public-api-docs

API Fair-Use Policy & Export Policy

The purpose of this API Fair Use Policy is to ensure the responsible and equitable use of our API services by all users. Misuse of the API can have adverse effects on system performance, reliability, and overall service quality.

Acceptable Use

1. Users must adhere to the terms and conditions outlined in the API documentation.
2. API access is granted solely for the purpose of integrating and interacting with our services as described in the documentation.
3. Users are prohibited from engaging in activities that may harm, disrupt, or negatively impact the API infrastructure, including but not limited to, malicious attacks, unauthorized access, or any form of abuse.
4. This API is only to be used to build services on top of the existing services provided by Wunder Mobility GmbH. This excludes the replication of functionality provided by our Dashboard or goDash to manage existing entities but includes building additional functionality on top of these.

Usage Limits

1. Baseline usage is defined as the typical usage of our Dashboard, App and ServiceApp.
2. To maintain a fair and equitable environment, Wunder Mobility GmbH imposes usage limits on the API. These limits include:
   1. Rate Limits: The number of API requests allowed within a specified time period.
   2. Data Quotas: Limits on the volume of data that can be retrieved or transmitted via the API.
   3. Concurrent Connections: Restrictions on the number of simultaneous connections to the API.
   4. Resource Consumption: Restriction on the consumption of platform resources calculated as Rate times the average Duration of the request.
3. For the previous sections a to d Wunder Mobility GmbH allows a maximum increase of resource usage to the base usage without API of 20%.
4. Rate Limits as described in Rate Limits must not be exceeded based on a sliding window of 24 hours (See Rate Limiting) for technical information on rate limits).

Violations to Fair-Use Policy

1. Usage of the API for data synchronization, polling or duplication outside of the Wunder Mobility GmbH solution
2. Usage of endpoints as health checks or for automated testing (See Health Checks for health checks)
3. Usage of unlimited / unproportional page sizes for list endpoints
4. Not following best practices like:
   1. caching,
   2. debouncing of frontend actions,
   3. reasonable backoffs in case of retries,
   4. usage of compression,
   5. requesting only actual needed data (ie. filter for view port when retrieving vehicles),
   6. validation of user input as early as possible
5. Wunder Mobility GmbH keeps the right to adjust existing rate limiting on infrastructure level at later point returning HTTP response status code 429 or 403 in such cases.

Data Usage and Privacy

1. Users must respect privacy and data protection laws when using the API.
2. Data obtained through the API should only be used for lawful and legitimate purposes, and users must not engage in unauthorized data collection or extraction.

Security Measures

1. Users are responsible for maintaining the confidentiality of their API keys and credentials.
2. Any suspected compromise of API keys or credentials must be reported immediately to prevent unauthorized access.

Monitoring and Enforcement

1. Wunder Mobility GmbH reserves the right to monitor API usage to ensure compliance with this Fair Use Policy.
2. Non-compliance may result in warnings, suspension, or termination of API access at our discretion.

Modifications to the Fair Use Policy

Wunder Mobility GmbH may update or modify this Fair Use Policy at any time. Users will be notified of any changes, and continued use of the API implies acceptance of the updated policy.

Reporting Violations

1. Users are encouraged to report any suspected violations of this Fair Use Policy to our support team.
2. Prompt investigation and appropriate action will be taken against reported violations.

Rate Limits

MDS API

• Max 7.200 requests / day. Equivalent to 5 requests / min, if there is only one polling service.
• Best-practice: Polling frequency: 1min

GBFS API

• Max 14.400 requests / day. Equivalent to 10 requests / min, if there is only one polling service.
• Best-practice: Polling frequency: 20sec

User API / MaaS API

• 14.400 requests / vehicle / month
• Best practice:
  • All the API operations in end-user applications have to be debounced. Meaning, limit the rate at which a function gets invoked. Example: It should be prevented that a “start rental” button sends a start rental API call without waiting for the response.
  • List and asset caching
  • All endpoints must be API filtered if possible
  • Pagination with a page size of max 50 elements
  • File uploads: max 500 KB/file

Operations API

• Vehicle commands & rental operations: 960 requests / vehicle / month
• Get vehicles: 100.000 requests / month
• Best-practice: Get vehicles: Use a delay of 30s between consecutive requests

Export API

• Every export that is available in a 24h time frame is delivered a maximum of once in 24h
• Every export that is available on a monthly basis is delivered a maximum of once per month