API Terms of Service
These API Terms of Service (these “API Terms”) govern your access to and use of the application programming interfaces, webhooks, software development kits, and related developer tools (collectively, the “API”) made available by Calliope Labs Inc., a Delaware corporation, with its principal place of business at 80 SW 8th St, Ste 2000, Miami, FL 33130 (“Calliope AI,” “we,” “us,” or “our”).
These API Terms supplement, and form part of, Calliope AI’s Terms of Service (“ToS”), Acceptable Use Policy (“AUP”), Privacy Policy, and, where applicable, a Master Services Agreement (“MSA”) or Data Processing Addendum (“DPA”) executed between Calliope AI and your organization. By generating an API Key, sending an API request, or building an Application that calls the API, you (“Developer,” “you,” or “your”) accept these API Terms and represent that you have authority to bind any organization on whose behalf you act.
If you do not agree to these API Terms, do not access or use the API.
1. Definitions
Capitalized terms used but not defined herein have the meanings given in the ToS or MSA, as applicable. As used in these API Terms:
1.1 “API” means each application programming interface, webhook endpoint, and software development kit made available by Calliope AI from time to time, including without limitation interfaces for: (a) JunoHub workspace provisioning and lifecycle management; (b) notebook, kernel, file, and project management; (c) authentication and single sign-on integration (SAML, OIDC, SCIM); (d) usage, metering, and billing data retrieval; (e) outbound webhook event delivery; and (f) any future public developer interfaces published by Calliope AI.
1.2 “API Documentation” means the technical documentation, reference materials, sample code, and policies published at docs.calliope.ai (or a successor URL) describing the API, its endpoints, authentication, rate limits, error responses, and acceptable usage patterns. The API Documentation is incorporated into these API Terms by reference.
1.3 “API Key” means the secret credential (including OAuth client secrets, personal access tokens, and bearer tokens) issued by Calliope AI and used to authenticate API requests.
1.4 “Application” means any software, script, automation, agent, integration, plugin, extension, service, or system that you build, configure, or operate to access or interact with the API.
1.5 “Customer Data” has the meaning given in the ToS or MSA.
1.6 “Developer” means the individual or legal entity that accesses the API. Where the Developer acts on behalf of an organization, “Developer” includes that organization.
1.7 “End User” means any individual who interacts with an Application built by the Developer.
1.8 “Order Form” means an ordering document executed between Calliope AI and a customer that references the MSA and specifies subscribed services, quantities, and fees.
2. API Access and Eligibility
2.1 Account Requirement. Access to the API requires a valid Calliope AI account in good standing and, for programmatic access, one or more API Keys provisioned through the Calliope AI console or a successor mechanism.
2.2 Authority. You represent and warrant that (a) you are at least eighteen (18) years of age and competent to contract, (b) where you act on behalf of an organization, you have authority to bind that organization to these API Terms, and (c) your access to and use of the API does not violate any law, regulation, or third-party right applicable to you or your organization.
2.3 API Key Issuance and Scope. Calliope AI may issue API Keys per user, per organization, per Application, or per environment (e.g., production, staging). API Keys may be scoped to specific tiers of access — including, without limitation, read-only, read-write, and administrative scopes — based on your subscription tier, role, and the API Documentation. Calliope AI reserves the right to introduce, modify, retire, or further partition access tiers.
2.4 Revocation. Calliope AI may suspend, rotate, or revoke any API Key, in whole or in part and without prior notice, where Calliope AI reasonably determines that: (a) the Key has been compromised or is being used in violation of these API Terms, the ToS, or the AUP; (b) revocation is necessary to protect the security, integrity, or availability of the Platform or other customers; (c) the associated account is delinquent in payment; or (d) revocation is required by law or by Calliope AI’s contractual obligations to third parties. Where commercially reasonable and not prohibited by law, Calliope AI will notify affected accounts of revocation and its general basis.
2.5 Enterprise API Access. Where the Developer is an enterprise customer with a signed MSA, the MSA and any applicable Order Form govern the commercial scope of API access (including paid tiers, capacity, and SLAs). These API Terms apply to all operational, technical, and security matters not expressly addressed in the MSA or Order Form.
3. Permitted Uses
Subject to your continued compliance with these API Terms, the ToS, the AUP, and applicable law, you may use the API to:
(a) build, operate, and maintain Applications for your own internal business use;
(b) build, operate, and maintain Applications that serve your own End Users or customers, provided that — where such use is on behalf of paying third parties or external end users — you are subscribed to an enterprise plan that expressly permits such use, or your MSA otherwise permits it;
(c) automate legitimate workflows that are within the scope of your account, including provisioning, monitoring, backup, ETL, reporting, and observability tasks;
(d) access, retrieve, and process Customer Data belonging to your own organization (or, for service providers acting on behalf of a customer, that customer); and
(e) integrate Calliope AI services with other software, infrastructure, and identity providers in your environment, in each case consistent with the API Documentation.
4. Prohibited Uses
You shall not, and shall not permit any Application, agent, or third party to:
4.1 scrape, harvest, mirror, or bulk-export data through the API beyond data belonging to your own organization, or in volumes or patterns inconsistent with documented use cases;
4.2 reverse engineer, decompile, or otherwise attempt to derive Calliope AI’s proprietary algorithms, model weights, prompts, system designs, or business logic from API responses, latency patterns, or error messages;
4.3 use the API, API responses, telemetry, or any derivatives thereof to train, fine-tune, evaluate, distill, or otherwise develop machine-learning models or AI systems that compete with Calliope AI’s products;
4.4 circumvent, disable, or attempt to evade rate limits, quotas, billing meters, or other technical limitations of the API, including by rotating across multiple accounts, organizations, or API Keys to fragment usage;
4.5 disclose, sublicense, sell, transfer, or otherwise share API Keys with third parties (including contractors and affiliates) without Calliope AI’s prior written consent, except that you may store API Keys in secret-management systems used to operate your Application;
4.6 use the API to access, attempt to access, enumerate, or interact with any account, workspace, organization, or data other than that to which you have been explicitly granted access;
4.7 use the API to probe, scan, test, or attack the vulnerability of the Platform or any related system, except pursuant to Calliope AI’s published responsible-disclosure or bug-bounty program (if any) and within its express scope;
4.8 use the API in a manner that interferes with, degrades, or imposes a disproportionate load on the Platform or its underlying infrastructure;
4.9 use the API to send unsolicited communications, malware, phishing content, or content that violates the AUP;
4.10 misrepresent the source, ownership, or origin of API traffic, including by spoofing identifiers, headers, or authentication metadata; or
4.11 use the API in any manner that violates applicable export control, sanctions, privacy, or other laws and regulations.
Violation of this Section 4 is a material breach of these API Terms and may, in Calliope AI’s sole discretion, result in immediate suspension or revocation of API access without refund.
5. Rate Limits and Quotas
5.1 Default Limits. Rate limits and quotas apply per API Key, per organization, per endpoint, and/or globally, as documented in the API Documentation. As of the date of these API Terms, default published limits are:
- Standard tier: one hundred (100) requests per minute and ten thousand (10,000) requests per twenty-four-hour rolling window, per API Key;
- Enterprise tier: as negotiated in the applicable Order Form.
Current, authoritative limits are published at docs.calliope.ai/api/rate-limits and supersede any figure stated in these API Terms in the event of a conflict.
5.2 Enforcement. When you exceed an applicable rate limit, the API will return an HTTP 429 Too Many Requests response (or equivalent). You are responsible for implementing exponential backoff with jitter and respecting Retry-After headers. Repeated, sustained, or coordinated overage may result in throttling, key revocation, or account suspension.
5.3 Adjustments. Calliope AI may raise, lower, or restructure rate limits, quotas, and concurrency caps at any time. Where a change would materially reduce limits applicable to a paying tier, Calliope AI will provide at least seven (7) days’ notice through the API Documentation, in-product notice, or email to the account’s billing or technical contact.
5.4 Burst and Sustained Patterns. Calliope AI may apply additional protections (including circuit breakers, queueing, and load shedding) to protect Platform stability. Such protections are not limitations on Calliope AI’s rights under Section 4 or this Section 5.
6. Authentication and Security
6.1 Transport Security. All API calls must be made over HTTPS using TLS 1.2 or higher (TLS 1.3 recommended). Calliope AI may discontinue support for deprecated cipher suites or protocol versions with reasonable notice.
6.2 Key Hygiene. You shall:
(a) treat each API Key as a high-value secret;
(b) store API Keys exclusively in secure secret-management systems (e.g., AWS Secrets Manager, HashiCorp Vault, GCP Secret Manager) and never in plaintext within source code, build artifacts, container images, mobile applications, browser code, public repositories, log files, support tickets, screenshots, or shared messaging tools;
(c) rotate API Keys on a regular cadence and immediately upon any actual or suspected compromise, departure of personnel with access, or change in scope; and
(d) limit issuance of API Keys to the minimum number of users, services, and environments necessary.
6.3 Compromise Reporting. You shall report any actual or suspected compromise of an API Key — including accidental publication to a public repository — promptly, and in any event within twenty-four (24) hours of discovery, to security@calliope.ai. Calliope AI may, in its discretion, revoke compromised Keys immediately.
6.4 Allocation of Risk. Except to the extent caused by Calliope AI’s failure to issue, transmit, or store Keys securely on its side, Calliope AI is not liable for unauthorized access, use, or charges resulting from compromised, mishandled, or improperly disclosed API Keys, and you remain responsible for all activity conducted under your API Keys.
6.5 Webhooks. Where you configure outbound webhooks, you are responsible for: (a) verifying webhook signatures using the shared signing secret documented in the API Documentation; (b) operating webhook receivers over HTTPS with valid certificates; (c) handling replays, retries, and out-of-order delivery; and (d) securely handling any Customer Data delivered in webhook payloads.
7. Versioning and Deprecation
7.1 Versioning Scheme. The API is versioned using major versions (e.g., v1, v2). Calliope AI may introduce minor revisions within a major version that add fields, endpoints, or capabilities without breaking compatibility.
7.2 Breaking Changes. A “Breaking Change” means any change that, in Calliope AI’s reasonable judgment, may cause a properly written, conformant Application to fail or to behave materially differently, including: (a) removal or rename of an endpoint, parameter, header, field, or enum value; (b) introduction of a new required parameter on an existing endpoint; (c) a change to a response schema that breaks documented parsing assumptions; (d) a change to authentication, authorization, or scope semantics; or (e) a change to error codes or HTTP status conventions.
7.3 Notice Periods. Calliope AI will provide:
- At least six (6) months’ notice for Breaking Changes within the current major version;
- At least three (3) months’ notice for non-breaking deprecations (e.g., field removal in a subsequent major version, replacement of a recommended pattern); and
- At least twelve (12) months’ overlap of any newly-released major version with the immediately preceding major version, before the prior version is sunset.
7.4 Security and Legal Exceptions. Notwithstanding Section 7.3, Calliope AI may make Breaking Changes on shorter or no notice where reasonably necessary to: (a) address a security vulnerability; (b) comply with applicable law, court order, or regulatory directive; or (c) respond to an upstream change by a third-party service provider that is outside Calliope AI’s reasonable control. Where commercially reasonable, Calliope AI will notify affected accounts and publish a migration path.
7.5 Changelogs. Calliope AI will maintain a public API changelog at docs.calliope.ai/api/changelog (or a successor URL) describing additions, deprecations, and Breaking Changes.
8. Data and Privacy
8.1 Application of Privacy Terms. API calls are subject to the ToS, Privacy Policy, AUP, and (where applicable) the DPA and Business Associate Agreement (BAA) between you and Calliope AI. Where you submit personal data through the API, you do so as a data controller or as a customer’s processor and represent that you have all rights, consents, and lawful bases necessary for such processing.
8.2 BYOC Deployments. For customers operating in the Bring-Your-Own-Cloud (BYOC) deployment model, API calls invoked solely to provision, configure, or manage the customer’s own BYOC environment are designed not to route Customer Data through Calliope AI’s environment. Calliope AI’s control-plane API endpoints process configuration metadata, identifiers, and orchestration signals only. Where an API endpoint inherently requires Customer Data to traverse Calliope AI infrastructure, that endpoint is documented as such in the API Documentation.
8.3 Bring-Your-Own-Key (BYOK). Where you use the API to configure or invoke third-party large language model providers using BYOK credentials, you are solely responsible for those credentials, your contractual relationship with the model provider, and any usage charges incurred. Calliope AI passes through requests in accordance with the API Documentation and does not assume liability for upstream model provider behavior.
8.4 API Logs. Calliope AI retains API access logs — comprising timestamps, source IP addresses, endpoints invoked, response codes, latency metrics, and account/API Key identifiers — for ninety (90) days for security, abuse detection, billing, and operational purposes, after which they are deleted or aggregated. Longer retention may apply where required by law or in connection with an active investigation.
8.5 Webhook Payloads. Webhook payloads may, depending on the event type, contain Customer Data, personal data, or sensitive metadata. You are solely responsible for the secure receipt, storage, and handling of webhook payloads in accordance with applicable law and your privacy commitments to End Users.
9. Branding and Attribution
9.1 No Misrepresentation. You shall not represent, expressly or by implication, that any Application is endorsed by, affiliated with, certified by, or made by Calliope AI, except as expressly permitted under a separate written agreement.
9.2 Use of Marks. Any use of Calliope AI’s name, logos, trademarks, or trade dress must comply with Calliope AI’s then-current Brand Guidelines (available on request from legal@calliope.ai). Calliope AI grants no trademark license under these API Terms beyond the limited right to truthfully describe that your Application uses or integrates with the Calliope AI API.
9.3 Public-Facing Disclosure. If you operate a public-facing Application using the API, you shall include, in the Application’s “About,” “Legal,” “Credits,” or equivalent surface, an acknowledgment along the lines of: “Powered in part by Calliope AI (calliope.ai ).”
9.4 Calliope AI Promotion. Calliope AI may, with your consent (not to be unreasonably withheld), reference your use of the API in marketing materials, case studies, and customer lists. Consent under this Section 9.4 is independent of any logo or case-study rights granted under the MSA.
10. Liability and Disclaimers for API Use
10.1 Your Responsibility for Applications. You are solely responsible for the design, development, testing, operation, security, support, and lawful conduct of your Applications, including: (a) validating API responses before relying on them; (b) handling API errors, timeouts, and partial failures gracefully; (c) ensuring that Applications comply with all applicable laws (including data protection, consumer protection, and AI-specific regulations); and (d) providing appropriate notices and consents to End Users.
10.2 “AS IS” Provision. Except as expressly set forth in a signed MSA or Order Form, the API is provided on an “AS IS” and “AS AVAILABLE” basis, and Calliope AI disclaims all warranties to the maximum extent permitted by law, including warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, and uninterrupted or error-free operation.
10.3 Service Levels. No service-level commitment applies to free, trial, evaluation, or developer-tier API access. Service-level commitments for production API use apply only where, and to the extent, expressly set forth in Calliope AI’s Service Level Agreement (SLA) referenced from an Order Form.
10.4 Limitation of Liability. To the maximum extent permitted by law, the limitations and exclusions of liability set forth in the ToS or MSA, as applicable, apply equally to your use of the API.
11. Changes to the API and These API Terms
11.1 Changes to the API. Calliope AI may modify the API in accordance with Section 7. Continued use of the API after the effective date of any such change constitutes acceptance of the modified API.
11.2 Changes to These API Terms. Calliope AI may update these API Terms from time to time. Material changes will be communicated by in-product notice, email to the account’s billing or technical contact, or publication on calliope.ai/api-terms with a prominent “Last updated” date and, where appropriate, an effective date no less than thirty (30) days after publication. Continued use of the API after the effective date constitutes acceptance of the updated API Terms.
11.3 Material Adverse Impact. If a Breaking Change or a change to these API Terms materially and adversely impairs the functionality of your Application or your rights, you may, within sixty (60) days after the effective date of the change, terminate the affected API access for convenience by written notice to legal@calliope.ai. Such termination will entitle you to a pro-rated refund of pre-paid, unused fees attributable to the affected API capacity, and is your sole and exclusive remedy under this Section 11.3.
12. Suspension and Termination
12.1 Suspension by Calliope AI. Calliope AI may suspend API access, in whole or in part, where: (a) you materially breach these API Terms, the ToS, or the AUP; (b) suspension is reasonably necessary to protect the Platform, other customers, or third parties from a credible security, abuse, or stability risk; (c) Calliope AI has not received payment when due; or (d) suspension is required by law or by Calliope AI’s contractual obligations to third parties.
12.2 Termination by You. You may discontinue use of the API at any time by ceasing all calls and deleting your API Keys. Termination does not relieve obligations accrued prior to termination, including payment of fees and indemnification.
12.3 Termination by Calliope AI. Calliope AI may terminate API access for cause upon material, uncured breach following at least ten (10) days’ written notice (or immediately, where the breach cannot reasonably be cured or constitutes a violation of Section 4).
12.4 Effect. Upon termination of API access: (a) all rights granted under these API Terms cease immediately; (b) you shall cease all use of the API and delete or render unusable any cached responses except as required by law or as expressly permitted under the ToS or MSA; and (c) provisions that by their nature survive termination — including Sections 1, 4, 8, 9, 10, 12.4, 13, and 14 — survive.
13. General
13.1 Order of Precedence. These API Terms supplement the ToS, AUP, and MSA. In the event of conflict between (a) these API Terms and the ToS or AUP, these API Terms control with respect to API-specific matters; and (b) these API Terms and a signed MSA or Order Form, the MSA or Order Form controls.
13.2 Enterprise Customers. For customers with a signed MSA, API access is governed by the MSA and any applicable Order Form, with these API Terms applying to operational, technical, and security matters and to gaps in the MSA.
13.3 Governing Law. These API Terms are governed by, and construed in accordance with, the laws of the State of Delaware, without regard to its conflict-of-laws principles.
13.4 Dispute Resolution. Any dispute, claim, or controversy arising out of or relating to these API Terms or the API shall be finally resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, with the seat of arbitration in Wilmington, Delaware. Notwithstanding the foregoing, either party may seek injunctive or equitable relief in any court of competent jurisdiction to protect intellectual property, confidentiality, or security interests.
13.5 Export and Sanctions. You represent and warrant that you are not located in, organized under the laws of, or ordinarily resident in any country or region subject to comprehensive U.S. sanctions, and that you are not identified on any U.S. government list of restricted or denied parties. You shall not export, re-export, or make the API available in violation of applicable export control or sanctions laws.
13.6 Assignment. You may not assign these API Terms or any rights hereunder, by operation of law or otherwise, without Calliope AI’s prior written consent. Calliope AI may assign these API Terms to an affiliate or in connection with a merger, acquisition, reorganization, or sale of all or substantially all of its assets.
13.7 Independent Parties. Nothing in these API Terms creates a partnership, joint venture, agency, employment, or fiduciary relationship between the parties.
13.8 Severability. If any provision of these API Terms is held unenforceable, the remaining provisions remain in full force and effect.
13.9 No Waiver. Calliope AI’s failure to enforce any provision is not a waiver of its right to do so later.
13.10 Entire Agreement. These API Terms, together with the ToS, AUP, Privacy Policy, and (where applicable) the MSA, DPA, BAA, and Order Form, constitute the entire agreement between the parties with respect to the API and supersede all prior or contemporaneous understandings on the subject matter.
14. Contact
| Purpose | Address |
|---|---|
| API-specific inquiries, integration questions | api@calliope.ai |
| Security and compromised-key reports | security@calliope.ai |
| Legal notices and contractual matters | legal@calliope.ai |
| Postal mail | Calliope Labs Inc., 80 SW 8th St, Ste 2000, Miami, FL 33130, USA |
Calliope Labs Inc. — Calliope AI — API Terms of Service — 2026-05-23
