a responsible manner and only as expressly permitted in these API Terms of Use. Violation of these API Terms of Use may result in the suspension or termination of access to the API
3.2 The API may be used to develop an Application and connect it to the Application, strictly in accordance with the guidelines and other conditions as included in the applicable API documentation provided by Bokio. The API User may not exceed the scope of access or functionality that is disclosed and documented by Bokio.
3.3 The API User may use commercially reasonable and legally obtained tools and services in developing the Application that connects to the API, provided that such use does not violate these API Terms of Use, infringe any third party rights, introduce any harmful code or data into the API, or otherwise compromise the security, performance, or integrity of the API. The API User shall establish and maintain adequate physical, technical, and administrative safeguards reasonably designed and implemented to detect, prevent, and protect against malware, including viruses, spyware, Trojan horses, or other harmful code that could pose security risks or threats to the API or any End User.
3.4 The API User is solely responsible for the security of any applications, systems, or tools that interact with the API, including but not limited to third-party software and internally developed solutions. This responsibility includes the identification, assessment, and mitigation of both known and unknown security vulnerabilities and maintaining appropriate security measures consistent with industry standards and applicable law. Bokio disclaims any liability for security weaknesses or exploits present in the API User’s systems or tools.
3.5 The API User must promptly patch or otherwise address any identified security vulnerabilities in systems or tools used with the API. Continued use of the API with insecure or unpatched systems may result in suspension or termination of access at Bokio’s discretion. Abuse or excessively frequent requests to Bokio via the API may result in temporary or permanent suspension of API access. Bokio, in its sole discretion, will determine abuse or excessive usage of the API. Where commercially reasonable, Bokio will make a reasonable attempt to warn the API User via email prior to suspension. The API User may not share API credentials, keys, or tokens in a manner intended to circumvent or exceed Bokio’s rate limits or other usage restrictions.
3.6 The API may not be used:
a. to share data that belongs to an End User with anyone other than the relevant End User without the prior explicit consent of that End User, or otherwise in violation of applicable law or these API Terms of Use;
b. for any illegal activities or other activities that hinder or harm other Developers, End Users or Bokio;
c. to disrupt, interfere with, or attempt to gain unauthorised access to any services, servers, devices or networks connected to or accessible through the API;
d. to scrape data, build databases or otherwise make copies of data obtained using the API, except as necessary and proportionate for the intended use case of an application approved by Bokio and in compliance with data minimization and caching rules in the documentation;
e. to request more data or than is necessary for the intended functionality, to exceed the minimum permissions required by the integrated application, or to otherwise exceed documented and publicly disclosed capabilities of the API;
f. to use an unreasonable amount of bandwidth, to negatively affect the stability or performance of the API, or to otherwise engage in conduct that Bokio deems to be abuse or excessive usage;
g. to attempt to circumvent Bokio's restrictions on the use of the API;
h. to in any way circumvent the technical limitations of the API or the software services offered by Bokio, or to reverse engineer, decompile or disassemble the API. Furthermore the API User may not copy, rent, lease, transfer, or sub-license the API, in whole or in part;
i. to use data obtained to detect, misuse or disclose potential security vulnerabilities;
j. to redistribute or resell the data obtained through the use of the API, or provide access to such data via sub-licenses or similar arrangements, except as expressly permitted in writing by Bokio;
k. in a manner that, in Bokio's discretion, poses an unreasonable security risk to End Users or Bokio;
l. in a manner that violates European privacy legislation (including the GDPR) or other applicable data protection laws, or that, in Bokio’s, poses an unreasonable privacy risk to End Users.
m. to create or promote applications, products, or services that are damaging to, disparaging of, or otherwise detrimental to Bokio or its licensors, licensees, affiliates, or partners.
n. to access, collect, download, or use data or content for spamming or unsolicited communications, including any activity that would violate any applicable law.
For the avoidance of doubt, Bokio's exercise of discretion under this Section 3 will be in addition to, and not in limitation of, any other rights or remedies available to Bokio under these API Terms of Use or applicable law.
4. Bokio's rights
4.1 Bokio may monitor access to and the use of the API. Monitoring may be automated or manual and may be used to administer, secure, and improve the API and to verify compliance with these API Terms of Use.
4.2 To verify compliance, Bokio may request and the API User will promptly provide accurate information about the Application and its use of the API, including architectural descriptions, data flows, rate-limit configurations, and relevant logs. Where reasonably necessary to confirm material compliance issues, Bokio may conduct a remote review or request a limited demonstration or non‑production access to the Application. Reviews will be conducted during normal business hours and in a manner designed to minimize disruption. If that review confirms material compliance issues, the API User will promptly remediate and reimburse Bokio for reasonable, documented costs of the review.
4.3 In the event that Bokio has reason to believe that there is a violation of these API Terms of Use, Bokio will, if reasonably possible, attempt to provide the API User prior notice and an opportunity to rectify the violation. Contrary to the foregoing, Bokio has the right to act immediately without notice where necessary, and take the measures deemed appropriate, including the suspension or termination of access to the API, if the API User does not respond adequately or if Bokio is of the opinion that there is a plausible risk of damage to it, the services, the End users, Developers, or other users or any third parties.
4.4 Bokio, in its sole discretion, may impose and enforce restrictions on the API Users use of the APIs (for example, by limiting the number of API requests you can make or the number of users you can serve).
4.5 Bokio may make changes to the API as it deems appropriate and will, to the extent possible, notify the API User in advance of any changes. Nevertheless, Bokio reserves the right to change the API without notifying the API User.
4.6 Bokio reserves the rights to change its API versioning. Bokio does not have to notify the API user of these changes in advance. Moreover, Bokio is not obliged to maintain a specific (type and or version) API and/or specific API call active. Bokio is at any time free to sunset calls, types, and versions. Bokio will not be liable for any costs or losses resulting from such changes.
4.7 API credentials are Bokio’s property. Bokio may issue, limit, rotate, revoke, or require re‑authentication or re‑registration of credentials at any time, including to address security, compliance, or operational concerns.
4.8 Bokio may require attestations regarding the API User’s security controls, prompt remediation of identified vulnerabilities, and, where appropriate, evidence of testing (e.g., penetration test summaries or vulnerability scan results). Intrusive testing of Bokio systems (including penetration tests) is prohibited without Bokio’s prior written authorization.
4.9 Bokio may remove or restrict access to data, endpoints, or functionality, or suspend API access, to comply with applicable laws, court orders, governmental requests, or Bokio policies, or where Bokio determines such action is necessary to address fraud, abuse, or rights violations.
4.10 If the API User provides feedback, suggestions, or ideas regarding the API or Bokio services, Bokio may use such feedback without restriction or obligation to the API User.
4.11 All rights not expressly granted to the API User are reserved by Bokio. Bokio does not commit to any uptime, support, or feature availability unless expressly agreed in a separate written agreement signed by Bokio.
4.12 The API and any API documentation and all rights therein are and shall remain the sole and exclusive property of Bokio.
5. Security
5.1 The API User shall notify Bokio of any actual or suspected security incident, data breach, data leak, outage, material service degradation, or other major incident affecting the API integration, the Application, or data obtained via the API that could reasonably be expected to impact Bokio or End Users (each, an “Incident”) without undue delay and, in any event, promptly after becoming aware. Initial notice shall be provided as soon as practicable and followed by written updates detailing, to the extent known at the time: the nature of the Incident, the systems and types of data affected, the date and time of detection, the likely consequences, the steps taken or planned to contain, mitigate, and remediate the Incident, and contact information for an Incident lead. The API User shall: (a) immediately take all steps reasonably necessary to contain and remediate the Incident; (b) cooperate fully with Bokio, including by preserving evidence, providing relevant logs and forensic information, and facilitating reasonable security reviews; (c) not make public statements referencing Bokio or End Users regarding the Incident without Bokio's prior written approval, except where required by law; and (d) bear its own costs associated with investigation, remediation, and notifications arising from Incidents originating in the API User’s environment. Nothing in this Section limits Bokio’s rights to suspend or restrict access under these API Terms of Use. For clarity, each party remains responsible for any legally required notifications applicable to it; if the API User is a controller or processor of personal data, it remains solely responsible for meeting its statutory breach‑notification obligations. The Developer represents and warrants that the Application is designed and operated to protect data accessed via the API, and that the Developer maintains reasonable, industry-standard security measures appropriate to the nature and risk of such data.
6. Duration of API Terms of Use
6.1 The term of these API Terms of Use commences on the day the API User agrees to the API Terms of Use and continues until terminated in a manner as set forth below.
6.2 The API User may terminate these API Terms of Use by discontinuing the use of the API. If the API forms part of a service agreement between Bokio and the API User, these API Terms of Use may only be terminated with due observance of the agreed termination formalities (including grounds for cancellation and periods).
6.3 Bokio has the right to terminate these API Terms of Use immediately if:
a. The API User voluntarily submits a bankruptcy petition or an application for suspension of payments;
b. The API User is declared bankrupt, admits in writing that it is unable to pay its debts on the due date, or makes a transfer in favor of its creditors;
c. There is a material breach of these terms by the API User, where, to the extent possible, such breach is not remedied within ten (10) days of written notice thereof.
6.4 Upon termination of these API Terms of Use:
a. all licenses granted under these API Terms of Use will immediately terminate; and
b. upon request, each party shall promptly return or delete any tangible confidential information in its possession, control, or control to the other party.
7. Disclaimer
7.1 THE API IS PROVIDED BY BOKIO “AS-IS” WITHOUT ANY WARRANTY OF ANY KIND. THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF THE API IS ASSUMED BY THE API USER. BOKIO DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, OR ANY WARRANTY ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE WITH RESPECT TO THE API. BOKIO DOES NOT WARRANT THAT THE API WILL MEET THE API USER’S REQUIREMENTS OR THAT THE OPERATION OF THE API WILL BE UNINTERRUPTED OR ERROR FREE. BOKIO AND/OR ITS LICENSOR(S) SHALL NOT BE LIABLE FOR LOSS OF DATA, LOSS OF PRODUCTION, LOSS OF PROFIT, LOSS OF USE, LOSS OF CONTRACTS OR FOR ANY OTHER CONSEQUENTIAL, ECONOMIC OR INDIRECT LOSS WHATSOEVER IN RESPECT OF DELIVERY, USE OR DISPOSITION OF THE API.
8. Confidential Information
8.1 Bokio may provide the API User with, or the API User may obtain, certain information that is confidential and/or proprietary (“Confidential Information”), including but not limited to information identified as “Confidential” or “Proprietary”, or that the API User should reasonably understand to be confidential or proprietary under the relevant circumstances. All access keys, tokens or other login or authentication information are Confidential Information, as are all non-public elements of the Application and any pre-release information about the Application.
8.2 The API User shall keep all Confidential Information confidential, use it only for the purposes of fulfilling these API Terms of Use, and protect it with the same degree of care, but no less than a reasonable degree of care, as the API User uses to protect its own similar information. The API User may disclose Confidential Information only on a strict need-to-know basis, and shall remain fully responsible for any disclosure to its professional advisors, contractors, or similar third parties.
8.3 The API User should not provide Bokio with any information that it considers confidential or proprietary. Unless otherwise agreed in writing, Bokio shall treat all information received from the API User as non-confidential and non-proprietary. If the API User wishes to share confidential or proprietary information with Bokio, the Parties must enter into a separate confidentiality agreement.
8.4 Bokio may disclose information about the API User, including names, for attribution purposes, to handle inquiries from end users, to manage security incidents, or for other purposes Bokio reasonably deems necessary in connection with these API Terms of Use. Bokio may also access, store, and disclose information about the API User, including personal data, if required by law or where such access, storage, or disclosure is reasonably necessary to comply with legal obligations or protect the rights, interests, or obligations of Bokio, its partners, or its customers.
9. Personal Data
9.1 With respect to any personal data accessed or exchanged through the API, the Parties acknowledge that they act as independent data controllers. Each Party shall independently determine the purposes and means of its processing activities and shall comply with all applicable data protection laws, including the GDPR.
9.2 The API User may only use personal data obtained via the API for legitimate business purposes directly related to the integration. The API User must ensure that it has a valid legal basis for processing such data, and that data subjects are informed, in accordance with Articles 13–14 GDPR, about the processing activities.
9.3 Each Party shall implement appropriate technical and organizational measures to protect personal data obtained through the API against unauthorized or unlawful processing, accidental loss, destruction, or damage.
9.4 Each Party is individually responsible for handling data subject requests (including access, rectification, erasure, restriction, portability, and objection) for the personal data it processes as a controller. The Parties shall provide reasonable cooperation where necessary to facilitate the fulfillment of such requests.
9.5 If either Party transfers personal data outside the European Economic Area (EEA) or the United Kingdom, that Party shall ensure that such transfer complies with Chapter V of the GDPR, including reliance on adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.
10. Changes to the API
Bokio is entitled to, at its sole discretion, update or modify these API Terms of Use at any time. However, the API User understand and acknowledges that these API Terms of Use does not create an obligation on the part of Bokio to update or modify the API or any API documentation or to provide the API User with any support or maintenance of the API or API documentation. The API User further understands that updates or modifications to the API or API documentation may (a) remove or restrict previously existing functionality and/or (b) require the API User to update or modify its Application. Changes to these API Terms of Use will be notified at the latest the day before they take effect on https://docs.bokio.se/changelog.
11. Governing law and disputes
These API Terms of Use shall be governed by the substantive law of Sweden. Any dispute, controversy or claim arising out of or in connection with these API Terms of Use, or the breach, termination or invalidity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Arbitration Institute of the Stockholm Chamber of Commerce. The arbitral tribunal shall be composed of three arbitrators. The seat of arbitration shall be Gothenburg, Sweden. The language to be used in the arbitral proceedings shall be English.