Commerce API Terms

By accessing or using any Commerce API, you agree to these Commerce API Terms (“API Terms”). These API Terms are governed by, incorporated into, and form an integral part of the Commerce Partner Agreement (“Partner Agreement”). Capitalized terms used but not defined herein have the meaning ascribed to them in the Partner Agreement.

  1. API License and Use
    1. Grant. Subject to your full compliance with these API Terms and the Partner Agreement, Commerce grants you a limited, revocable, non-exclusive, non-transferable, non-sublicensable license to use and access the APIs solely to develop, implement, operate, and support your App in connection with the Services. No implied licenses or rights are granted except as expressly stated herein.
    2. Compliance. You agree to use the Commerce APIs exclusively for developing, operating, or enhancing applications or services integrated with Commerce Services, in strict compliance with applicable laws, these API Terms, and the Partner Agreement.
    3. API Credentials. You must maintain your API Credentials in strict confidence and ensure their security at all times, taking reasonable precautions to prevent unauthorized access or disclosure. API Credentials may not be embedded or distributed within open-source or publicly accessible projects.
  2. API Restrictions. You must not:
    1. Share, sublicense, or transfer API Credentials without express permission.
    2. Exceed or circumvent API usage limits established by Commerce.
    3. Reverse engineer, decompile, or attempt to extract source code from the APIs.
    4. Introduce malicious software through your App.
    5. Use APIs for illegal, fraudulent, or unauthorized activities.
    6. Utilize APIs in applications where failure could cause death, injury, or environmental harm.
    7. Use APIs primarily to facilitate Customer migration away from Commerce.
    8. Process or manage data subject to the International Traffic in Arms Regulations (ITAR) or health data regulated by HIPAA without explicit prior written authorization from Commerce.
    9. Engage in activities unrelated to the Services (e.g., cryptocurrency mining).
    10. Remove, obscure, or alter any Terms of Service, links, or related notices.
  3. Custom Apps. You may not make Custom Apps available to or for use by more than one Customer. For the avoidance of doubt, this means that Custom Apps may not be installed by, or provided to, more than one Customer, regardless of whether those Apps are hosted privately, provided through direct installation, or customized for a specific Customer’s use. Additionally, you may not create or distribute multiple Custom Apps that are substantially similar in functionality or core features, even if such Apps are modified or branded individually for separate Customers. Commerce may, in its sole discretion, determine that such Custom Apps constitute a single Public App, or multiple Public Apps, and require compliance with the applicable terms for Public Apps. In the event of any breach of this Section, and in addition to all other rights and remedies available to Commerce under these API Terms, the Partner Agreement, or applicable law, Commerce may: (a) immediately terminate or suspend some or all of your rights under these API Terms or the Partner Agreement, and (b) reclassify one or more of your Apps as Public Apps and enforce the associated obligations retroactively and prospectively.
  4. Monitoring and Usage Limits. Commerce may monitor your API usage to maintain security and verify compliance with these API Terms. You must not interfere with this monitoring, and Commerce may immediately suspend your API access if violations or threats to Commerce’s systems are detected. Commerce retains sole and absolute discretion to establish, modify, and enforce API usage limits, including determining what constitutes excessive or abusive use. You will not attempt to exceed or circumvent limitations on access, calls, and use of the APIs, or otherwise use any API in a manner that exceeds reasonable request volumes, constitutes excessive or abusive usage, or fails to comply, or is inconsistent with, any applicable Commerce documentation, these API Terms, or the Partner Agreement. You must fully cooperate and promptly remedy identified non-compliance.
  5. Data Handling and Security. Your data handling obligations under these API Terms supplement Section ‘Data Protection’ of the Partner Agreement. Specifically, you must:
    1. Collect and store only minimal necessary Shopper Data, excluding Sensitive Personal Information.
    2. Store and transmit Shopper Data securely using industry-standard encryption.
    3. Promptly sync relevant Shopper and order data to the applicable Customer Store via authorized BigCommerce methods.
    4. Immediately notify Commerce upon discovering any security breach involving API-related Shopper Data, promptly disconnect intrusions, and fully cooperate in breach investigation and remediation.
    5. Not publicly disclose security breaches without prior written consent from Commerce unless legally required.
  6. Data Use. Data delivered or otherwise made available to you in the form of an API response is Customer Data. Unless otherwise expressly agreed by you and a Customer in writing, (a) you may only use Customer Data to provide your App to the applicable Customer, and (b) you may not use Customer Data for your own business purposes, and for example, you cannot aggregate and anonymize Customer Data to improve your services.
  7. MCP API Terms. If Commerce makes available an API utilizing the model context protocol to support agentic or multi-agent shopping experiences (the “MCP API”), the following additional terms apply:
    1. Automated Outputs. The MCP API may produce automated outputs, including product recommendations, decision trees, or agentic logic intended to guide Shopper behavior. Such outputs are provided for informational purposes only. Commerce makes no warranty as to their accuracy, completeness, or suitability, and Partner is solely responsible for validating any MCP API outputs prior to use in any Customer- or Shopper-facing context.
    2. Responsibility. Partner is solely responsible for any autonomous or semi-autonomous actions taken by systems, agents, or interfaces that utilize or integrate the MCP API. Commerce disclaims all liability for any resulting decisions, transactions, or downstream effects. Partner must ensure that appropriate guardrails, safety checks, and user-facing disclosures are in place when deploying agentic functionality.
    3. Restricted MCP Data Use. Data accessed or generated via the MCP API (“MCP API Data”) may include highly contextual or behavioral information. In addition to the restrictions in Section ‘Data Use’ above, Partner may use MCP API Data solely to facilitate the intended agentic shopping experience for the applicable Customer. Use of such data for profiling, analytics, resale, or any other unrelated commercial purpose is prohibited without Commerce’s prior written consent.
    4. Outputs. The MCP API may incorporate or rely on artificial intelligence or machine learning technologies that evolve over time. Commerce does not guarantee the consistency, accuracy, or completeness of AI-generated outputs. Partner assumes all responsibility for reviewing and governing any such outputs used in its applications.
    5. Prohibited Use Cases. The MCP API may not be used in applications where autonomous outputs could expose users to material harm, including financial loss, discriminatory outcomes, or reputational damage. This includes, without limitation, use in regulated or sensitive domains such as healthcare, credit underwriting, insurance, or legal services, unless expressly authorized in writing by Commerce.
    6. Transparency. Unless otherwise approved by Commerce in writing, Partner must clearly disclose when product recommendations, decisions, or outputs are generated or facilitated by the MCP API, particularly when displayed to Shoppers or Customers. Commerce reserves the right to require branding or attribution in connection with such uses.
    7. Customer Authorization. Partner represents and warrants that it has obtained, and will maintain, all necessary rights, consents, and approvals from the applicable Customer(s) to access and use MCP API Data. Partner shall not use the MCP API in connection with any Customer without valid authorization. Commerce disclaims all liability for unauthorized access to or use of MCP API Data by Partner or its systems. Partner agrees to indemnify and hold Commerce harmless for any claims, losses, or liabilities arising from its failure to obtain or maintain proper authorization.
  8. API Updates and Previews. Commerce may modify or discontinue API features with reasonable advance notice. You must implement any updates promptly and at your own expense. Commerce may offer API features identified as ‘beta’ or ‘preview’ (“Preview APIs”). Preview APIs are provided "as-is," without warranties of any kind. Your use of Preview APIs is subject to the confidentiality obligations set forth in the Partner Agreement.
  9. Suspension and Termination. Commerce may immediately suspend or terminate your API access if you violate these API Terms or the Partner Agreement, or if your usage poses any security or technical risks to Commerce systems, Customers or Shoppers. Suspension or termination of your API access does not relieve you of your obligations under the Partner Agreement. Upon termination of your access to an API, you must immediately cease API usage and delete any cached or stored content related to the API. Commerce may independently notify any account owner whose account(s) are associated with your App and developer credentials to provide notice of the termination of your right to use an API. Any breach of these API Terms constitutes a material breach of the Partner Agreement.