Skip to main content
Karbon
Log In

Karbon Customer API Terms of Use

Last Updated: 8 May 2026

KARBON CUSTOMER API TERMS OF USE

These API Terms of Use ("API Terms") govern Customer's access to and use of the Karbon Application Programming Interface and any associated developer tools, including Model Context Protocol (MCP) services (collectively, the "API"). The API is an optional feature. Access is available exclusively to active Karbon customers on Business or Enterprise subscription tiers. Trial accounts and Team tier accounts are not eligible. Within an eligible account, API keys may only be generated by a certified Karbon Admin. User and Restricted User roles are not permitted to generate or manage API keys. These API Terms are independent of and do not modify, supersede, or expand any Master Subscription Agreement, Terms of Use, or other agreement between Customer and Karbon ("Subscription Agreement"). Generation of an API key within the Karbon platform constitutes Customer's acceptance of these API Terms on behalf of their organization. Access to and use of the API does not grant Customer any additional rights under the Subscription Agreement. Termination or expiration of the Subscription Agreement for any reason automatically terminates Customer's rights under these API Terms and results in immediate revocation of all associated API access, regardless of whether Customer has separately accepted these API Terms.

  1. License Grant. Subject to these API Terms, Karbon grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the API solely for Customer's internal business purposes, that is, for the specific purpose of supporting Customer's own accounting firm's operations. All rights not expressly granted to Customer are reserved.
  2. Definition of Internal Business Purposes. "Internal business purposes" means use of the API solely by Customer's own employees, contractors, and authorized staff operating directly for the benefit of Customer's own organization. It does not include use by third parties, clients of Customer, or any person outside Customer's organization. Where Customer engages a third-party developer or contractor to build an integration using the Karbon API, that third party is acting solely on Customer's behalf and under Customer's account. The third party has no independent right to use, sublicense, commercialize, or distribute any integration, tool, or application built using Customer's API access. Any third party wishing to develop, distribute, or commercialize integrations built on the Karbon API must enter first into a separate Karbon Partner Agreement directly with Karbon by contacting partnerships@karbonhq.com.
  3. API Key Security and Confidentiality. Customer will keep all API credentials secure and shall use the credentials as their sole means of accessing the API. Customer will respect and comply with the technical and policy-implemented limitations of the API, including any rate limits, and the restrictions of these API Terms. Customer must not interfere with or disrupt the integrity or performance of the API or Karbon's infrastructure. Customer must not attempt to circumvent Karbon's rate limiting controls, including by distributing requests across multiple API keys or accounts to avoid the per-account limit. Technical limits, including current rate limits, are published in Karbon's API Documentation at developers.karbonhq.com and may be updated from time to time.
  4. Prohibited Uses. Customer must not use the API to: (a) access, query, or retrieve data belonging to any other Karbon customer; (b) resell or license data obtained through the API, or provide such data to any third party for that party's own independent commercial benefit rather than solely in furtherance of Customer's own operations; (c) scrape or systematically extract data accessed through the API in a manner designed to replicate, reconstruct, or reproduce Karbon's data structures, relationship graphs, or platform intelligence outside of Karbon, rather than to retrieve Customer's own operational data for Customer's own business; (d) probe, scan, or test the vulnerability of any Karbon service, or attempt to breach Karbon's security or authentication measures without authorization; (e) store or transmit malicious code, viruses, or any software intended to damage or interfere with Karbon's systems; (f) reverse-engineer, decompile, or attempt to derive the source code of Karbon's software or infrastructure; (g) commit fraud or any other illegal act through or in connection with the API; or (h) build, operate, or distribute any product or service that substantially reproduces Karbon's functionality or is designed to migrate or move Karbon customer data to a competing platform.
  5. No Distribution and Partner Program Requirement. Customer may not authorize, permit, or facilitate any third party to use Customer's API access for any purpose other than building integrations solely for Customer's own internal use. Any integration, code, script, or application developed using Customer's API access is specific to Customer's account and may not be copied, transferred, or deployed under any other Karbon customer's API account without a separate Karbon Partner Agreement. Any third party that develops, distributes, licenses, commercializes, copies, or transfers any integration built on or using the Karbon API, whether engaged by Customer or otherwise, must first enter into a separate Karbon Partner Agreement directly with Karbon by contacting partnerships@karbonhq.com. Customer is responsible for ensuring that any third-party developers they engage comply with this requirement.
  6. MCP Server and AI Integration Prohibition. Customer must not: (a) create, operate, or make available any Model Context Protocol (MCP) server or functionally equivalent service that exposes Karbon data or functionality to parties outside Customer's organization; (b) use data obtained through the API to train, fine-tune, or otherwise develop any artificial intelligence model, machine learning tool, large language model, or predictive analytics tool; or (c) use the API to build any agentic automation that acts on behalf of, or exposes Karbon data to, any party other than Customer without a separate Karbon Partner Agreement.
  7. Data Responsibility and Irreversibility. CUSTOMER ACKNOWLEDGES THAT API OPERATIONS, INCLUDING BULK DATA MODIFICATIONS, UPDATES, OR DELETIONS, ARE EXECUTED AT CUSTOMER'S SOLE DIRECTION AND MAY BE IRREVERSIBLE. Karbon does not provide data restoration services for data lost, overwritten, or corrupted as a result of Customer's API operations. Customer is solely responsible for maintaining appropriate backups and for testing API operations in a non-production environment prior to execution against live data. This Section survives termination of these API Terms.
  8. Customer Data Protection and Privacy. Customer will ensure that all data accessed through the API is collected, processed, transmitted, maintained, and used in accordance with: (i) Customer's agreements with its own clients, including a legally adequate privacy policy; (ii) appropriate contextual notices and consents from end users; and (iii) all applicable laws and regulations. Customer must obtain express permission from each end user before sharing their data with any third parties.
  9. Suspension and Termination. Customer's API access may be terminated and/or suspended, at Karbon's option: (a) upon 30 days' notice of a material breach if such breach remains uncured at the expiration of such period; or (b) immediately and without notice if: (i) the breach poses a security risk to Karbon or other customers; (ii) Customer becomes subject to insolvency proceedings; (iii) continued access would expose Karbon to legal liability, or (iv) Customer has materially or repeatedly violated the technical limitations of the API, including published rate limits, usage restrictions, or access controls. Upon termination or expiration of Customer's Karbon subscription for any reason, all API keys associated with Customer's account will be automatically revoked. Customer must not use any API keys following termination of their subscription and must immediately destroy any locally stored API keys.
  10. Indemnification. Customer will indemnify, defend, and hold Karbon harmless, at Customer's expense, against any third-party claim, suit, action, or proceeding brought against Karbon to the extent that such action arises out of: (a) Customer's use of the API in breach of these API Terms; (b) Customer's infringement or alleged infringement of the intellectual property rights of a third party; or (c) Customer's noncompliance with applicable law in connection with its use of the API. Karbon will notify Customer in writing within 30 days of becoming aware of any such claim and will give Customer sole control of the defense or settlement.
  11. Warranty Disclaimer and Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW: (a) THE API IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND; (b) KARBON DISCLAIMS ALL IMPLIED WARRANTIES INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT; (c) KARBON'S AGGREGATE LIABILITY FOR CLAIMS ARISING FROM OR RELATED TO CUSTOMER'S USE OF THE API SHALL NOT EXCEED THE GREATER OF ONE HUNDRED DOLLARS ($100) OR THE FEES PAID BY CUSTOMER FOR API ACCESS IN THE THREE MONTHS PRECEDING THE CLAIM; (d) IN NO EVENT SHALL KARBON BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF DATA, LOSS OF PROFITS, OR BUSINESS INTERRUPTION, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY. YOU UNDERSTAND AND AGREE THAT ABSENT YOUR AGREEMENT TO THIS LIMITATION, KARBON WOULD NOT PROVIDE THE API TO YOU.
  12. Dispute Resolution. The parties will attempt to resolve any dispute arising out of or relating to these API Terms informally by contacting legal@karbonhq.com. If the dispute is not resolved within 30 days of informal notice, either party may submit the dispute to binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules. Arbitration will be conducted by a single arbitrator and the award rendered may be entered as a judgment in any court of competent jurisdiction. Nothing in this Section prevents either party from seeking injunctive or other equitable relief in any court of competent jurisdiction where necessary to protect confidential information or intellectual property rights.
  13. Governing Law and Jurisdiction. These API Terms, and all disputes arising out of or related to them, will be governed by and construed under the laws of the State of New York, consistent with the Federal Arbitration Act, and without giving effect to any principles that provide for the application of the law of another jurisdiction. In any circumstances where arbitration is not applicable, the parties agree to submit to the personal jurisdiction of the courts located within New York, New York.
  14. Changes to API Terms. Karbon may update and change any part or all of these API Terms. Updated terms will be posted on Karbon's website and will become effective on the next business day after posting. Karbon will notify Customer of material changes through the Karbon application. Continued use of the API after the effective date of any update constitutes acceptance of the revised terms.
Get it on Google PlayDownload in the Apple App Store4.8 stars on G2.com
© Karbon 2026