Sorry, you need to enable JavaScript to visit this website.
Skip to main content

API GENERIC TERMS AND CONDITIONS

1Definitions:

1.1 The capitalized terms used hereunder shall have the following meanings ascribed to them. The capitalized words used hereunder but not defined hereunder, shall have the same meaning which is ascribed to them in the Principal Agreement and/or the Addendum.

Addendum” shall mean an agreement executed by and between the API Consumer and the Bank detailing the terms governing the use of API, API Functionality and other related aspects.

API” shall mean the Bank’s application programming interface(s), any accompanying or related software development kits, tools, documents, or any content specifically made available to the API Consumer for the purposes of enabling the access by the Bank to the API Consumer of the API Functionality, subject to terms and conditions hereof.

API Actions” shall have the meaning assigned to the expression in Clause 16 hereof.

API Consumer Instructions” shall mean the instructions or service requests of the API Consumer to the Bank through or pursuant to the API Functionality availed of by the API Consumer, in relation to the API Consumer’s account or relationship with the Bank including instructions relating to show or view account balance, show or view application status, to debit the account, transfer funds or any amounts to or from the account, register debit mandates, standing instructions, bill payments, placing or creating or breaking prematurely or otherwise  fixed or recurring or other deposits, adding or changing nominations, and other instructions or service requests, which the Bank may decide to permit to be placed on the Bank from time to time through or pursuant to the API Functionality availed of by the API Consumer.

API Credentials” shall have the meaning assigned to the expression in Clause 4 hereof.

API Functionality” shall mean the facility made available by the Bank to the API Consumer by giving license to the API Consumer to use the APIs subject to the terms and conditions of these Terms and Conditions, for the purposes of developing, integrating and/or hosting the Approved Consumer Applications that integrates with Bank’s specified systems and applications for the purposes of allowing the API Consumer to make system to system access and system to system calls to and (where permitted) to perform and issue the API Consumer Instructions and/or for carrying out other functionalities as may be permitted by the Bank at its discretion from time to time, subject to the terms and conditions hereof.

API Guidelines” shall mean such internal guidelines of the Bank as the Bank has developed or may develop and may amend from time to time, inter alia prescribing the protocols, security standards, and covering other aspects of consumption of Bank’s APIs by persons/entities other than the Bank.

API Remittance Instructions” shall mean the API Consumer Instructions to the Bank through the API Functionality in relation to the API Consumer’s account with the Bank relating to transfer of funds or any amounts to or from the account, debit (including registering debit mandates, standing instructions), bill payment, placing or creating or breaking prematurely or otherwise  fixed or recurring or other deposits, and other debit instructions or debit service requests, as the Bank may permit from time to time to be placed through or pursuant to the API Functionality availed of by the API Consumer.

Applicable Law” means and includes any statute, law, sub-ordinate legislation, regulation, ordinance, rule, treaty having force of law, bye-laws, judgment, rule of law, order, decree, award,  clearance, circular, notification, approval, directive, guideline, policy, requirement, or restriction or any similar form of decision, or determination by, or any interpretation or administration of any of the foregoing by, any conditions or terms of any Approval by, any Authority whether in existence and/or in effect and/or applicable as of the date of these Terms and Conditions or anytime thereafter and in each case as may be amended, replaced, superseded, re-enacted, substituted, supplemented, modified, from time to time.

Approval” shall mean any permit, permission, licence, approval, authorisation, consent, clearance, waiver, no objection, any certificate to that effect, or other authorisation of whatever nature and by whatever name called which is required to be granted by any person including by any Authority or any other authority, private parties, any lenders, under or pursuant to any contract by which any of the parties or any of their properties or assets are bound or under or pursuant to Applicable Law.

Approved Consumer Applications” shall have the meaning assigned to the expression in Clause 3 hereof.

Authorised Person(s)” shall mean the persons duly, properly and fully authorised by the API Consumer, severally, including pursuant to all necessary and due corporate actions and authorities and including in accordance with the Applicable Law and constitutional documents of the API Consumer, for and on behalf of the API Consumer, to possess the Development Material, the API Credentials, the Registered Contacts,  and to access and use the APIs and API Functionality including to place the API Consumer Instructions and the API Remittance Instructions (if applicable), thereby binding the API Consumer irrevocably and unconditionally vis-à-vis the Bank and the other persons involved.

Authority” includes the Government, any state, any ministry, department, board, authority, instrumentality, agency, corporation, court, tribunal, municipal or similar local authorities (to the extent acting in executive, legislative, judicial, quasi-judicial, investigating, law enforcement or administrative capacity) or regulatory body, having jurisdiction or powers or authority over the matter or matters in question, under any Applicable Law or any of their subdivisions or  delegated authorities or instrumentalities thereof.

“Bank” shall mean HDFC Bank Limited, a banking company incorporated under the provisions of the Companies Act, 1956 and having its registered office at Bank House, Senapati Bapat Marg, Lower Parel, Mumbai 400 013, which expression shall unless it be repugnant to the context or meaning thereof shall mean and include its successors and assigns.

Bank Customer” shall mean a person who is customer of the Bank by way of a relationship of holding savings account, current account or deposits with the Bank or holder and owner of credit card issued by the Bank or who is a borrower of the Bank or who has applied to the Bank to avail of any of these products or services of the Bank.

Bank Customer API Data” shall mean collectively any and all Data that is generated, accessed, transmitted, collected, or which is capable of being scraped, collected, accessed, copied, seen or detected:

  1. during, pursuant to or for completing the ‘Bank Customer-via-Consumer API -On-boarding Process’;
  2. while or pursuant to the Bank Customer authenticating himself or accessing the Bank’s systems or services or any information about his account/relationship with the Bank including status of application for any proposed or applied product or service or relationship, through the API Functionality of the API Consumer;
  3. while or pursuant to placing of any ‘Bank Customer API Instructions;
  4. while or pursuant to any transactions or activities or instructions being carried out pursuant to any ‘Bank Customer API Instructions;
  5. reports, statements, alerts, notifications and communications to or from the Bank Customer in relation to any of the above including Bank alerts, account statements, status reports, etc.

Bank Customer API Instructions” shall mean the instructions or service requests of the Bank Customer to the Bank through or pursuant to the API Functionality availed of by the API Consumer, in relation to the Bank Customer’s account or relationship with the Bank including instructions relating to show or view account balance, show or view application status, to debit the account, to transfer funds or any amounts to or from the account, register debit mandates, standing instructions, bill payments, placing or creating or breaking prematurely or otherwise  fixed or recurring or other deposits, adding or changing nominations, and other instructions or service requests, which the Bank may decide to permit to be placed on the Bank from time to time through or pursuant to the API Functionality availed of by the API Consumer.

Confidential Information" means all information shared by one party to the other, including products, future products, implementation methodologies, engineering processes, and information relating to business plans, market opportunities and business affairs information about suppliers, customers of the Bank (including potential customers of the Bank) and clients, and material (whether electronically recorded, in writing or otherwise)..

Consumer-API-Onboarding Process” shall have the meaning assigned to the expression in Clause 4 hereof.

“Consumer Applications” shall mean any platform or application of or deployed by the API Consumer.

"Data" shall mean a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared including in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

“Data Compromise Events” shall have the meaning ascribed to the term in Clause 2 of Schedule 4 hereto.

Development Material” shall mean the tools, applications, sample code, libraries, data, files and any updates, upgrades, patches, releases to the foregoing that the Bank makes available to the API Consumer for, towards or in the process of enabling and thereafter during the course of the API Functionality.

Digital Signature” shall mean the digital signature based upon certificate of Class-3 or such other class certificate as shall be specified by the Bank from time to time, sent by API Consumer to the Bank, while utilizing the API Functionality.

Enabled Service Processes” shall have the meaning ascribed to the term in Clause 4 hereto.

Harmful Code” shall mean any computer code (a) designed to disrupt, disable, harm, or otherwise impede in any manner, the operation of any software or hardware; (b) that would disable any software or hardware or impair in any way its operation based on the elapsing of a period of time; (c) that would permit the API Consumer or others to access without the Bank’s permission any software or hardware loaded on to the systems of the Bank or its other customers (sometimes referred to as "traps", "access codes" or "trap door" devices), or any other similar harmful, malicious or hidden procedures, routines or mechanisms which would cause such programs to cease functioning or to damage or corrupt data, storage media, programs, equipment or communications, or otherwise interfere with operations including any virus.

HDFC Bank's Security Credentials” shall mean and include the items mentioned in Schedule 2.

Intellectual Property Rights” shall mean patents (including patent applications and disclosures), rights of priority, trademarks, logos, copyrights, mask work rights, trade secret rights, know-how, design rights, good-will and any other intellectual property or proprietary rights, title or interest recognised in any country or jurisdiction in the world, now or hereafter existing, and whether or not filed, perfected, recorded or registered.

License” shall have the meaning ascribed to the term in Clause 3 hereto.

Modification” shall have the meaning ascribed to the term in Clause 2 hereto.

Onboarding Documents” shall have the meaning ascribed to the term in Clause 4 hereto.

Personal Information” shall mean any information, which either directly or indirectly, in combination with other information available or likely to be available with a body corporate or received from any third-party provider and is capable of identifying such person including but not limited to his/her name, age, gender, address, email address, telephone number etc.

Purpose” shall have the meaning ascribed to the term in Clause 3 hereto.

Registered Contact” shall have the meaning ascribed to the term in Clause 4 hereto.

Security Breach” shall mean any unauthorized or wrong or wrongful use or mis-use, loss, misplacement, theft, any error or bug or virus leading to any of the same, phishing or hacking or other attack, remote access, any other breach of security, etc. (whether intentional or unintentional), of any of: (i) the Registered Contact; (ii) the devices over which the Registered Contact or API Functionality can be accessed (iii) the API Credentials.

Sensitive personal data or information” shall mean such personal information which consists of information relating to:

  1. Password;
  2. Contacts;
  3. Data scraped/ collated/ gathered from other third-party websites visited;
  4. Financial information or account related information including but not limited bank account details or credit card or debit card or other payment instrument details or any transaction or service request details or reports or statements or alerts;
  5. Educational qualifications;
  6. Work/ employment credentials/ details;
  7. Income details;
  8. Records and history;
  9. Biometric information;
  10. Details of physical, physiological and mental health condition;
  11. Sexual orientation;
  12. Medical records and history;
  13. Any other type of information as may be specified by the Bank from time to time;
  14. Any other information/ type of information which would be covered under the “sensitive personal data or information” under Applicable Law from time to time.

Specifications” shall have the meaning ascribed to the term in Clause 4 hereto.

Support” shall have the meaning ascribed to the term in Clause 15 hereto.

Terms and Conditions” shall have the meaning assigned to the expression in Clause 2 hereof.

"User Information" shall mean the following data or information which relates to an individual or any other person (including but not limited to the customers of the Bank and the Bank staff/ employees/ authorised personnel) as received, generated or accessed from or for the Bank or the Bank Customers or the users or end-users of the Approved Consumer Applications:

  1. Personal information;
  2. Sensitive personal data or information; and/or
  3. any other information.

Whitelisted IPs” shall mean such of the limited Internet Protocol addresses (“IP address”) of the API Consumer which the Bank whitelists in such manner and as per such process as the Bank may deem fit, as being the only IP addresses to which the API Functionality shall be enabled.

1.2 Unless the context requires otherwise, words importing the singular include the plural and vice versa, and pronouns importing a gender include each of the masculine, feminine and neuter genders.

2Applicability and Acceptance

2.1 The term “Terms and Conditions” shall unless contrary to the context, be construed to mean and include these API Generic Terms and Conditions and any amendments, new versions, re-hosting, restatement and/or modification thereof, all the Schedules hereto, the API Guidelines, any additional terms applicable to a given API as may be specified by the Bank and any terms of the API documentation as also the Modifications. The use of API Functionality by the API Consumer is and shall be governed by the Addendum read with the Principal Agreement and these Terms and Conditions. The API Consumer acknowledges having read and understood the same and agrees to be bound by the same.

2.2 These Terms and Conditions shall be deemed to be read as a part and parcel of the Addendum as if incorporated therein. If there is any inconsistency between any terms in the Principal Agreement and the terms contained herein, then for the matters concerning or relating to or pursuant to the API Functionality, the terms of the Addendum and these Terms and Conditions shall prevail. The API Consumer acknowledges having read and understood the privacy policy of the Bank and shall be bound by the same. Bank may use information submitted by API Consumer or end-users during, for or towards access to and use of the APIs and API Functionality, in accordance with Bank’s privacy policies available at Privacy Policy.

2.3 For clarity, the API Consumer shall also be bound by the API Guidelines and all such requirements as per the Bank’s internal policies, as may be prescribed by the Bank, from time to time.

2.4 The acceptance to the Addendum shall be deemed and unconditional acceptance of these Terms and Conditions by the API Consumer.

2.5 API Consumer acknowledges and agrees that Bank may modify these Terms and Conditions, the API Functionality, the API, the Development Material, Specifications, Enabled Service Processes, API Guidelines and any other requirements prescribed by the Bank as per its internal policies and its privacy policy, from time to time (a “Modification”). API Consumer will be notified of a Modification through notifications or by updating the same on the Bank’s website and it shall be the responsibility of the API Consumer to keep itself updated of the same. API Consumer further acknowledges and agrees that such Modifications may be implemented at any time by the Bank and without any notice to API Consumer and shall be fully binding on the API Consume API Consumer shall, within such period as may be required by the Bank, comply with such Modification(s) by implementing and using the most current version of the API and making any changes to its Approved Consumer Applications that may be required as a result of such Modification(s). API Consumer acknowledges that a Modification may have an adverse effect on Approved Consumer Applications, including but not limited to changing the manner in which such applications communicate with the API and display or transmit data. Bank shall have no liability of any kind to API Consumer or any user of API Consumer’s applications with respect to such Modifications or any adverse effects resulting from such Modifications. API Consumer’s continued access to or use of the API Functionality or API following the Modifications shall constitute binding acceptance by the API Consumer of the Modification(s) at issue.

3License

3.1 Subject to the terms and conditions of these Terms and Conditions, the Bank hereby grants to the API Consumer a revocable, non-exclusive, non-transferable license to use the API solely for accessing and using the APIs and API Functionality strictly only for the purposes herein and in accordance with the Addendum read with these Terms and Conditions(“Purpose”) on such Consumer Applications for which the prior express permission of the Bank shall be obtained (“Approved Consumer Applications”), and in accordance with and subject to the terms and conditions hereof (“License”), till the time the License is revoked by the Bank in its sole discretion. Nothing herein shall be construed to extend the License beyond the Approved Consumer Applications.

3.2 Restrictions: The API Consumer undertakes that it shall not: (1) use the API for anything other than for the Purpose (2) make any copies of the API; (3) disclose to any person, modify, adapt, create derivative works of, reverse engineer, decompile, reverse compile, or disassemble, the Development Materials and/or the API; (4) copy remove any trademarks, logos, copyright notices, proprietary notices or labels displayed on the Development Materials, API; (5) distribute, sell, lease, rent, lend, sublicense, encumber, assign, transfer in any manner whatsoever, or provide any access to any part of the Development Materials, API to any third persons in any manner whatsoever; (6) assign or novate the benefit, rights, or burden or obligations under these Terms and Conditions; (7) allow or agree to the Development Material, API to become subject of any charge, lien or encumbrance (8) use APIs, directly or indirectly, for or to develop, any applications of any person including any Consumer Applications other than the Approved Consumer Applications (9) create any applications that function substantially the same as the APIs and/or offer it for use by third parties.(10) use APIs to defame, abuse, harass, stalk, or threaten others (11) interfere with or disrupt the APIs or the servers or networks providing the APIs (12) promote or facilitate unlawful online gambling or disruptive commercial messages or advertisements (13) reverse engineer or attempt to extract the source code from any API or any related software (14) use the APIs for any activities where the use or failure of the APIs could lead to death, personal injury, or environmental damage (such as the operation of nuclear facilities, air traffic control, or life support systems) (15) remove, obscure, or alter any terms of service of the Bank or any links to or notices of those terms (16) use APIs or API Functionality in breach of any Applicable Law or in any activity that is in violation or breach of Applicable Law.

3.3 API Consumer is responsible for ensuring that API Consumer’s employees, and/or representatives comply with the Applicable Law.

3.4 API Consumer shall ensure that neither the API Consumer nor its representatives nor the users or end-users of the Approved Consumer Applications, shall:

  1. upload or otherwise transmit to the Bank or any of its systems (whether through API calls or otherwise) any material containing software viruses, Harmful Code or other computer code, files or programs designed to interrupt, destroy or limit the functionality of any software or hardware;
  2. cause or create an undue or unusually high load or technical stress on Bank’s servers or systems; or interfere with the Bank’s systems, or servers or platforms; or interfere with other users’ use of the Bank’s applications including API Functionality.
  3. use the APIs or API Functionality for or to encourage or promote or transmit illegal, immoral, anti-social, speculative or fraudulent activity, information or transactions or violation of third-party rights or to violate any terms of service with the Bank.
  4. use the APIs in connection with or to promote any products, services, or materials that constitute, promote or are used primarily for the purpose of dealing in counterfeit goods, hate materials or materials urging acts of terrorism or violence, goods made from protected animal/plant species, recalled goods, hacking/surveillance/interception/descrambling equipment, cigarettes, illegal drugs and paraphernalia, unlicensed sale of prescription drugs and medical devices, pornography, prostitution, body parts and bodily fluids, stolen products and items used for theft, fireworks, explosives, and hazardous materials, unlicensed trade, gambling items, weapons and accessories.
  5. use the API in any manner or for any purpose that violates any law or regulation, any right of any person, including but not limited to Intellectual Property Rights and/or rights of privacy of a person.
  6. sell, lease, share, transfer, or sublicense the API or access or access codes thereto or derive income from the use or provision of the API, whether for direct commercial or monetary gain or otherwise, without Bank’s prior, express, written permission.
  7. maintain a cache or store using any kind of storage of any set or subset of Data accessed using the API.
  8. cause, assist or permit any third party to do any of the foregoing.

3.5 Feedback

If API Consumer provides feedback or suggestions about APIs or API Functionality, then the Bank (and those the Bank allows) may use such information without obligation to API Consumer.

3.6 Non-Exclusivity

Nothing herein shall be construed as creating exclusivity in favour of the API Consumer so as to limit Bank’s rights to deal with any other persons for similar arrangements, in any manner whatsoever. API Consumer acknowledges that the Bank may develop products or services that may compete with the Consumer Applications or any other products or services. Further, Bank may in its absolute and sole discretion, give access to same or different APIs and functionality similar to API Functionality to other persons as well who may even be API Consumer’s competitors.

4API Functionality, Integration and Security Specifications

4.1 The services and functionalities enabled for the time being by the Bank under the API Functionality and the process and protocol therefor including the transaction processing shall be as specified in the Addendum (“Enabled Service Processes”).

4.2 The API Functionality shall be enabled by the Bank only on the Whitelisted IPs, for which purpose, the API Consumer shall complete such formalities and requirements as the Bank may need in this regard.

4.3 The API Consumer in order to get the License and in order to get the access to API Functionality, shall complete such on-boarding process (“Consumer-API-Onboarding Process”) and shall sign, execute and deliver such documents, information, forms and applications to the Bank, as shall be required by the Bank (“Onboarding Documents”).

4.4 It is the API Consumer’s responsibility to set up its Approved Consumer Applications at its own cost however subject to the Specifications so as to integrate the same for enabling the API Functionality in accordance with the Specifications and subject to the terms and conditions hereof. Before the Bank enables the API Functionality and before the License hereunder commences, the API Consumer shall be required to conduct the testing including the user acceptance testing at the API Consumer’s cost to the satisfaction of the Bank, including to check that the Approved Consumer Application of the API Consumer meets the Specifications, is operational and ready for API Functionality as also other requirements of the Bank as the Bank may specify. Provided that it is API Consumer’s responsibility to ensure that its application or platform is functioning in accordance with the Specifications, is operational and ready for API Functionality. The provision of API Functionality by the Bank shall in no manner be construed as the Bank certifying compliance by the Approved Consumer Applications or systems or platforms of the API Functionality requirements or as the Bank providing any warranty or representation whatsoever in respect of the Approved Consumer Applications or platform or compliance with any Applicable Laws.

4.5 In order to access and use the API, the API Consumer must obtain from the Bank, API credentials or key or token or any items listed under HDFC Bank's Security Credentials in Schedule 2 hereto, as the Bank may prescribe in this regard. The Bank reserves the right to prescribe additional authentication factors for the API Consumer like user id and unique passwords and/or one-time passwords for each API Remittance Instruction (if applicable), as the Bank may deem fit from time to time and the API Consumer shall bound to follow the same. Such API credentials or key or token or items listed under HDFC Bank's Security Credentials in Schedule 2 hereto, and the additional authentication factors, if any, shall collectively be referred to as “API Credentials”.

4.6 In case of alerts, notifications, reports as well as additional authentication factors (the one-time passwords or one-time auth factors), the same may be sent by or on behalf of the Bank to such mobile numbers and/or email ids which the API Consumer specifies in this regard shall be as specified in the Addendum. Such email ids and the mobile numbers shall be collectively referred to as “Registered Contact”.

4.7 Bank shall endeavour to adopt appropriate security measures as available in the industry from time to time. However, the API Consumer acknowledges that the technology used including the internet, as well as the use of public/shared facilities is susceptible to a number of risks, such as misuse, hacking, virus, malicious, destructive or corrupting code, programme or macro which could affect the API Functionality.  Bank will not be responsible for any loss, delays or failures in the processing of instructions on account of such risks.

4.8 Notwithstanding anything to the contrary contained in these Terms and Conditions, the Principal Agreement or any other document, the API Consumer irrevocably and unconditionally agrees as under:

  1. The API Consumer hereby agrees, acknowledges and confirms that the way API Functionality is built and the way it works, for giving the API Consumer Instructions including the API Remittance Instructions (if applicable), the API Consumer may not be required to authorize each such instruction by logging in to the website or portal of the Bank using username or password, and hence, the obligations and responsibility on the part of the API Consumer are of special and very high degree to maintain the security of the token and key and the API Credentials to prevent it being mis-used within or outside API Consumer’s organization.
  2. The API Consumer acknowledges that any usage of the API Functionality, the API Credentials and the Registered Contacts, and the internet as a medium, are prone to Security Breach and therefore the API Consumer shall be under the duty of special care to take extra and special care to ensure there is no Security Breach in any manner whatsoever of any of the same.
  3. Without prejudice to the generality of the above, the API Consumer must ensure that the API Credential and the Registered Contacts are for and at all the times in possession exclusively of the Authorised Persons alone and are never shared with any unauthorized person (whether within or outside organization) and that the Registered Contact, and the devices on which the same or API Functionality can be accessed, are made accessible and are accessed only and only by the Authorised Persons and not by any other person. The API Consumer shall ensure that the API Credentials are not shared by the Authorised Persons with any other person and they shall keep the same secure and shall not assign, transfer or disclose such information including the electronic key to any person.
  4. The API Consumer shall use the API Credentials only for the purposes of API Consumer’s means of accessing the API and shall not use the same or any part thereof for any other purpose. The API Consumer and the users authorised by the API Consumer shall keep all passwords, including the password used to encrypt the private key, confidential and well protected and should not reveal the same to any unauthorised person, including to any employees and representatives of Bank. Bank shall in no way be held responsible, if the API Consumer incurs any loss as a result of the password being disclosed by the API Consumer or user to any third parties.
  5. The API Consumer confirms that the Bank shall not be required in any manner to verify or check whether the use and access to APIs and API functionality is only by the Authorised Persons or not and whether any persons are actually Authorised Persons or not and whether the authority by API Consumer to the Authorised Persons is due and proper or not. The Bank shall be entitled to assume that any access to and use of the APIs and API Functionality with the API Credentials is by the Authorised Persons acting for and on behalf of the API Consumer to bind the API Consumer irrevocably and unconditionally vis-à-vis the Bank and the other persons involved.
  6. Any access and use of the API’s API Functionality through use of the API Credentials, notwithstanding any Security Breach:
    1. shall be deemed to be by the Authorised Person only, duly authorised by the API Consumer and acting for and on behalf of the API Consumer, with the due authority and intention to bind the API Consumer irrevocably and absolutely including in relation to all the API Consumer Instructions placed and/or acted upon, vis-a-vis the Bank and any other persons or entities involved;
    2. shall irrevocably and unconditionally bind the API Consumer vis-a-vis the Bank and any other persons or entities involved and shall always amount to authentic and authorised use by, for and on behalf of the API Consumer;
    3. shall result in the API Consumer’s full and absolute liability for such access and use;
    4. shall not obligate the Bank to verify whether the use or access is authorised or not and the Bank shall be fully entitled to act upon the same treating the same as the duly authorised instructions of the API Consumer;
  7. The API Consumer alone shall be liable and responsible for any Security Breach and consequences thereof and shall not hold the Bank responsible in any manner whatsoever.

4.9 API Consumer shall not misrepresent or mask either it’s identity or the identity of the Approved Consumer Applications when accessing or using the APIs or the API Functionality or the Approved Consumer Applications.

4.10 The API Consumer shall use appropriate computer systems and software to ensure that the requisite API Consumer Instructions reach Bank in the manner provided hereunder. The API Consumer shall further ensure that the computer systems, hardware and software used by them meet, at all times, the security standards and specifications as may be prescribed by Bank from time to time (all such security standards and specifications are collectively hereinafter referred to as “Specifications”). The Specifications in terms of the hardware and software requirements for the time being to be complied with by the API Consumer in this regard are mentioned in Schedule 1 The Specifications in terms of the minimum security standards, for the time being, to be followed and continuously met by the API Consumer in this regard are mentioned in Schedule 2 hereto.

4.11 API Limitations: Bank sets and enforces limits on the use of the APIs (e.g. limiting the number of API requests that API Consumer may make or the number of users that may be served), in Bank’s sole discretion. API Consumer agrees to, and undertakes to not attempt to circumvent, such limitations with respect to each API. If API Consumer would like to use any API beyond these limits, it must obtain Bank's prior written express consent (and the Bank may decline such request or give conditional acceptance subject to API Consumer’s agreement to additional terms and/or charges for that use). Bank’s decision in this regard shall be final and binding on the API Consumer and the Bank shall not be required to give any reasons for any rejections or conditional approvals.

4.12 For the Consumer-API-Onboarding Process as well as for continued access and use of the APIs and the API Functionality, the API Consumer may be required to provide such information as the Bank may require from time to time. API Consumer shall ensure that any such information shall always be accurate, complete in all respects, not misleading and up to date and the API Consumer shall inform the Bank promptly of any updates.

4.13 The API Consumer shall use the upgraded version of the API as may be prescribed, intimated and/or instructed by the Bank, from time to time. The Bank may send such intimation or instruction to the API Consumer by way of email or any other mode at the Bank’s sole discretion.

4.14 The API Consumer (and its personnel, representatives and service providers) shall comply with all Applicable Law, regulation, and third-party rights (including without limitation laws regarding the import or export of data or software, privacy, and local laws).

4.15 API Consumer agrees that the Bank may monitor the use of APIs to ensure quality, improve Bank products and services and functionalities, and to verify API Consumer’s compliance with these Terms and Conditions. Upon demand from the Bank, the API Consumer will provide Bank’s staff, or its agents access to the Consumer Applications, API Consumer’s systems, databases and other IT infrastructure for monitoring and other security checks, for example to identify security issues that could affect the Bank or its users. The API Consumer will cooperate with this monitoring and security checks. The Bank may also use any technical means for its monitoring and security checks. The Bank may at its sole discretion, suspend access to the APIs or the Approved Consumer Applications without giving any notice to the API Consumer if the Bank reasonably believes that the API Consumer is in violation of any terms of these Terms and Conditions.

4.16 API Consumer’s service providers and the users and end-users of the Approved Consumer Applications shall also be bound by the obligations under these Terms and Conditions as the API Consumer is bound. It shall be the responsibility of the API Consumer to ensure that there is no breach from any of such service providers, users or end-users. Any breach by such service providers, users or end-users shall be deemed to be breach of these Terms and Conditions by the API Consumer and the API Consumer shall be accordingly liable to the Bank.

5Costs

5.1 The API Consumer shall be solely responsible for and bear all costs, expenses, losses and liabilities incurred, taxes thereon and activities undertaken by or on behalf of API Consumer in connection with the development the Approved Consumer Applications, access to and use of the Development Materials, the API, the availing of API Functionality, including, but not limited to, any network and server equipment, internet service(s), or any other hardware, software or services used by API Consumer and/or it’s representatives or users or end-users of the Approved Consumer Applications.

6API Consumer Instructions through API Functionality and authorisations

6.1 The API Consumer shall need to follow the process, procedure and protocol as mentioned in the Enabled Service Processes or as may be separately made available by the Bank in order to utilize the API Functionality for carrying out any permitted activities and transactions and for placing the API Consumer Instructions.

6.2 The API Consumer shall ensure that each user who avails of Digital Signatures for the purpose of using the API Functionality shall generate the private key and the public key by following the instructions prescribed by Bank, and the API Consumer shall be bound by the private key and the public key so downloaded/generated by the users. The API Consumer shall be responsible for the safe custody of the private key and the API Consumer would be responsible for, and bound by, any and all instructions given and/or transactions carried out by the members of its organisation by using the private key and the public key. Bank shall be entitled to presume as genuine all instructions given by using the API Credentials.

6.3 Bank may suspend any service provided to the API Consumer under the Principal Agreement and/or API Functionality without notice and without assigning any reason therefor including, without limitation, where Bank considers it necessary or advisable to do so, for example to protect the API Consumer when there is a suspected breach of security or other reasons under which Bank may in its sole discretion deem fit/ necessary for suspending such services.

6.4 While Bank shall endeavour to carry out the API Consumer Instructions promptly, it shall not be responsible for any delay in carrying on the API Consumer Instructions due to any reason whatsoever, including due to failure of operational systems or any requirement of Law.

6.5 A transaction being carried out is not always simultaneous with an API Remittance Instruction being given. Some matters may take time to process and certain API Remittance Instructions may only be processed during normal banking hours even although the internet banking service may be accessible outside such hours. Further, Bank shall not be liable for any omission to make all or any of the payments or for late payments due to circumstances beyond its reasonable control.The API Consumer may utilize the API Functionality to transfer of funds from its account maintained with Bank to other accounts, whether belonging to the API Consumer or to third parties, maintained at Bank and/or at any other bank. Any transfer of funds from the API Consumer’s account(s) using RBI’s, National Payments Corporation of India’s or any other entity/statutory and/ or regulatory authorities’ and/or any other Authority’s settlement mechanism shall be governed by the prescribed terms and conditions applicable to such transfers.

6.6 The API Consumer shall ensure that the Principal Subject Matter, the API Functionality or any related services offered by Bank is not used for any purpose which is illegal, improper or which is not authorised under these terms..

6.7 The Bank may, from time to time, specify maximum and minimum transaction limits for its various services. The API Consumer shall be bound to comply with such limits imposed by Bank.

6.8 The API Consumer shall not, and shall not permit any end users or others acting on its behalf to, do the following with accessed, generated or transmitted Data pursuant to, during or for use of the API Functionality:

  1. Scrape, build databases, or otherwise create any copies of such content, or keep cached copies;
  2. Copy, translate, modify, create a derivative work of, sell, lease, lend, convey or distribute;
  3. publicly display or disclose to or sublicense to any third party;
  4. misrepresent the source or ownership;
  5. remove, obscure, or alter any copyright, trademark, or other proprietary rights notices; or falsify or delete any author attributions, legal notices, or other labels of the origin or source of material.

6.9 If the API Remittance Instructions have been enabled for the API Consumer by the Bank pursuant to the Addendum, then the provisions of Schedule 5 hereof shall be additionally applicable to the API Consumer and the API Consumer agrees to comply with the same.

7Special Conditions in relation to the Bank Customer API Functionality

7.1 The Bank may at its discretion, allow the placing of Bank Customer API Instructions through the use of the API Functionality of the API Consumer, subject to such terms and conditions as the Bank may prescribe at such time, including but not limited to the on-boarding process for this purpose of each of the concerned Bank Customers as mentioned in the Schedule 3 hereto (collectively, “Bank Customer-via-Consumer API -On-boarding Process” and the functionality so enabled “Bank Customer API Functionality”).

7.2 Without prejudice to the aforesaid, for the aforesaid purposes, the Bank may from time to time, prescribe and amend additional or enhanced levels of security protocols and authentications factors for access by the API Consumer as well as by the Bank Customers, in addition to the API Credentials mentioned in Clause 4 hereof in this regard. The API Consumer shall be bound by the same.

7.3 The API Consumer irrevocably and unconditionally confirms, agrees and undertakes to the Bank, it shall not either by itself or through its representatives or service providers, whether manually or through use of technology, robotics, bots, systems, artificial intelligence or any other technological solution or platform including through any online or digital solution or platform:

  1. monitor the Bank Customer’s access through the API Functionality and details thereof including time-stamps etc.;
  2. scrape, access, copy, store, the Bank Customer API Data or any part thereof;
  3. maintain a cache or store using any kind of storage of any set or subset of the Bank Customer API Data or any part thereof;
  4. cause, assist or permit any third party to do any of the foregoing; or
  5. collect login credentials from Bank Customers to; (i) scrape, access, copy or store any data from customer’s account related to online information, including the account statements and/or Form 26AS from the websites/electronic platforms of or managed for the income tax department or any of their service providers, whether any such scraping, access, copying or storing is done by the customer himself and/or for or on his/her behalf including with his/her consent; (ii) ask or solicit from the Bank Customers consent in any form and of any nature, to undertake any of the aforesaid actions mentioned above; (iii) prompt, solicit or request the Bank Customer in any manner whatsoever, to share his/her Bank account, internet banking, mobile banking, debit card, credit card, phone banking authentication credentials or log in credentials including password or personal identification numbers.

8User Information, Personal Information, Data Security, Non-Solicitation and Confidentiality

8.1 API Consumer shall comply with and be bound by the provisions and terms and conditions as mentioned in Schedule 4 hereto.

9Inspection and Audit

9.1 The API Consumer shall permit the Bank to inspect and have access to any premises (and to the computer equipment located there) at or on which the Development Material, API is being kept or used, and to any systems and applications of the API Consumer including the Approved Consumer Applications and have access to and audit (by itself or through any consultants or auditors of the Bank’s choice) them as well as any records and books and papers including as kept in connection with the License, for the purposes of ensuring and to any systems and applications of the API Consumer including the Approved Consumer Applications that the API Consumer is complying with the terms of this License, provided that the Bank provides at least 7 (seven) days advance notice to the API Consumer of such audits and inspections.

9.2 Notwithstanding anything contained herein, it is hereby agreed between the parties that any government regulator who is entitled to regulate and supervise the activities of the Bank, including the Reserve Bank of India (RBI) and/or any persons authorized by such regulator shall be entitled to require the API Consumer to furnish and submit such data, documents and records, and/or inspect/ cause an inspection to be made of the API Consumer and its operations or books and accounts by one or more of its officers or employees or other persons, or enter upon the premises of the API Consumer and access, inspect, examine, audit and call for all the documents, records or transactions and other necessary information given to, stored or processed by the API Consumer (including information maintained in paper and/or electronic formats) in the nature of operations and business records and which the regulator may, in its sole and absolute discretion, deem to be relevant to the terms and conditions, as set forth in these Terms and Conditions, with or without provision of prior notice, as the regulator may deem fit and necessary.

10Limitation on Liability  

10.1 The Bank does not warrant that the use of the API Functionality will be uninterrupted or error-free.

10.2 The API Consumer accepts responsibility for the selection of the API Functionality to achieve its intended results and acknowledges that the API has not been developed to meet the individual requirements of the API Consumer.

10.3 All other conditions, warranties by the Bank or other terms which, as against the Bank, might have effect or be implied or incorporated into this License or any collateral contract, whether by statute, common law or otherwise, are hereby excluded, including the implied conditions, warranties or other terms as to satisfactory quality, fitness for purpose or the use of reasonable skill and care by the Bank.

10.4 The API Consumer agrees that, in entering into this License, either it did not rely on any representations (whether written or oral) of any kind or of any person other than those expressly set out, if any, in this License and the Bank shall have no liability in any circumstances otherwise than in accordance with the express terms of this License.

10.5 The Bank shall not in any circumstances have any liability for any losses or damages which may be suffered by the API Consumer (or any person claiming under or through the API Consumer) or any end user, whether the same are suffered directly or indirectly or are immediate or consequential, and whether the same arise in contract, tort (including negligence) or otherwise howsoever, which fall within any of the categories including the following: 

  1. special damage even if the Bank was aware of the circumstances in which such special damage could arise; 
  2. loss of profits; 
  3. loss of anticipated savings; 
  4. loss of business opportunity; 
  5. loss of goodwill; 
  6. loss or corruption of data. 

10.6 All dates supplied by the Bank for the API Functionality shall be treated as approximate only. The Bank shall not in any circumstances be liable for any loss or damage arising from any delay in delivery beyond such approximate dates.

10.7 All references to the “Bank” in this Clause shall, for the purposes of this clause, be treated as including all employees, subcontractors and suppliers of the Bank and its Affiliates, all of whom shall have the benefit of the exclusions and limitations of liability set out in this clause.

10.8 Notwithstanding anything to the contrary contained in the Terms and Conditions, the Principal Agreement, these Terms and Conditions or any other document or term, the liability of the API Consumer herein including under Clause 14 (Indemnity) shall not be limited and this clause overrides any provisions of the Principal Agreement or any other document or term which in any manner limits or restricts the liability of the API Consumer to the Bank to the extent any such liability arises out of or relates to any subject-matter covered by these Terms and Conditions.

11Intellectual Property Rights

11.1 The API Consumer acknowledges that all Intellectual Property Rights in the Development Material, the API Credentials, the API Functionality, the Data accessed or generated while or pursuant to using the API Functionality and the API belong and shall always belong to the Bank, and the API Consumer shall have no rights in or to the API or Development Material other than the right to use it in accordance with the terms of this License. All use by API Consumer of the API, API Functionality (including any goodwill associated therewith) will inure to the benefit of Bank.

12Sub-contracting

12.1 The API Consumer is under obligation to obtain prior written consent of the Bank to sub-contract or appoint service providers for all or any part of development, integration of the Approved Consumer Applications for API Functionality or any of its activities under the API Functionality or any part of its obligations hereunder. Where any such consent is provided by the Bank in respect of the appointment of a sub-contractor/service provider, such sub-contracting will be at no cost to the Bank and shall not release the API Consumer from any responsibility hereunder and the API Consumer shall be fully responsible and liable to the Bank for the non-performance of obligations by such sub-contractor/service provider and for any breaches of the sub-contractor/service provider as if the acts and omissions of the sub-contractor/service provider were of the API Consumer itself.

12.2 The Bank shall have the right to engage any service provider and/or sub-contractors for any part of its services hereunder without notice to or consent from the API Consumer.

13Representations, Warranties

13.1 The API Consumer makes the following representations and warranties and states that the same are true, correct, valid and subsisting in every respect as of the date of these Terms and Conditions, and as of the each day during the currency of the API Functionality:

  1. The API Consumer is duly incorporated and validly existing under the laws of India.
  2. The API Consumer has the power to enter into, perform and deliver, and has taken all necessary actions to authorise its entry into, performance and delivery of, the Onboarding Documents, information therein, these Terms and Conditions, related documents and the transactions contemplated thereby. The Onboarding Documents, these Terms and Conditions and the related documents, and use of the API Functionality are duly authorised and executed by the appropriate authority of the API Consumer and constitutes a valid and legally binding obligation of the API Consumer, enforceable in accordance with the terms contained herein; and none of that will conflict with any Applicable Law, or any order, guideline or direction of any court or tribunal or judicial or quasi-judicial or regulatory or governmental authority or any other Authority, or with the provisions of any document or instrument or agreement (including its constitutional documents (if so applicable), which is binding on the API Consumer or any of its assets.
  3. Each of the API Consumer and the Authorised Persons (a) is of legal age and are competent to form a binding contract; (b) is not a person barred from using or receiving the APIs under the applicable laws of any jurisdiction of the country in which it is resident or from which the APIs are accessed and/or used or the laws of which jurisdiction apply; and (c) is in full compliance with all the applicable laws mentioned in (b) above.
  4. Each of the Authorised Persons is and will continue to be fully and duly authorised, including pursuant to due corporate authorisations of the API Consumer, for and on behalf of the API Consumer to possess the API Credentials, access and use the APIs and API Functionality and thereby absolutely and legally bind the API Consumer irrevocably and unconditionally. The API Consumer confirms that the Authorised Persons have been duly intimated by it about the risks involved, special degree of care that is required to maintain the security of the API Credentials, devices, etc. and to prevent any Security Breach and further confirms that the Authorised Persons are competent to handle and ensure the same. API Consumer confirms that the Bank shall not in any way or manner be liable or responsible for any misuse or any un-authorised access to and use of the API Credentials, the APIs and the API Functionality and such mis-use or unauthorized use shall be fully and absolutely binding on the API Consumer as a due and authorised use.
  5. API Consumer confirms that the possession of the Development Material, the API Credentials, the Registered Contacts shall always be only with the Authorised Persons (and with no other person), and every-time the APIs and the API Functionality is accessed and used and any API Consumer Instructions are placed, the same are and shall be, only and only, for and on behalf of the API Consumer for irrevocably and unconditionally binding the API Consumer vis-à-vis the Bank and the other persons involved, and the Bank shall be entitled to act upon the same without verifying the genuineness or correctness of such access, use or authority.
  6. To the extent the Approved Consumer Applications transmit any data, API Consumer represents and warrants that API Consumer has notified all users of such applications that their data will be transmitted and that Bank is not responsible for the privacy, security or integrity of such data and that it shall be the full and entire responsibility of the API Consumer and the API Consumer shall be solely liable towards the same.
  7. The API Consumer has disclosed to the Bank, all the information (financial or otherwise) relating to it and all other relevant parties which is material to be known to the Bank in order for the Bank to enable API Functionality to the API Consumer and all such information including as provided in the Onboarding Documents and as shall be provided for continued access to and use of APIs and API Functionality, is true, complete, up to date, and accurate and is not misleading in any respect.
  8. API Consumer represents, warrants and covenants that (a) Approved Consumer Applications, the use of such applications by its users, and the activities with respect to such applications undertaken by Bank in accordance with the terms of these Terms and Conditions, do not and will not violate, misappropriate or infringe upon the Intellectual Property Rights of any third party; (b) API Consumer will comply with all applicable local, state, national and international laws and regulations, including, without limitation, all applicable export control laws, privacy laws and maintain all licenses, permits and other permissions necessary to avail of the API Functionality; (c) its systems and applications shall not, are not designed to or utilized for the purpose of spamming any users and/or customers of the Bank and/or Bank’s systems; (d) it shall use the API Functionality only through the Whitelisted IPs and the entire Intellectual Property Rights in each of the Whitelisted IPs solely legally and beneficially vest and are owned fully by the API Consumer and by no other person.

13.2 Except as expressly set out herein, the APIs are provided under these Terms and Conditions on “as is” basis and neither the Bank nor its representatives, employees, service providers, suppliers or distributors make any promises, representations or warranties about the APIs or the API Functionality, or their reliability, availability, or ability to meet API Consumer’s needs or expectations.

14Indemnity

14.1 In consideration of Bank providing the API Consumer the flexibility to give API Consumer Instructions through API Functionality in accordance with the terms and conditions contained herein, the API Consumer shall, at its own expense, indemnify and hold Bank, its directors and employees, representatives, agents and/or the affiliates, as the case may be, indemnified against all losses and expenses on full indemnity basis which Bank may incur, sustain, suffer or is likely to suffer in connection with Bank or its affiliates' execution of the API Consumer Instructions including the API Remittance Instructions (if applicable) and against all actions, claims, demands, proceedings, losses, damages, costs, charges and expenses as a consequence or by reason of providing a service through API Functionality for any action taken or omitted to be taken by Bank and /or its affiliates, its officers, employees or agents, on the API Consumer Instructions of the API Consumer. The API Consumer will pay Bank and /or its affiliates such amount as may be determined by Bank and/or its affiliates to be sufficient to indemnify it against any such, loss or expenses even though they may not have arisen or are contingent in nature.

14.2 Further, the API Consumer agrees, at its own expense, to indemnify, defend and hold harmless Bank, its directors and employees, representatives, agents, and its Affiliates against any notice, claim, suit, action or other proceedings brought against Bank, its directors and employees, representatives, agents, and affiliates by a third party, to the extent that such notice, claim, suit, action of other proceeding brought against Bank, its directors and employees, representatives, agents, and affiliates is based on or arises in connection with the user of API Functionality with reference to:

  1. a violation of the terms contained herein by the API Consumer;
  2. any deletions, additions, insertions or alterations to, or any unauthorized use of, API Functionality by the API Consumer;
  3. any misrepresentation or breach of representation or warranty made by the API Consumer contained herein;
  4. misuse or unauthorized use of API Functionality or the APIs;
  5. any Security Breach;
  6. misuse or unauthorized use of API Functionality or the APIs by any user or end user of the Approved Consumer Applications;
  7. violation by any user or end user of these Terms and Conditions;
  8. any content or data routed into or used with the APIs; or
  9. any breach of any covenant or obligation to be performed by the API Consumer hereunder.

14.3 The API Consumer agrees to pay any and all costs, damages and expenses, including, but not limited to, reasonable attorneys' fees and costs awarded against it or otherwise incurred by or in connection with or arising from any such claim, suit, action or proceeding attributable to any such claim.

15Duration and Termination

15.1 Bank may elect to provide API consumer with support or modifications for the API (collectively, “Support”), in its sole discretion, and may terminate such Support at any time without notice to API consumer.  Bank may change, suspend, or discontinue any aspect of the API at any time, including the availability of the API.  Bank may also impose limits on certain features and services or restrict API consumer’s access to parts or all of the API or the Bank’s web sites without notice or liability. 

15.2 Subject to the provisions of the aforesaid sub-clause, either party may terminate this agreement with immediate effect by giving a written notice of 30 days to the other party. Provided however that the Bank may terminate these Terms and Conditions without any notice if there is any breach of any of the terms hereof by the API Consumer or if in the opinion of the Bank there are regulatory reasons for it to terminate these Terms and Conditions or if the Principal Agreement is terminated.

15.3 Notwithstanding anything to the contrary contained anywhere in these Terms and Conditions or any related document:

  1. Termination or expiry of this agreement shall not affect any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry, including the right to claim damages or be indemnified in respect of any breach of the agreement which existed at or before the date of termination or expiry.
  2. Clauses 8, 10, 11, 14, 15, 16, , 18 and 19 and Schedule 4 shall survive the termination of these Terms and Conditions.

15.4 On termination of these Terms and Conditions for any reason: 

  1. all rights granted to the API Consumer under this License shall cease;
  2. the API Consumer shall cease all activities authorised by this License; and
  3. the API Consumer shall immediately, at the Bank’s option destroy or return to the Bank, all copies of the Development Material and API then in its possession, custody or control and, in the case of destruction, certify to the Bank that it has done so to the satisfaction of the Bank. The Bank shall have right to inspect and audit to satisfy itself in this regard in accordance with Clause 9 above.
  4. this clause shall survive the termination of these Terms and Conditions.

15.5 Bank may independently communicate with any account owners whose account(s) are associated with the Approved Consumer Applications including the Bank Customers to provide notice of the termination of API Consumer’s right to use an API.

16Records

16.1 Any paper prints or any electronic report or email or sms or any pdf or such other file or any other form and mode, as compiled, generated, made by the Bank from any electronic records from or in it’s systems or servers or systems/servers deployed for or on its behalf (whether system generated or manual), showing the details or contents of any access or use by the API Consumer of the API Functionality, the API Consumer Instructions, actions taken pursuant thereto, reports, statements and communications (collectively, “API Actions”), in such form, pro-forma or format or template as deemed fit by the Bank, shall be conclusive evidence of any such API Actions and contents thereof including any acceptances or authentications. The API Consumer shall be bound by the same and waives any objection it may to the same.

16.2 Without prejudice to the generality of the aforesaid, all the records (including electronic records) in the systems of the Bank or its service providers, of any activity under the API Functionality including the transactions arising out of the API Consumer Instructions including the API Remittance Instructions (if applicable), including the time the transaction recorded shall be conclusive proof of the genuineness and accuracy of the same and the consequent transactions and any copy thereof whether physical or computer readable and whether printed or otherwise, as may be produced by the Bank shall be the conclusive evidence of the same binding on the API Consumer including before any judicial, quasi-judicial, Governmental, regulatory or other forum or tribunal. The API Consumer waives any objection it may have to the admission of Bank’s records or copies thereof as above in evidence in any legal proceedings.

17Transfer and Assignment

17.1 The Bank shall at any time, without any consent of or notice to the API Consumer(s) be entitled to sell, assign, discount or transfer all or any part of the Bank’s rights, title, interest and/or obligations under these Terms and Conditions, to any person(s) and in such manner and on such terms as the Bank may decide. Any such sale, assignment or transfer shall conclusively bind the API Consumer and all other concerned persons. The API Consumer shall not be entitled to directly or indirectly assign or in any manner transfer, novate, whether in whole or part, any rights, benefits or obligations under or in relation to the API Functionality, Development Material, API, API Credentials, and these Terms and Conditions or any part thereof.

18Notices

18.1 All notices, approvals, instructions, demand and other communication given or made under these Terms and Conditions shall be in writing and may, subject to Clause 18.2 (Notices) hereof, be given by facsimile, electronic mail, personal delivery or by sending the same by pre-paid registered mail addressed to the relevant party at its address or email set out in Schedule 1 of the Addendum(or such other address or email as the addressee has by 5 (Five) calendar days’ prior written notice specified to the other party):

18.2 Any notice, approval, instruction, demand or other communication so addressed to the relevant party shall be deemed to have been delivered (i) if given or made by registered mail, 5 (Five) calendar days after posting; (ii) if given by personal delivery at the time of delivery; and (iii) if given or made by email, upon receipt of an email delivery report confirming receipt by the other party. Provided that in case of email sent to the Bank, the same shall be immediately on the same day followed by a physical copy of the notice sent by the API Consumer by a reputable overnight courier or registered A.D postage prepaid.

18.3 This clause shall survive the termination or expiry of these Terms and Conditions.

19Governing Law, Jurisdiction and Arbitration

19.1 These Terms and Conditions shall be governed by, and construed in accordance with the laws of India. The parties agree that subject to Clause 19.2 below, if the process of the courts is required to be invoked for enforcement of Clause 2 (Governing Law, Jurisdiction and Arbitration) below, including for seeking of any interim relief prior, during or after invocation of Clause 19.2 (Governing Law, Jurisdiction and Arbitration) below, the competent courts and tribunals at the place as set out in the Addendum shall have exclusive jurisdiction and both the parties hereto submit to the same.

19.2 All disputes, differences and/or claims arising out of these presents or as to the construction, meaning or effect hereof or as to the rights and liabilities of the parties shall be settled by arbitration to be held at the place as set out in the Addendum or any other place at the discretion of the Bank in accordance with the provisions of the Arbitration and Conciliation Act, 1996 (or any statutory amendments thereof or any statute enacted for replacement thereof) and shall be referred to the sole arbitration of a person to be nominated by the Bank. The language of arbitration shall be English. In the event of death, refusal, neglect, inability or incapability of the person so appointed to act as an arbitrator, the Bank may appoint a new arbitrator. The award including interim award/s of the arbitrator shall be final and binding on all parties concerned. The arbitrator may lay down from time to time the procedure to be followed by him in conducting arbitration proceedings and shall conduct arbitration proceedings in such manner as the arbitrator considers appropriate.

19.3 The API Consumer shall have no power or authority to conclude any agreement or contract or make any representation, promise, statement or guarantee on behalf of the Bank or to bind the Bank or create any obligation or responsibility for the Bank in any other way, to any person.

20Updated Terms and Conditions

Whenever there is a new version, amendment, re-hosting, restatement and/or modification of these Terms and Conditions (“Updated Terms and Conditions”), the same shall be hosted by the Bank at the Link. The API Consumer hereby agrees and confirms that the acceptance by the API Consumer of the Updated Terms and Conditions shall be by way of the action of the API Consumer of continued use of the API Functionality. Accordingly, for clarity, the continued use of the API Functionality by the API Consumer by itself, without any act, deed or writing, shall be acceptance of the Updated Terms and Conditions. It shall be the responsibility of the API Consumer to check the Link prior to each use of the API Functionality for apprising itself with the Updated Terms and Conditions.

 

Schedule 1

Specifications - Hardware and Software Requirements

The API Consumer shall integrate its system with the Bank’s API as per specifications of the Bank as may be prescribed by the Bank. 

The API Consumer will maintain logs, records and management-information -system of all instances of API access, and will share the same with the Bank, if requested by the Bank.

The API Consumer irrevocably agrees, undertakes and ensures that:

  1. the hardware/software deployed by the API Consumer for production/Live API access will be designed to ensure Confidential Information, User Information, Personal Information, APIs, API Credentials and Data is kept secret and confidential
  2. the hardware/software deployed by the API Consumer for production/Live API access will be designed to ensure that only Authorised Persons have access to the hardware/software.
  3. the hardware/software deployed by the API Consumer for API access will be periodically scanned to ensure Harmful Code is not present on the hardware/software, and is not getting transmitted to the Bank while accessing API. The API Consumer will undertake to secure and defend its systems that access API against “hackers” and others who may seek, without authorisation, to modify or access its systems or Confidential Information or User Information or Data or API Credentials. The API Consumer will periodically test its systems for potential areas where security could be breached.
  4. the hardware/software deployed by the API Consumer for API access for non-production activities such as development, testing, staging, UAT, etc will be separate from the production/Live hardware/software.
  5. records will be maintained of any changes to the hardware/software deployed by the API Consumer for production/Live API access, and shared with the Bank if required.
  6. white-listing for API access will be implemented, as required.
  7. promptly return to the Bank any part or all of the User Information, on a request being made in this regard by the Bank. If any Data/information is required to be deleted/purged, the API Consumer shall delete/purge the same in accordance with the instructions of the Bank in consultation with the Bank.
  8. API Consumer not to store any data obtained from users and end-users and the Bank Customers in the entire journey.
  9. The API Consumer confirms and shall ensure that the Approved Consumer Applications do not and will not contain any virus, Trojan horse, worm, time bomb, cancelbot, or other computer programming routine that is intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data, or Personal Information.

 

Schedule 2

Specifications - Minimum Security Standards

While accessing the Bank’s API, API Consumers may need to implement a list of security features that may include, but is not restricted to, the following features:

  • SSL with API Consumer Authentication
  • HTTP POST only
  • Authentication mechanisms such as OAuth, etc.
  • Encryption at field level or full payload level
  • Digital Signature validation
  • Any other credentials as may be required by the Bank from time to time for the protection of its APIs and its data

The API Consumer shall notify any concerns regarding security listed in API specifications to the Bank within 7 working days of receiving specifications

Self-signed certificates should not be utilized by the API Consumer.

HDFC Bank's Security Credentials:

HDFC Bank's Security Credentials include (but are not restricted to) the following items:

  • Bank's SSL/TLS certificates
  • Bank's digital certificates
  • Bank's API keys
  • Bank's passwords
  • OAuth tokens and any other types of tokens
  • One time passwords
  • Any other credentials as may be provided or prescribed by the Bank seperately for the protection of its APIs and its data

 

Schedule 3

Bank Customer-via-Consumer API -On-boarding Process

  1. The Bank may from time to time prescribe the steps and processes for this purpose, including by way of letter or email.
  2. The Bank may require the API Consumer to flash and highlight to the Bank Customer, such disclaimers and crucial warnings including about non-sharing the passwords, etc., as the Bank may require and the API Consumer undertakes to comply with such requirements of the Bank.
  3. The Bank may require the Bank Customer to accept certain terms and conditions which the Bank may deem fit to prescribe in this regard, prior to the on-boarding of the Bank Customer for these purposes is completed as also prior to any or each access or placing of the Bank Customer API Instructions, in such form and manner as the Bank may determine. In case any support from the API Consumer is required in this regard, the Bank will inform the API Consumer of the same, and the API Consumer undertakes to comply with such requirements of the Bank.

 

Schedule 4

1User Information:

1.1 API Consumer shall ensure that no Harmful Code is present in the API Consumer’s systems and that no Harmful Code is introduced into any of the Bank’s systems, customer’s systems or devices, which may adversely affect the systems/ device of the Bank and/or of the customer.

1.2 API Consumer agrees that all User Information while being transmitted is completely encrypted and masked, end to end, such that it is not visible or readable in its original/ decrypted form by API Consumer or any of its employees and representatives and shall at no point be able to decrypt, read, access, reverse engineer, modify or manipulate any User Information including while storing, retrieving or producing such User Information and that the said User Information can be decrypted only when the Bank wants it so expressly in writing.

1.3 Subject to the restrictions mentioned in these Terms and Conditions on storage of User Information, the Bank can ask API Consumer to produce in any form and manner as the Bank may require, and within such time as the Bank may require, copies and/or records of the User Information, and API Consumer shall be bound to comply with the Bank’s requirement in this regard. All User Information shall be treated as Confidential Information. Bank shall be entitled from time to time to require API Consumer to handover to the Bank within such time as Bank may require, in such form and manner as the Bank may require, the entire User Information and entire electronic records therefor with such certifications as may be required by the Bank including that the same has not been compromised, altered, edited or tampered with in any manner whatsoever and that the systems and servers where it was stored has not been compromised.

1.4 The API Consumer confirms that it is in a position to isolate and clearly identify the User Information from any of its other data, systems, information, documents, records and assets, and is in a position to protect and shall protect the confidentiality of the User Information and such data.

1.5 None of User Information shall be stored or transmitted outside India by the API Consumer in violation or breach of or against any directives of the Applicable Law in India.

1.6 API Consumer shall ensure by putting in place technical and organizational and other measures to protect User Information collected, accessed or transmitted through or for or pursuant to the use of API Functionality, including any Personal Information, from unauthorized access or use and shall promptly report to the relevant users of any unauthorized access or use of such information.

1.7 API Consumer shall comply with all applicable privacy laws and regulations including those applying to Personal Information. API Consumer shall provide and adhere to a privacy policy for the Approved Consumer Applications that clearly and accurately describes to users of the Approved Consumer Applications what User Information and Personal information is collected or accessed by API Consumer for what purpose, under what basis, and how it is used and shared as also users’ rights.

1.8 When a user's non-public content is obtained through the APIs or through use of API Functionality, API Consumer shall not expose that content to other users or to third parties without explicit opt-in consent from that user.

1.9 The API Consumer shall not use in any manner whatsoever the API Functionality for any illegal, anti-social, objectionable, speculative, immoral activities or purposes and shall solely bear the entire responsibility and liability including civil, criminal, torts, or otherwise, vis-à-vis any customers, or any other persons in this regard, and shall save and hold the Bank harmless. The API Consumer shall ensure that no objectionable, immoral, anti-social, illegal messages or data is sent or shared with any of the customers in any manner whatsoever, and that no customer ever gets a reason to be aggrieved on account of any of the aforesaid, or on account or violation of/or intrusion of privacy. The API Consumer shall ensure that none of any of their employees, representatives, or any persons, maintaining or operating the API or otherwise, get to access, use, misuse any User Information. The API Consumer shall indemnify and keep the Bank and its officers indemnified from and against any loss, claim, demand, notice, proceedings (including attorney fees), costs, expenses, taxes, if any, which the Bank may suffer/incur of be subjected to from any persons on account of or in relation to any of the aforesaid. The API Consumer shall be responsible for all acts and omissions and shall be fully liable in civil, criminal, torts or otherwise in this regard, and acknowledges that the Bank is not in any way or in any manner responsible or liable to any of the same.

2Data Security

2.1 The API Consumer shall (and shall ensure that its employees, agents and subcontractors shall) be required to maintain such administrative, technical and physical safeguards, and such processes, procedures and checks including, to secure the API, Development Material, Specifications and the data pertaining to API, as may be required under Applicable Law and/or industry standards or regulations issued by any Authority, which safeguards must be at least equal to or better than (a) the safeguards it currently has in place to protect its own data; and (b) generally accepted security standards in the financial services industry.

2.2 The administrative, technical and physical safeguards, processes, procedures and checks as provided for in this Clause will be designed to:

  1. protect the security and confidentiality of the HDFC Bank Specifications and API and Development Material;
  2. ensure protection against any anticipated threats or hazards to the security and confidentiality of the data, HDFC Bank Specifications and API and Development Material;
  3. protect against unauthorised access to or use of the API or associated records which could result in substantial harm or inconvenience to the Bank; and

2.3 Compliance with all provisions of law including privacy laws including obtaining of consents during and for collection and access and further processing by the API Consumer of any Personal Information or other data of any person, for or towards performance or access to of the API Functionality, shall be the sole responsibility of the API Consumer and the API Consumer shall be solely liable for any misuse or breach or claim in relation to any such data or information of any such person. Before transmitting any such data or information to the bank including through the API Functionality, the API Consumer must ensure that the same is being done with prior written and explicit consent of the relevant persons in this regard. Further, without the Bank being obligated to do so, the Bank may at its discretion require the API Consumer to share such consents and the API Consumer hereby agrees to share the such consents with the Bank as and when required by the Bank. However, while obtaining such consents from such persons, it must be ensured by the API Consumer that such consent or subsequent withdrawal thereof by any such person, shall in no way limit or affect the rights of the Bank which the Bank may separately have against such person or such data or information whether through or pursuant to Bank’s relationship or otherwise including the customer and account based relationships of the Bank.

2.4 Without limiting the generality of the foregoing, the API Consumer shall initiate all measures which a prudent organisation, in a similar situation, would take to secure and defend its systems that contain the User Information, against “hackers” and others who may seek, without authorisation, to modify or access its systems or the User Information. API Consumer will periodically test its systems for potential areas where security could be breached.

2.5 API Consumer covenants (and shall ensure that its sub-contractors shall) that it shall take appropriate technical and organisational measures against (i) any unauthorised or unlawful processing or alteration of the User Information in the systems of API Consumer, (ii) any resultant loss or destruction of, or damage to, the User Information due to unauthorised processing or alterations, and (iii) unauthorised or accidental access, processing, erasure, transfer, use, modification, disclosure or other misuse of the User Information and shall ensure that only reliable personnel who are authorised for such access by the Bank and bound by adequate confidentiality obligations shall have access to the User Information strictly only on a ‘need to know’ basis. API Consumer shall ensure that the personnel of API Consumer(or of any of API Consumer’s sub-contractors) who access the User Information provide a written undertaking not to access, use, disclose or retain the User Information except in performing their duties of employment and any failure to comply with this undertaking may result in a criminal offence and may lead API Consumer (or API Consumer’s sub-contractor, as the case may be) to initiate disciplinary action against such personnel. API Consumer agrees and acknowledges that any unauthorised access, destruction, alteration, addition or impediment to, access or use of the User Information or the publication or communication of any part thereof (other than to a person to whom API Consumer is authorised to publish or disclose the fact or document) may be a criminal offence.

2.6 API Consumer shall (and shall ensure that its employees, agents and subcontractors shall) in respect of the User Information:

  1. comply with any request made or direction given by any authorised personnel of the Bank in connection with the requirements of any data protection laws;
  2. not do or permit anything to be done which might jeopardise or contravene the terms of any registration, notification or authorisation under any data protection laws;
  3. not to process any data (including personal or private information of personnel, clients or customers of the Bank), as part of maintenance unless it is acting on the express instructions of the Bank, and such data shall be treated as Confidential Information, for the purpose of these Terms and Conditions;
  4. use the User Information only for the purposes of fulfilling its obligations under these Terms and Conditions and to comply with instructions given by the Bank from time to time in connection with use of such data, and not retain the data any longer than is necessary for these purposes and/or under Applicable Law;
  5. not transfer User Information which has been obtained by or made available to API Consumer outside India, or allow persons outside India to have access to it, without the prior written approval of the Bank;
  6. take all reasonable steps to ensure the reliability of the personnel who will have access to any User Information and ensure that the personnel of API Consumer who access the User Information, give a written undertaking not to access, use, disclose or retain the User Information except in performing their duties of employment;
  7. observe the provisions of, and comply with any request made or direction given by the Bank in connection with any data protection laws;
  8. consider and comply with all suggestions of the Bank to ensure that the level of protection provided for the User Information is in accordance with these Terms and Conditions, Applicable Law and shall be required to make, at its own cost, any revisions and modifications suggested by the Bank in this regard. It is provided however that, if any revision or modification sought or suggested by the Bank (not being a revision and/ or modification mandated by Applicable Law and/or the original terms of these Terms and Conditions), API Consumer shall make such modification but the additional cost incurred in respect of the same shall be borne in the manner mutually agreed at that time between the parties;
  9. not disclose User Information except as expressly authorised by these Terms and Conditions, without the prior written consent of the Bank and immediately notify the Bank prior to any disclosure required to be made under Applicable Law;
  10. promptly return to the Bank any part or all of the User Information on a request being made in this regard by the Bank.

2.7 API Consumer shall ensure that the User Information is maintained in such a way that it is protected and is not mixed or mingled with any other data, including any data of its other customers or clients.

2.8 API Consumer acknowledges that any unauthorized access, destruction, alteration, addition or impediment to access or use of the User Information when stored in any computer, or the publication or communication or any document or any part thereof, by any person to whose knowledge or into whose possession or custody such User Information has come into (other than such persons to whom API Consumer is expressly authorized (if any) to publish or disclose the document or any part thereof), may be a criminal offence;

2.9 API Consumer shall indemnify the Bank and keep the Bank fully and effectively indemnified on demand, in respect of any type of liability, loss, damage, claim, demand, action, charge, cost (including legal/attorney fees) expenses, taxes, if any, incurred by the Bank arising out of or in connection with any wrongful disclosure or misuse of data as a result of breach of this Clause.

2.10 Where the introduction, imposition or variation of any law, order or regulation or official directive or any change in the interpretation or application thereof by any competent authority makes it apparent that it is unlawful or impractical without breaching such law, order or regulation or official directive for API Consumer to give effect to its obligations under these Terms and Conditions, then notwithstanding anything herein to the contrary, API Consumer shall immediately consult the Bank to agree on any revision of the terms and conditions of these Terms and Conditions reasonably required in view of such circumstances. 

2.11 API Consumer shall, upon the request of the Bank, immediately destroy all Confidential Information of the Bank in its possession or control, by shredding or incineration of all documents and other material, which is in a physical form or irretrievably delete such Confidential Information recorded or stored by electronic means or otherwise, including all copies thereof and return physical documents if any and such that it cannot share or use the same  in future with any person or parties.

2.12 API Consumer agrees that it will not disclose, use, lecture upon or publish any of the Bank’s Confidential Information, unless the Bank expressly authorizes such disclosure in writing. API Consumer recognizes that all information created / accessed / processed by it, shall remain the sole property of the Bank and shall be returned to the Bank upon termination of these Terms and Conditions.

2.13 API Consumer agrees to be vigilant and to report any breach of this Clause, all violations of information security, any breaches in the security practices, control processes and checks of API Consumer and all suspected security events immediately to the Bank’s Information Security Group at security.incident@hdfcbank.com and shall also immediately intimate all the concerned representatives and employees of the Bank which interact with API Consumer on a regular basis of such violation. In case of any security breach observed by the Bank, the same should be intimated to API Consumer immediately so that the same can be rectified.

2.14 API Consumer further confirms and agrees that it shall at all times during the tenure of these Terms and Conditions:

  1. comply with the provisions of the Information Technology Act, 2000 and the applicable rules thereunder, including without limitation the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
  2. comply with all notifications, guidelines, circulars, issued by the RBI; and
  3. to monitor the security practices, control processes and checks in respect of any User Information and other Confidential Information received by the API Consumer, on a regular basis.

2.15 API Consumer shall ensure complete security of all User Information and shall be responsible thereof at all times when:

  1. the User Information is transmitted, whether permanently or temporarily, on or through the API Consumer’s systems or the systems of API Consumer’s agents, sub-contractors or representatives;
  2. the User Information provided by or collected from or for the Bank or the customers, is received by API Consumer (whether directly or through any agent, subcontractor and representative of API Consumer) or is transferred by API Consumer to the Bank.

API Consumer shall be solely liable for any breach of security, compromise, theft, modification and/or corruption of the User Information which occurs at the times specified in (a), and/or (b) above (“Data Compromise Events”), where the Data Compromise Event is the direct or indirect result of any act or omission of API Consumer. API Consumer hereby indemnifies and agrees to keep indemnified the Bank in respect of the Data Compromise Events in terms of the clause dealing with indemnity.

3Database Confidentiality, Non-Commercial Exploitation and Non-Solicitation

3.1 Except as may be explicitly and specifically required by the Bank in writing, API Consumer shall not by itself or through any person use any of the User Information in any manner including but not limited to: a) contact any of the customers in any manner; b) offer any products/ services of API Consumer itself or any other person; c) disclose, share, part with, allow any security breach/ lapse to occur which may lead to any such disclosure, sharing or parting with of the User Information to any other person.

3.2 Except as may be explicitly and specifically required by the Bank in writing, API Consumer, its employees/ agents/ representatives shall not by itself or through any person, whether manually or through any robotics: (i) build, try to build, manipulate, engineer, any database of customers, by using any part of the User Information; (ii) extract any information or combine any User Information with any other information available with API Consumer through other sources, so as to develop any customer preference or customer behaviour or any other analytics in any manner whatsoever; (iii) use in any manner any User Information (including after combining with any other data or information available to it from any other sources) or disclose/ sell/ transfer/ lease to any person, for any commercial exploitation of such data or customer database.

3.3 API Consumer agrees that API Consumer shall not, directly or indirectly:

  1. initiate, solicit or procure any negotiations or contacts with any of the customers that are designed or intended to induce, encourage, cause, or propose to, any such person to modify or terminate any agreement and/or other business relationship such person may have with the Bank;
  2. indulge in or approach any User for selling or cross-selling or otherwise seek to sell, any products and services of API Consumer or of any other person to any of the customers.

3.4 API Consumer further agrees and undertakes that API Consumer’s obligations under this shall commence on and from the date hereof and shall survive and be effective beyond the termination or early determination of these Terms and Conditions.

3.5 API Consumer acknowledges and agrees that any breach of these non-solicitation provisions may cause immediate, irreparable and continuing damage for which there is no adequate remedy at law and that in the event of any breach or violation or threatened breach or violation of these non-solicitation provisions, the Bank shall, without prejudice to its other rights hereunder or under law, be entitled to seek temporary, preliminary and permanent injunctive relief and such other legal and equitable remedies as may be provided by Applicable Law.

3.6 Nothing contained in sub-clauses above shall affect the information available with the API Consumer under the relationship which the API Consumer has with the person whose User Information is involved, if such information is available with API Consumer and such relationship exists, independent of: (i) the Bank’s relationship or proposed relationship with the Bank Customer and (ii) the User Information generated or derived only during or pursuant to or for the access to or use of the API Functionality.  

4Confidentiality

4.1 This clause shall survive the termination or expiry of these Terms and Conditions.

4.2 The API Consumer shall (and shall ensure that its employees, agents and subcontractors shall), during the term of this License and thereafter, keep confidential all, and shall not use for its own purposes (other than implementation of this License) nor without the prior written consent of the Bank disclose to any third party (except as may be required by any law or under an order of a court or any legal or regulatory authority or any other Authority) any, information of a confidential nature (including, Development Material, API Credentials, Bank Customer API Data, trade secrets and information of commercial value) which may become known to API Consumer from the Bank and which relates to the Bank or any of its Affiliates or any of its customers, unless, other than by breach of this License, that information is public knowledge or already known to such party at the time of disclosure or subsequently becomes public knowledge, or subsequently comes lawfully into the possession of such party from a third party. Development Material, API Credentials, Bank Customer API Data and User Information shall be deemed to be the Confidential Information of the Bank given by Bank to the API Consumer under the confidentiality obligations herein.

4.3 The API Consumer shall not make, or permit any person to make, any public announcement concerning these Terms and Conditions without the prior written consent of the Bank, except as required by law, any governmental or regulatory authority (including, without limitation, any relevant securities exchange), any court or other Authority of competent jurisdiction.

4.4 API Consumer shall not make any statement regarding its use of an API which suggests partnership with, sponsorship by, or endorsement by Bank, without Bank's prior written approval.

4.5 In the course of promoting, marketing, or demonstrating the APIs or the API Functionality, or that the API Consumer is using and the associated Bank products and services, Bank may produce and distribute incidental depictions, including screenshots, video, or other content from the Approved Consumer Applications, and may use API Consumer’s and it’s products’ names and other details. API Consumer grants the Bank all necessary rights for the above purposes.

4.6 API Consumer shall hereto protect all Confidential Information of the Bank and the customers which is in their possession. API Consumer shall not be entitled to store, access or utilise any User Information and/or information which may be provided/ made available by the customer and/or the Bank.

4.7 API Consumer hereby authorises the transfer by the Bank of any information relating to API Consumer, to and between the branches, subsidiaries, representative offices, affiliates, representatives, auditors and agents of the Bank wherever situated, for confidential use. For legal and regulatory purposes only or for any of the purposes under these Terms and Conditions, the Bank will also be entitled at any time to disclose any and all information concerning API Consumer within the knowledge and possession of the Bank to any party in connection with these Terms and Conditions, including inter alia information relating to a cause for termination of these Terms and Conditions.

4.8 Confidential Information will not include any information that (a) is or becomes generally known to the public through no fault of the receiving party or breach of these Terms and Conditions by the receiving party; (b) the receiving party can demonstrate, by written evidence, was rightfully in the receiving party’s possession at the time of disclosure, without any obligation of confidentiality; (c) is independently developed by the receiving party without use of or access to the disclosing party’s confidential information; or (d) the receiving party has rightfully obtained such information from a third party without having any duty of confidentiality in respect thereof and/or restriction on its use or disclosure; or (e) is required under Applicable Law or by any authority.

4.9 Notwithstanding anything to the contrary herein, all User Information whether encrypted/masked or not, shall be treated as Confidential Information under these Terms and Conditions.

4.10 API Consumer has no right (and shall not permit any third party) to copy, adapt, reverseengineer, decompile, disassemble, modify, adapt the Confidential Information or any part thereof.

4.11 API Consumer may disclose the Confidential Information or any part thereof, with the prior written consent of the Bank, to any employee who needs access to the Confidential Information in connection to these Terms and Conditions, in encrypted form. In such an event, API Consumer agrees to ensure, prior to such disclosure, that the employee in question is made aware of the confidential nature of the information and understands that the employee is bound by the conditions of secrecy no less strict than those set out here. API Consumer agrees to monitor the use of the Confidential Information by the employees and to enforce their obligations of confidence. In the event any employee breaches the confidentiality, it shall be treated as a breach by API Consumer for the purposes of these Terms and Conditions and API Consumer shall be liable for the same.

4.12 In the event that API Consumer violates or causes to be violated any of the provisions of this Clause during the term of these Terms and Conditions, the Bank shall, without prejudice to its other rights to claim injunctive relief, be entitled to claim from API Consumer, compensation to the tune of actual amount of damages as determined and supported by proof of evidence, by the Bank.

4.13 API Consumer shall, upon the request of the Bank, immediately return to the Bank all Confidential Information of the Bank in its possession or control, which is in a physical form or recorded or stored by electronic means or otherwise, including all copies thereof.

 

 

Schedule 5

1.Additional provisions applicable to API Remittance Instructions when API Remittance Instructions have been enabled for the API Consumer under the Addendum

1.1 The API Consumer is responsible for the accuracy and authenticity of the API Remittance Instructions provided to Bank and the Bank shall be entitled to consider the same to be sufficient. Bank shall not be required to independently verify the authenticity of any API Remittance Instruction received or purported to have been received from the API Consumer or purporting to have been sent by the API Consumer other than by means of verification of the Digital Signature affixed to such API Remittance Instruction(s) and the use of API Credentials. The Bank shall not be required to carry out any other authentication in the matter and Bank shall be entitled to presume that all API Remittance Instructions received by Bank and bearing the API Consumer’s Digital Signature have actually been given by the API Consumer. Without being obligated to do so, where the Bank considers the API Remittance Instructions to be inconsistent or contradictory it may seek clarification from the API Consumer before acting on any API Remittance Instructions or act upon any such API Remittance Instruction as it deems fit. Bank accepts no liability for erroneous or wrongful or un-authorised API Remittance Instructions/ information supplied by the API Consumer.

1.2 The Bank may, in its absolute discretion but without being under an obligation to do so, if it so desires, make further checks as to the authenticity of an API Remittance Instruction(s). Notwithstanding anything to the contrary contained in these Terms and Conditions, the Bank shall have the right to refuse to comply with the API Remittance Instructions for any reasons which it deems fit, and shall not be under any duty to assess the prudence or otherwise of any API Remittance Instruction.

1.3 The API Consumer agrees that Bank can act on any API Remittance Instructions given to the Bank through API Functionality including for deducting money from the API Consumer’s account.

1.4 While the Bank shall endeavour to carry out the API Remittance Instructions promptly, it shall not be responsible for any delay in carrying on the API Remittance Instructions due to any reason whatsoever, including due to failure of operational systems or any requirement of Law.

1.5 A transaction being carried out is not always simultaneous with an API Remittance Instruction being given. Some matters may take time to process and certain API Remittance Instructions may only be processed during normal banking hours even although the internet banking service may be accessible outside such hours. Further, Bank shall not be liable for any omission to make all or any of the payments or for late payments due to circumstances beyond its reasonable control.

1.6 The API Consumer irrevocably and unconditionally authorizes the Bank to access all its account(s) for effecting banking or other transactions performed by the API Consumer through the API Functionality by giving API Consumer Instructions. The API Consumer hereby requests and authorizes Bank to: (a) rely and act upon all API Consumer Instructions as instructions properly authorized by the API Consumer, even if they may conflict with any other mandate given at any time concerning the API Consumer’s accounts or affairs and (b) debit the API Consumer’s accounts with any amounts Bank has paid or incurred in accordance with any API Remittance Instructions.

1.7 Bank is not liable for any failure, delay or other shortcoming by any third party with whom the API Consumer may have accounts or otherwise when they are executing Bank’s instructions to them howsoever caused.

1.8 Service charges will be debited from the account(s) of the API Consumer if an API Remittance Instruction fails due to (i) the API Consumer not having sufficient unencumbered/ charged funds (or prearranged credit facilities) in its account for transactions comprised in any API Remittance Instruction; or (ii) the name of the API Consumer and/or one or more details required for effecting the payment not having been correctly provided by the API Consumer; or (iii) circumstances beyond Bank’s reasonable control. The amount of the charges will be available on the Bank’s web-site or may be intimated to the API Consumer through any other medium, as Bank may deem fit and the API Consumer shall keep itself updated of the same.

1.9 In case any API Remittance Instruction is not effected for any reason, the status of the same may be intimated by the Bank to the API Consumer in such manner as may be deemed fit by the Bank.

1.10 The API Consumer acknowledges that it shall not be entitled to cancel or modify the API Remittance Instructions. Bank shall not be held liable if it is unable to stop or prevent the implementation of the API Remittance Instructions if so requested by the API Consumer. Bank shall at its discretion, with prior intimation to the API Consumer, charge the API Consumer for cancellation or modification of the API Remittance Instructions, if any.

1.11 In case of any API Remittance Instruction relating to any foreign currency transaction made by the API Consumer, the exchange rates quoted by Bank, if any (whether through its web sites or otherwise), shall only be provisional and shall be subject to future variations in the exchange rate. The rate at which the transaction is given effect to would be the effective rate for all intents and purposes.

1.12 The API Consumer hereby agrees, undertakes and confirms that the API Consumer shall ensure that any payment required to be made by Bank pursuant to any API Remittance Instruction shall be for a lawful purpose and shall not constitute a breach or violation of any Applicable Law.

1.13 The API Consumer shall ensure that there are sufficient unencumbered/ charged funds (or prearranged credit facilities) in its account for transactions comprised in any API Remittance Instruction, and Bank shall not be liable for any consequences arising out of its failure to carry out the instructions due to inadequacy of funds and/or credit facilities provided always that Bank shall at its sole discretion, be entitled to carry out the instructions notwithstanding such inadequacy without seeking the prior approval from or notice to the API Consumer and the API Consumer shall be responsible to repay with interest at such rate and at such compounding intervals as the Bank may determine, the resulting overdraft, advance or credit thereby created and for all related to costs and charges. Bank will endeavour to effect funds transfer transaction comprised in the API Remittance Instruction subject to availability of sufficient funds in the relevant account of the API Consumer.

1.14 The API Consumer agrees that Bank can act on any API Consumer Instructions given to the Bank through API Functionality for deducting money from the API Consumer’s account.