Effective: May 2026
By applying for, receiving, or using a SuperPay Bank Partner API key, you agree to these terms on behalf of your institution. If you do not agree, do not apply for or use the API.
SuperPay grants you a limited, non-exclusive, non-transferable license to call the Bank Partner API endpoints (/v1/bank/recommend and /v1/bank/portfolio) solely for internal analytics, product enrichment, and customer reward advisory purposes. You may not resell, sublicense, or redistribute API responses as a standalone data product.
Your sp_bank_… key is a credential. Do not expose it in client-side code, public repositories, or logs. You are responsible for all API requests made with your key. Notify hello@superpayrewards.com immediately upon suspected compromise. SuperPay may suspend a key without notice if abuse is detected.
You may use API responses to: (a) inform cardholders of reward rates at point of sale or at checkout; (b) conduct internal portfolio gap analysis across your card products; (c) enrich your own internal analytics dashboards. All data is informational — SuperPay does not process payments or guarantee reward values, which are set by the issuing institution.
You may not: (a) store or re-sell card catalog data as a standalone dataset; (b) use the API to infer or reconstruct SuperPay's user base; (c) exceed rate limits or circumvent authentication; (d) include PII (cardholder names, account numbers, SSNs, card numbers) in API request bodies; (e) use the API in any way that violates applicable law including GLBA, CCPA, or GDPR.
The API is rate-limited to 300 requests per minute per key on /v1/bank/recommend. SuperPay provides the API on a best-efforts basis during the beta period; no uptime SLA is guaranteed. Rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, Retry-After) are included in every response to help you manage request pacing.
API keys are provisioned at one of two access levels: recommend-only (access to /v1/bank/recommend only) or both (access to /v1/bank/recommend and /v1/bank/portfolio). Your access level is stated in your approval email. To request an upgrade, contact hello@superpayrewards.com.
API requests are logged for security and analytics. Do not include PII in API request bodies. SuperPay's Privacy Policy (/privacy) governs data handling. Logged data includes: timestamp, key ID, endpoint, amount, MCC, and recommended card IDs — never cardholder-identifying information.
If your API key is configured with allowed origins, requests bearing an Origin header from an unregistered domain will be rejected with 403 ORIGIN_NOT_ALLOWED. Server-to-server requests (no Origin header) are not subject to origin enforcement. To update your allowed origins, contact hello@superpayrewards.com.
SuperPay may update these terms or discontinue the API with 30 days' notice except where immediate suspension is required for security or legal reasons. Continued use after notice constitutes acceptance of the updated terms. We may suspend a key immediately for Terms violations.
The API is provided "as is" without warranty of any kind. SuperPay disclaims all implied warranties including merchantability, fitness for a particular purpose, and non-infringement. Reward rates returned by the API are estimates based on publicly available card program information and may not reflect current or promotional rates offered by any issuer.
To the maximum extent permitted by applicable law, SuperPay shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the API, even if advised of the possibility of such damages.
Questions about these terms? Email hello@superpayrewards.com.
© 2026 SuperPay Ai, Inc. All rights reserved.