API Terms of Use

Version 1.0 Last updated 12th November 2025

These terms (“API Terms”) are an agreement between OnceHub Inc. and you (the “Customer”), which govern your use of the application programming interfaces (“APIs”) made available through the OnceHub Services and are incorporated by reference into OnceHub’s Master Services Agreement (the “MSA”) available at https://www.oncehub.com/trustcenter/legal/msa or other agreements governing the use of OnceHub’s Services.

By using the APIs, the Customer acknowledges that it has read, understood, and agreed to be bound by these API Terms. The Customer represents and warrants that it has the full legal authority to enter into these API Terms and, if acting on behalf of an organization or company, it has the legal authority to bind such organization or company to these API Terms.

Capitalized terms not defined herein shall have the meanings assigned to such terms in the MSA. In the event of any conflict between certain provisions of the API Terms and the provisions of the MSA, the provisions of the API Terms shall prevail over the conflicting provisions of the MSA solely with respect to the APIs.

Oncehub reserves the right to update these API Terms from time to time.

  1. API Access 
    1. You must have a OnceHub account and obtain API credentials (API key) through OnceHub’s APIs and Webhooks integrations page.
    2. You are responsible for maintaining the confidentiality of your credentials and all activities that occur under their use.
    3. You may not sell, share, or sublicense your credentials.
  2. Restrictions
    You may not:
    1. Violate any applicable law, regulation, or the Governing Documents.
    2. Interfere with, disrupt, or place an excessive burden on OnceHub’s services, infrastructure, or networks.
    3. Interfere with or attempt to bypass authentication mechanisms, security measures, or usage/rate limits applied to the APIs.
    4. Attempt to probe, scan, reverse engineer, decompile, or otherwise gain unauthorized access to the APIs, underlying systems, or data.
    5. Introduce or transmit any viruses, worms, malware, or other harmful code through your application or use of the APIs.
    6. Collect, use, or disclose data obtained via the APIs except as reasonably necessary for the intended integration or as permitted by applicable law in your role as data controller.
    7. Offer the APIs as a separate product, or develop functionality that directly competes with the core OnceHub Services.
    8. Present your application in a way that suggests it is created, certified, or endorsed by OnceHub, unless expressly authorized.
    9. Misstate or conceal the identity of your application or service when interacting with the APIs.
    10. Employ automated tools (such as bots, crawlers, or scrapers) to generate excessive API requests, unless expressly permitted by OnceHub.
    11. Use OnceHub’s name, trademarks, or logos without prior written approval.
    12. Continue using the APIs in a manner OnceHub reasonably determines to be abusive, insecure, or otherwise inconsistent with these API Terms. OnceHub may monitor API activity and suspend, restrict, or terminate access — including by locking or disabling the account — if misuse or abuse is suspected.
    13. Create API objects (including, without limitation, Bookings, Users, Contacts, Conversations, or any other objects defined in the OnceHub Developer Documentation) unless you are the data controller or otherwise have the legal authority and necessary permissions to do so on behalf of the relevant individuals or entities. As the data controller, you retain ownership of all data you transmit via the APIs and are solely responsible for ensuring its lawful use, and compliance with applicable data protection laws. 
      For clarity: OnceHub acts as a data processor with respect to personal data transmitted via the APIs, while you remain the data controller.
  3. Rate Limits
    1. OnceHub may apply rate limits to ensure fair use and service stability.
    2. Exceeding rate limits may result in throttling, suspension, or termination of access.
    3. OnceHub may change rate limits from time to time and will provide reasonable notice of material changes.
    4. Updated limits and usage guidelines will be published at the Developer Portal.
  4. Data Protection & Security
    1. You must comply with applicable data protection laws and the OnceHub DPA.
    2. You must implement appropriate technical and organizational measures to protect credentials, user data, and integrations.
    3. You may transmit or export data obtained via the APIs to third-party systems or services (such as CRMs or marketing platforms) where such transfers are consistent with your role as the data controller and comply with applicable law. You may not sell, license, or otherwise disclose data obtained from the APIs to unauthorized third parties or for purposes unrelated to the OnceHub Services.
    4. All API communications must use HTTPS/TLS.
    5. Consent for Notifications: If you use the APIs to send communications (including SMS or other messaging services), you are solely responsible for obtaining the recipient’s mobile details and securing their explicit, legally compliant consent.
    6. If you discover a security vulnerability or incident  involving your use of the APIs or data obtained through the APIs, you must promptly notify OnceHub at privacyoffice@oncehub.com.
  5. Change & Deprecation
    1. OnceHub may update or modify the APIs at any time.
    2. OnceHub makes every effort to avoid introducing breaking changes to the APIs. If breaking changes are necessary, OnceHub will use commercially reasonable efforts to notify impacted developers or customers in advance and provide sufficient time to adjust their integrations. Non-breaking changes (such as new fields, resources, or endpoints) may be introduced without prior notice, but we will document them in the OnceHub Developer Portal
    3. Deprecated APIs may continue to function for a limited time but may be disabled after the notice period.
    4. Developers should check the Developer Portal regularly for announcements and changelogs.
  6. Support
    1. API access does not include guaranteed support or service-level commitments unless otherwise agreed in writing.
    2. Self-service resources and technical guides are available at the Developer Portal.
  7. Termination
    1. OnceHub may suspend or terminate your API access for violation of these API Terms or the Governing Documents.
    2. Upon termination, you must immediately stop using the APIs and delete any data obtained through them unless retention is required by law or another lawful basis exists.
  8. Contact
    1. For questions regarding these API Terms, please contact privacyoffice@oncehub.com.
back to top