API Terms
These terms are informational until approved by Preventos Informatics Oy.
This draft describes the intended expectations for third-party use of Preventos public APIs. It is not final legal language and should be reviewed before being treated as binding terms.
Permitted API use
Preventos public APIs are intended for authorized customer, partner, and third-party integrations that read measurement data, synchronize approved datasets, or support operational reporting for water infrastructure services.
Integrations should use the API only for the environments, sites, signals, and time ranges made available to the authenticated application. Do not attempt to bypass access controls, enumerate unauthorized data, or use the API for purposes that conflict with customer agreements or Preventos instructions.
Authentication and credential handling
Each integration must authenticate with the credentials provided or approved by Preventos. Client secrets, certificates, private keys, subscription keys, and access tokens must be protected from unauthorized access.
Do not store credentials in source control, public repositories, request examples, logs, exported batch files, or support tickets. Rotate credentials before expiry and report suspected credential exposure promptly.
Customer and measurement data responsibilities
Measurement data may include operationally sensitive information about customer assets. Integrations should process, store, and transmit API data only for the agreed purpose and with appropriate technical and organizational safeguards.
Third parties are responsible for any downstream systems, exports, automations, or users that receive data through their integration. Data should not be shared onward unless the customer and Preventos have authorized that use.
Availability, rate limits, and changes
Preventos may apply request limits, fetch-size limits, maintenance windows, or other protections to keep services reliable. Integrations should handle retries, backoff, partial failures, and API changes gracefully.
Preventos may update endpoints, response fields, authentication requirements, or integration guidance. Material changes should be reflected in this documentation when available.
Security incident reporting
Report suspected credential exposure, unauthorized access, data leakage, or API misuse to Preventos as soon as possible.
Include the affected application, approximate time window, suspected data scope, and any relevant logs that do not reveal secrets.
Contact and policy references
For API access, integration questions, or security reports, contact info@preventos.fi.
For website privacy information, see the Preventos Privacy Policy.