API Terms

1. Scope

These API Terms apply to Makr3D API keys, webhooks, order-source integrations, CSV or automated imports, internal app integrations and any automated use of Makr3D systems.

2. Permission to use the API

Makr3D may provide API access to approved sellers and partners. API access is not guaranteed, transferable or permanent. We may set eligibility criteria, require onboarding, require payment status checks, limit endpoints, restrict scopes, set quotas, disable beta endpoints, rotate keys, or revoke access.

3. Keys, secrets and credentials

You must:

• keep API keys, webhook secrets, OAuth tokens and connected-store credentials secret;
• use separate keys for production, staging, development and third-party tools where available;
• rotate keys promptly if a person leaves, a tool is compromised or a key may be exposed;
• not embed secret keys in client-side code, public repositories, mobile apps or screenshots;
• notify Makr3D promptly of suspected compromise or unauthorised use.

4. Rate limits and fair use

We may apply rate limits, concurrency limits, job limits, file-size limits, storage limits, webhook limits, endpoint-specific limits and anti-abuse controls. We may throttle, queue, reject or delay requests to protect the platform, fulfilment operations, other sellers, providers or infrastructure.

5. Orders, quotes and production review

API-created quotes, order imports, Print options, price responses, shipping estimates, Print Intelligence results and validation responses are not final acceptance for production. Orders remain subject to payment, stock, rate-table checks, file checks, policy checks, product compliance, rights review, destination support and the team's production review.

6. Idempotency and retries

You must design integrations to handle retries, duplicate requests, network failures, timeouts, delayed processing, partial responses and eventual consistency. Use Makr3D idempotency features where provided. Do not repeatedly submit the same chargeable action without checking the latest order state.

7. Webhooks

Webhooks are best-effort operational notices. We may retry failed deliveries, skip stale events, pause endpoints, sign payloads, change retry schedules, redeliver events, or require endpoint verification. You must verify signatures where available, use HTTPS, respond promptly, avoid side effects before idempotency checks, and reconcile against the API because webhook delivery order is not guaranteed.

8. Integrations and order sources

If you connect Etsy, Shopify or another source, you authorise Makr3D to access the data needed to import paid orders, map listings, fetch buyer delivery data, create fulfilment records, write back tracking where supported, and maintain the connection. You are responsible for complying with the connected platform's developer, seller, marketplace, privacy and buyer terms.

9. Data protection

API use may involve buyer personal data. Sellers must have a lawful basis to send that data to Makr3D and must not send more personal data than needed for fulfilment. The Privacy Policy, Data Processing Addendum and Subprocessor List apply to API processing.

10. Prohibited API conduct

You must not use the API to:

• probe, scan, scrape, overload, benchmark without approval or reverse engineer Makr3D;
• bypass payment, production review, product compliance, policy or rate controls;
• submit malicious files, payloads, links or instructions;
• create orders for prohibited, infringing, unsafe or unlawful products;
• access another seller's data or credentials;
• misrepresent product category, destination, buyer data, rights or compliance status.

11. Availability and changes

We aim to keep the API available, but we do not guarantee uninterrupted access. We may change endpoints, schemas, fields, limits, authentication, versioning, webhooks, documentation or feature availability. Where feasible, we will give notice of breaking changes, but urgent security, legal, safety, provider or operational changes may happen without advance notice.

12. Audit, suspension and termination

We may log API use, investigate suspicious activity, require remediation, suspend endpoints, rotate keys, disable integrations, delete webhooks, pause orders or terminate API access for security, abuse, payment, legal, product compliance, IP, data protection, export, sanctions, carrier or operational reasons.

13. Support and documentation

Documentation, examples and sample payloads are provided for integration support and may not describe every edge case. You are responsible for testing your own integration, monitoring failures and reconciling orders before relying on API output for buyer promises.