1. Purpose
This Acceptable Use Policy governs how you may use APIMesh APIs. Our APIs interact with external websites and services on your behalf, which means your usage affects third parties. Use them responsibly.
2. Prohibited Uses
- Unauthorized port scanning or vulnerability scanning of targets you do not own or have written permission to test
- Using APIs to conduct distributed denial-of-service (DDoS) attacks or overload target websites
- Scraping websites beyond what their robots.txt permits
- Credential stuffing, brute force attacks, or password spraying via our APIs
- Circumventing rate limits through multiple accounts, rotating API keys, or automated retry floods
- Reselling raw API access (proxying APIMesh endpoints to your own customers)
- Any activity that violates applicable laws in your jurisdiction
3. Security API Specific Rules
APIMesh includes security-focused APIs (security headers, vulnerability scanning, etc.). These tools exist for defensive purposes:
- Only scan domains you own or have explicit written authorization to test
- Follow responsible disclosure practices for any vulnerabilities found
- Do not weaponize API results for offensive security operations
- Report any APIMesh vulnerabilities to abuse@apimesh.xyz
4. Rate Limits
All APIs have published rate limits. Please:
- Respect the published limits for each endpoint
- Implement exponential backoff on 429 responses
- Do not create multiple accounts to multiply rate limits
- Contact support@apimesh.xyz if you need higher limits
5. Enforcement
- First offense: Warning via email with details of the violation
- Second offense: 7-day account suspension
- Third offense: Permanent account termination
- Severe violations (DDoS, illegal activity): Immediate permanent termination
No refund or credit is issued upon termination for cause.
6. Reporting Abuse
If you believe someone is misusing APIMesh APIs, report it to abuse@apimesh.xyz. We aim to acknowledge all reports within 48 hours.