Thank you for joining our developer portal. Our APIs are made available via this Sandbox environment, subject to certain terms and conditions. We have summarised the main conditions below.
- Any references to APIs within this document refer exclusively to those available within the non-production Sandbox environment.
- For use in a production environment, other conditions may apply.
- Please use our services safely and in good faith and without harming SMBC or others.
- Respect the provided content, our brands and capacity.
- Use of the APIs is at your own risk. We can only accept limited warranties/liabilities to provide you this service.
- Sometimes the service may not be fully available, because we may have to maintain and modify the portal.
- We may request additional information about you or your application for operational and security purposes, while respecting your privacy and your intellectual property rights in the Application.
1. Registration and acceptance
1.2 Additional registration information - For the use of certain APIs, we may require you to provide additional information or (legally required) certificates, or to agree to additional terms and conditions for specific APIs.
1.3 Notification of your amendments - You will immediately notify us about any amendments in your submitted information by using the “Contact Us” link including, for example, a withdrawal of a certificate.
2. Use of Credentials (for access to Developer Portal and API)
2.1 Environment - The API Keys are provided to enable you to use the API Services within our Sandbox environment.
2.2 Due care in relation to credentials for access to the developer portal and API - After registration of an Application, you receive an API Key and a corresponding secret (the API Keys) for each Application. You will keep the API Keys secret from others and use them with due care and only for your Application. You will never rent, sell, sublicense, encumber, publish on any public media or commercially distribute the API Keys to any third parties.
3. Use of the APIs
3.2 Technical requirements - You may only use the API Services if you fulfil the technical requirements specified for the applicable API. You will make reasonable efforts to avoid any technical problems, unauthorised access and security incidents, including the use of updated virus scanners.
3.3 Non-permitted use - While using the API Services, you will not:
- violate the law, including any intellectual property or other rights of SMBC or others;
- use the API Services in a way that causes SMBC to be in violation of any law;
- hinder or damage the accessibility, functioning or security of our developer portal, API gateway or the API Services;
- negatively affect SMBC’s business activities or reputation; or
- perform any security test (e.g. pen-testing), performance tests (e.g. load-testing), stress tests or similar tests on the API Services or API facilities.
3.5 Modification - We are entitled at any time to modify or amend the APIs, the developer portal and our API Services. Significant modifications relevant to you may be communicated on the website or by email.
3.6 Limit on API calls - We may limit your amount of API calls for technical and/or security reasons.
3.7 Monitoring - Subject to Section 10 (Personal data), we may monitor your use of APIs for the following purposes:
- to prevent fraud;
- to avoid congestion problems;
- to perform, evaluate and improve our APIs and API Services;
- if we have reasonable suspicion of fraud, misuse or any other violation of the law regarding your use of the API Services.
3.8 Audit - We are entitled to audit your use of the API Services in your Application in a proportionate way:
- if we have reasonable suspicion of fraud, misuse or any other violation of the law regarding your use of the API Services; and
- to satisfy regulatory and legal obligations.
3.9 Availability - We will make reasonable efforts to ensure the availability of the API Services. However, we are not under an obligation to provide you with a certain result or warrant availability of the API Services for a certain period of time.
3.10 Technical support - We assume a certain level of IT competence and these API services are intended for use only by registered or prospective Third Party Providers (TPPs). We are not under an obligation to provide you with a certain result or to reach certain service levels, unless explicitly indicated otherwise. We will only support authorised TPPs and prospective TPPs at our absolute discretion.
3.11 Maintenance - In order to provide our developers with an optimal experience, we need to regularly maintain and update our developer portal. Such maintenance and/or updates will be announced on our website or by email in advance. This means our services may not be available for a certain limited period of time. You are never entitled to any compensation or damages for the unavailability of our services during these preannounced maintenance activities.
4.1 Confidential Information - Any of our non-public communication disclosed to you regarding the API Services is considered to be confidential information (Confidential Information), unless stated otherwise. You will at all times (whether or not you continue to use the API Services):
- only use Confidential Information received for the purpose it was provided to you;
- prevent disclosure of Confidential Information to third parties; and
- restrict the circulation of Confidential Information only to persons that have a need to know the information for use of the APIs.
4.2 Exceptions - The obligations in this Section 4 do not apply if the Confidential Information:
- can be proven to have been known and on record at the receiving party prior to the first disclosure of the Confidential Information, with the exception of any Confidential Information that was prepared for or on behalf of the disclosing party; or
- can be proven to have been independently developed.
4.3 Feedback - If you communicate to us any comments, ideas, suggestions or other feedback (Feedback) regarding the API Services, we are entitled to use your Feedback free of charge, worldwide and without any other restriction in order to improve our APIs, developer portal or API Services.
4.4 Website communication - We take reasonable efforts to ensure the accuracy and integrity of our information, documentation and related materials provided on the developer portal website, but misprints, typing errors, miscalculations or other errors appearing on the developer portal are reserved.
5. Use of the Sandbox environment & data
5.1 Only for testing - You will use the Sandbox environment only for testing purposes. SMBC will only make available dummy data via the Sandbox environment. SMBC will never present customer data within the Sandbox.
5.2 Sandbox Data - You will not present dummy data that SMBC returns to the developer app as actual SMBC customer data
5.3 Data restrictions - Only dummy data may be used in the Sandbox.
6. Use of the Content
6.1 Licence on the Content - Unless stated otherwise, you will receive a non-exclusive, worldwide, reversible, non-transferable, non-assignable, non-sublicensable, royalty-free licence on any data, texts, images, drawings, functionality or other information, materials or content (the Content) you receive through the APIs under the restrictions in this Section 6.
6.2 Open source - Certain aspects of the API Services may contain open source materials which are governed by applicable open source licence conditions. You agree to comply with such open source licence conditions if necessary.
6.3 No modification of Content - You are not allowed to modify any Content without our prior written consent, unless this is allowed for by law.
6.4 Restricted use - You are not permitted to use our tradenames, logos, trademarks, look and feel, corporate identity elements, domain names or other brand features.
6.5 Restricted caching/storing - You will not index, cache or store any Content, unless this is technically necessary and only if such storage:
- is secure in accordance with common industry standards;
- is in accordance with applicable laws; and
- is temporary, and where the Content must also be deleted as soon as possible if it is not necessary any more for its original purpose.
6.6 No bulk storage/mass downloads - You will never store the Content for commercial, non-technical purposes, including mass downloads of any Content, the creation of a database, big data or analytical purposes.
7. Your Application
7.1 Ownership - You will own the intellectual property in your Application.
7.2 Additional requests - We may request you to provide us with additional information and/or images about your Application for promotional, technical, compliance or security purposes. You will comply with such requests.
7.3 Access/testing - We are entitled to get access to and/or test your Application, if this is necessary for technical, security or compliance reasons.
8.2 No active use - If you have not logged on to, or otherwise used your account or API Keys actively for a period of time, we may deactivate or terminate your registration.
8.3 Consequences of termination - Termination has the following consequences:
- we will block your API Keys; and
- we will block your access to the development portal.
9.1 Responsibility - Use of the API Services is at your own risk. You will be fully responsible for the development, functioning, maintenance and service of your Application.
9.4 Exclusion of liability - Excluded from liability are any indirect, consequential damages and punitive damages, loss of goodwill and reputation, future sales or business profits, whether such claim is based on warranty, contract, unlawful act or otherwise, even if we have been advised of the possibility of such damages. Under “indirect damages” we understand any and all damages which are not directly related to the functioning of our APIs and API Services.
9.5 Indemnity - You agree to indemnify, defend and hold harmless SMBC and its affiliates, and the respective officers, directors, employees and agents of SMBC and its affiliates, from and against all losses, liabilities, damages, fines, demands, suits, causes of action, judgments, costs or expenses (including, without limitation, court costs and legal fees) arising from:
- any breach by you of any applicable law or regulation;
- any security breach originating in the information technology systems operated by you;
- any third party claims for loss or damage of any nature arising out of your use of the API Services.
10. Personal data
10.1 Your data compliance - You will comply with any applicable legislation regarding personal data.
10.2 Our data compliance - We will process your personal data in accordance with the applicable data protection legislation, and have taken appropriate technical and organisational security measures to protect your personal data.
10.3 Data purposes - We may use your personal data for the following purposes:
- for identification and verification purposes;
- to provide you with the API Services, and to perform the API Services;
- for fraud detection and prevention;
- to evaluate and improve our API Services;
- to send you news and updates regarding our developer portal;
- to ensure compliance with applicable laws and requests of regulators.
10.4 Notification of security incident - If you notice any problems or security incidents during use of the API Services, you will notify us immediately at the “Contact Us” link
10.5 Contact about personal data - If you have any questions or requests regarding the use, correction or deletion of your personal data, you can “Contact Us” using this link
12. Governing law and jurisdiction