Terms of Service

1. Acceptance and who can use APIblaze

These Terms of Service (the “Terms”) are a binding contract between you and APIblaze LLC, a Delaware limited liability company with its principal place of business in Birmingham, Michigan (“APIblaze,” “we,” “us,” or “our”). They cover your access to and use of the APIblaze website, dashboard, CLI, APIs, developer portal, and the gateway service we operate at apiblaze.com, abz.run, tryabz.run, and related subdomains (together, the “Service”).

By creating an account, clicking to accept, or using any part of the Service, you agree to these Terms. If you do not agree, do not use the Service.

You may use the Service only if you are at least 18 years old (or the age of majority where you live) and able to form a binding contract. If you use the Service for an organization, you represent that you are authorized to accept these Terms on its behalf, and “you” means that organization.

You also represent that you are not located in, or a resident of, a country or region subject to comprehensive U.S. sanctions, that you are not on any U.S. government restricted-party list, and that you will not use the Service in violation of U.S. export-control or sanctions laws.

2. What APIblaze is (and is not)

APIblaze is a managed API gateway. You point us at an API you control or are authorized to use (an “upstream”), and we put a configurable proxy in front of it. The proxy can add authentication, API keys, OAuth, identity and access management, rate limiting, request and response transforms, documentation, and a developer portal — without you having to change the upstream.

• You can create proxies by giving us an upstream URL or an OpenAPI specification, and reach them on a generated subdomain or a custom domain you connect.
• You can issue and revoke API keys, mint OAuth clients, and manage IAM users, groups, and scopes for the people and systems that call your proxies.
• You can invite teammates, organize work into teams, products, projects, and tenants, and review audit logs and (where you opt in) sampled traffic.

Unauthenticated and experimental proxies live on a separate sandbox domain (tryabz.run) that we treat as disposable. Authenticated, claimed proxies run on our production data-plane domain (abz.run). We may keep these planes separate, move workloads between them, or retire the sandbox domain to protect the rest of the Service.

APIblaze is plumbing. We do not own, operate, endorse, or vouch for the upstreams you connect or the data that flows through your proxies. We are not a party to your relationship with your own users, customers, or the operators of any upstream you point us at.

3. Your account, keys, and security

You are responsible for everything that happens under your account and for keeping your credentials, access tokens, and API keys secure. We store API keys only as one-way hashes and never log raw key values, so we cannot recover a key for you — if a key is lost or exposed, rotate it.

Tell us promptly at security@apiblaze.com if you believe your account or any credential has been compromised. You are responsible for activity conducted with your credentials until you notify us and we have a reasonable opportunity to act.

4. Your upstreams, your data, your responsibility

“Your Content” means everything you bring to or send through the Service: your upstreams and their responses, the requests your users make, your OpenAPI specs, configuration, domain names, branding, and any data in transit through your proxies. As between you and APIblaze, Your Content is yours.

Because the Service forwards traffic to destinations you choose, you — not APIblaze — are responsible for Your Content and for how it is used. You represent and warrant that:

• You own or have all rights, licenses, and permissions needed to proxy each upstream and to process the data that passes through your proxies.
• Your Content and your use of the Service comply with all applicable laws, including data-protection, privacy, consumer-protection, intellectual-property, and export laws.
• You have given any notices and obtained any consents required from your own end users for the data you route through, log in, or sample on the Service.
• Your use does not violate the terms of any upstream or third party, and you are responsible for honoring those terms.

You grant APIblaze a worldwide, non-exclusive, royalty-free license to host, copy, transmit, process, and display Your Content solely as needed to operate, secure, and improve the Service and to provide it to you. Where you opt into traffic sampling, that license extends to the limited, secret-stripped samples described in our Privacy Policy. We claim no other rights in Your Content.

5. Acceptable use

A gateway is a powerful thing to point at the open internet, so this section has teeth. We enforce it, and we built a dedicated abuse-protection system to back it up. You may not use the Service — or let anyone use it through you — to do any of the following:

• Attack, probe, scan, overwhelm, or send unsolicited or unauthorized traffic to any third party, including using a proxy for denial-of-service, credential stuffing, brute forcing, vulnerability scanning, or scraping that violates a target’s terms or the law.
• Reach systems you are not authorized to reach — including our own infrastructure, internal networks, cloud metadata endpoints, or any APIblaze service — or otherwise attempt server-side request forgery (SSRF) through a proxy.
• Proxy, host, or distribute malware, phishing or other deceptive content, content that sexually exploits minors, or anything illegal under applicable law.
• Create proxies in bulk or in rapid succession to evade limits, rotate identities, launder the origin of traffic, or disguise an abusive workload as ordinary use.
• Circumvent, disable, or interfere with rate limits, quotas, authentication, abuse detection, or any other security or fair-use measure.
• Register, request, or impersonate reserved names, APIblaze brands, or other parties, or otherwise mislead people about who operates a proxy.
• Reverse engineer, resell access to, or attempt to derive the source of the Service except to the limited extent that law makes such restriction unenforceable.
• Infringe anyone’s intellectual-property, privacy, or other rights, or violate any applicable law or regulation.

If you discover abuse of the Service — yours or someone else’s — report it to security@apiblaze.com.

6. Monitoring, enforcement, and suspension

To keep the Service safe and available, we operate automated and manual abuse controls. Among other things, we log metadata about proxy creation (including a hashed form of the creating IP address and the target host), apply per-key, per-user, per-proxy, and per-team rate limits and quotas, validate proxy targets against blocked destinations and known-malicious hosts, and watch for patterns like a single creator spinning up many proxies against the same target.

When we detect a violation, a credible risk, or abuse of the Service, we may — with or without notice, depending on severity — do any of the following:

• Apply, lower, or remove rate limits and quotas on your traffic.
• Disable or revoke API keys, disable individual proxies, or block specific targets.
• Suspend or terminate your account, your team, or any part of your use of the Service.
• Retire or “burn” a shared sandbox domain to protect other users, even if that affects non-abusive sandbox proxies.
• Preserve and disclose information where we reasonably believe it is necessary to comply with law, enforce these Terms, or protect the Service, our users, or the public.

We generally aim to detect and alert before we block, and to act proportionately. But for serious or ongoing abuse we will act immediately and without prior notice. We are not liable to you for any action we take in good faith to enforce these Terms or protect the Service.

7. Rate limits, quotas, and fair use

The Service applies rate limits and quotas at several levels, and we may add, change, or tighten them at any time to protect availability and prevent abuse. Limits exceeded will typically result in throttling (for example, HTTP 429 responses) rather than data loss, but we do not guarantee any particular capacity, throughput, or burst allowance. Do not design around the assumption that any limit is fixed.

8. Fees

Some features of the Service may be offered free and others for a fee. Where fees apply, we will make the price and billing terms available before you incur them. Unless stated otherwise, fees are charged in advance, are exclusive of taxes (which you are responsible for), and are non-refundable except where required by law.

We may change pricing on a going-forward basis with reasonable notice. If you do not agree to a price change, your remedy is to stop using the paid feature. Non-payment may result in suspension or termination of the affected features or your account.

9. Availability and changes to the Service

We work hard to keep the Service running, but we provide it on an “as available” basis and do not promise any specific uptime or service level unless we have agreed to one in a separate written agreement. The Service depends on third-party infrastructure and the upstreams you connect, which are outside our control.

We may add, change, suspend, or discontinue features at any time. Where a change materially reduces functionality you rely on, we will use reasonable efforts to give advance notice. We may also perform maintenance that temporarily affects availability.

10. Intellectual property

The Service, including its software, design, documentation, and the APIblaze name and marks, is owned by APIblaze and protected by intellectual-property laws. We grant you a limited, non-exclusive, non-transferable, revocable right to use the Service in accordance with these Terms. We reserve all rights not expressly granted.

If you send us feedback, ideas, or suggestions, you grant us a perpetual, irrevocable, royalty-free license to use them for any purpose without obligation to you. We are free to operate a business that resembles, competes with, or incorporates feedback similar to yours.

If you believe content on the Service infringes your copyright, send a notice with the details required by the DMCA to legal@apiblaze.com.

11. Third-party services and subprocessors

The Service runs on and integrates with third-party providers — for example infrastructure, hosting, rate-limiting, email, identity, and analytics vendors described in our Privacy Policy — and connects to the upstreams and integrations you choose. Those third parties are governed by their own terms, and we are not responsible for their acts, omissions, availability, or content. Your use of an integration may require you to accept that provider’s terms as well.

12. Disclaimer of warranties

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE,” WITH ALL FAULTS AND WITHOUT WARRANTY OF ANY KIND. TO THE FULLEST EXTENT PERMITTED BY LAW, APIBLAZE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ANY WARRANTY ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.

We do not warrant that the Service will be uninterrupted, secure, error-free, or free of harmful components, that any data will be preserved, or that the Service will meet your requirements. You are solely responsible for the upstreams you connect, the traffic you route, and your decision to rely on the Service. No advice or information you obtain from us creates any warranty not expressly stated here.

13. Limitation of liability

TO THE FULLEST EXTENT PERMITTED BY LAW, APIBLAZE AND ITS OWNERS, EMPLOYEES, AND SUPPLIERS WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, DATA, GOODWILL, OR BUSINESS, ARISING OUT OF OR RELATING TO THE SERVICE OR THESE TERMS, WHETHER IN CONTRACT, TORT, OR OTHERWISE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

OUR TOTAL LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THE SERVICE OR THESE TERMS WILL NOT EXCEED THE GREATER OF (A) THE AMOUNTS YOU PAID US FOR THE SERVICE IN THE 12 MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM, OR (B) ONE HUNDRED U.S. DOLLARS (US$100).

These limitations are a fundamental basis of the bargain between you and APIblaze and apply even if a limited remedy fails of its essential purpose. Some jurisdictions do not allow certain exclusions, so some of the above may not apply to you; in that case our liability is limited to the smallest amount permitted by law.

14. Indemnification

You will defend, indemnify, and hold harmless APIblaze and its owners, employees, and suppliers from and against any claims, damages, liabilities, losses, and expenses (including reasonable legal fees) arising out of or relating to: (a) Your Content and the upstreams you connect; (b) your use of the Service; (c) your violation of these Terms or any law; (d) your violation of the rights of any third party, including any upstream operator or your own end users; or (e) any dispute between you and a third party. We may assume the exclusive defense of any matter subject to indemnification, in which case you will cooperate with us.

15. Termination

You may stop using the Service and delete your account at any time. We may suspend or terminate your access at any time if you violate these Terms, create risk or legal exposure for us, or as otherwise described here. We may also discontinue the Service or any account on reasonable notice.

On termination, your right to use the Service ends and we may delete your data and proxies. We are not obligated to retain or return Your Content after termination, so export anything you need first. Sections that by their nature should survive — including ownership, disclaimers, limitation of liability, indemnification, and the governing-law and dispute terms — survive termination.

16. Governing law and dispute resolution

These Terms are governed by the laws of the State of Michigan, without regard to its conflict-of-laws rules, and the U.N. Convention on Contracts for the International Sale of Goods does not apply.

Most disputes can be resolved without a lawsuit, so before filing anything you agree to first contact us at legal@apiblaze.com and try in good faith to resolve the dispute informally for at least 30 days.

If that does not resolve it, you and APIblaze agree that any dispute arising out of or relating to these Terms or the Service will be resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules, seated in Oakland County, Michigan (or conducted remotely). The arbitrator decides everything except that disputes about the scope or enforceability of this arbitration agreement go to a court. Either party may instead bring an individual claim in small-claims court if it qualifies.

TO THE EXTENT PERMITTED BY LAW, DISPUTES WILL BE BROUGHT ONLY IN AN INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY CLASS, COLLECTIVE, OR REPRESENTATIVE PROCEEDING. YOU AND APIBLAZE WAIVE THE RIGHT TO A JURY TRIAL.

You may opt out of this arbitration agreement and class-action waiver by emailing legal@apiblaze.com within 30 days of first accepting these Terms, stating your name and that you opt out. If you opt out, or if this section is held unenforceable, disputes will be resolved exclusively in the state or federal courts located in Oakland County, Michigan, and you and APIblaze consent to personal jurisdiction and venue there.

17. Changes to these Terms

We may update these Terms from time to time. If we make material changes, we will update the date below and, where reasonable, give additional notice. Changes take effect when posted, and your continued use of the Service after that means you accept the updated Terms. If you do not agree, stop using the Service.

18. General

These Terms, together with our Privacy Policy and any terms we present for specific features, are the entire agreement between you and APIblaze about the Service and supersede any prior agreements. If any provision is found unenforceable, it will be limited or severed to the minimum extent necessary and the rest remains in effect. Our failure to enforce a provision is not a waiver. You may not assign these Terms without our consent; we may assign them, including in connection with a merger, acquisition, or sale of assets. Neither party is liable for delays or failures caused by events beyond its reasonable control. Notices to you may be given through the Service or by email; notices to us go to legal@apiblaze.com.

19. Contact

Questions about these Terms? Get in touch.