Legal
API & Developer Terms
The terms for programmatic use of secapi.ai across the REST API, MCP tools, and SDKs. They supplement the Terms of Service.
Overview
These API & Developer Terms govern how you build on secapi.ai.
These API & Developer Terms supplement and are incorporated into the secapi.ai Terms of Service operated by Arcade Group, Inc. (operating as secapi.ai). They apply to the REST API, MCP tools, SDKs, and any other programmatic interface to the service. Where these terms conflict with the general Terms for programmatic use, these terms control.
- Version 1.0 · Effective June 19, 2026.
- Endpoint-specific limits, request shapes, and examples live in the API reference at docs.secapi.ai.
API keys and credentials
Your API keys are bearer credentials — protect them and own their use.
API keys authenticate requests on your behalf. You are responsible for keeping them secret and for all activity under your keys.
- Do not embed secret keys in client-side code, public repositories, or shipped binaries; use server-side storage or a secrets manager.
- Rotate keys you believe are exposed, and notify us promptly at security@secapi.ai if you suspect compromise.
- We may rotate or revoke credentials if we reasonably believe they are compromised or being misused.
Rate limits, quotas, and fair use
Stay within your plan's limits and don't engineer around them.
Each plan has request-rate limits and usage quotas enforced per API key. Requests beyond your limit receive an HTTP 429 response with retry guidance; sustained overage may be throttled or billed according to your plan.
- Do not bypass, or attempt to bypass, rate limits or quotas, including by sharding work across multiple accounts or keys to act as a single application.
- Implement reasonable backoff and retry on 429 and 5xx responses; do not hammer the service in a tight loop.
- Current rate limits and plan quotas are shown on the pricing page and in your account; higher limits are available on paid and commercial plans.
Caching, storage, and redistribution
Cache internally for performance — don't become a public mirror.
You may cache and store responses internally to support performance, reliability, and your product's functionality, consistent with your plan and the Terms.
- Do not maintain a public cache, replay layer, or mirror of secapi.ai responses, and do not redistribute output as a standalone feed, API, or bulk export.
- Do not retain proprietary secapi.ai enrichments in bulk longer than needed for your permitted use, especially where freshness or correction matters.
- Reasonable, plan-consistent internal caching that reduces load is encouraged.
Versioning, deprecation, and changes
We version the API and give notice before breaking changes.
We may add capabilities, fix defects, and evolve the service. We aim to make backward-compatible changes within a major version and to give reasonable advance notice before removing or materially changing a stable endpoint.
- Additive changes (new fields, new endpoints) can ship at any time; build clients that tolerate unknown fields.
- We will provide reasonable notice of deprecations through the changelog and, where appropriate, direct communication.
- Beta or preview features may change or be withdrawn and are excluded from any uptime or support commitments.
Attribution and acceptable integration
Build products with independent value, and keep provenance legible.
Your integration must add material, independent functionality beyond exposing the service or its output through another interface. When you display filing-derived data, keep its provenance clear and do not imply SEC or secapi.ai endorsement.
- Attribute secapi.ai in a commercially reasonable way where you materially rely on its data in an external-facing product.
- SEC and EDGAR are trademarks of the U.S. Securities and Exchange Commission; secapi.ai is independent and not affiliated with or endorsed by the SEC.