GovWorx API Policy
- Effective Date: 11/15/2025
- Applies To: All Customers and Developers Using GovWorx APIs
1. Overview
This GovWorx API Policy (“Policy”) governs the use of any application programming interfaces (“APIs”) made available by GovWorx. The API allows authorized Customers to integrate their internal systems with GovWorx SaaS applications. This Policy exists to:- Protect Customer Data
- Maintain the integrity and security of the GovWorx platform
- Safeguard all GovWorx intellectual property
2. Authorization and Access
API Key Required
All API access requires a valid API Authorization Key issued by GovWorx. The API Key:- Must be kept confidential
- May be used only by authorized Customer personnel or approved developers
- May be revoked immediately if misuse or a security concern is detected
Customer Responsibilities for Key Security
Customers are fully responsible for:- Keeping API Keys secret
- Rotating or replacing keys when compromise is suspected
- Ensuring only approved individuals and systems use the Key
- Preventing unauthorized integrations or access
3. Data Ownership & Use
Customer Data
Customers retain exclusive ownership of all Customer Data transmitted to or accessed through the API. GovWorx processes Customer Data only to provide services requested by the Customer.Platform Data
GovWorx retains ownership of platform-level analytics, system performance data, and anonymized usage metrics generated by or through the API.GovWorx Intellectual Property
All API methods, endpoints, documentation, schemas, code samples, and underlying logic are proprietary GovWorx intellectual property. Customers receive a limited, non-exclusive right to use the API solely to support their internal use of GovWorx services.4. Acceptable Use Requirements
Customers and their developers may not:- Reverse engineer, decompile, or extract the structure or logic of the GovWorx system
- Use the API to build or enhance competing products or services
- Interfere with or degrade GovWorx servers or performance
- Circumvent authentication, rate limits, or security controls
- Introduce malware, perform penetration tests, or attempt to bypass security
- Share, sublicense, or redistribute API access to any unauthorized party
5. Security Responsibilities
Customer Responsibilities
Customers are solely responsible for:- Ensuring API traffic complies with all applicable laws and regulations
- Implementing safeguards to protect CJIS, HIPAA, PHI, PII, and other regulated information transmitted via the API
- Securing their systems, networks, and software that interface with the API
- Ensuring developers with API access meet any required security clearances or policies
- Preventing exposure of data through insecure integrations or third-party tools
GovWorx Responsibilities
GovWorx maintains security safeguards for its platform. However, GovWorx does not control the security of Customer systems, internal networks, or external integrations.6. Customer Indemnification
Customers agree to defend, indemnify, and hold harmless GovWorx from claims, penalties, obligations, liabilities, or damages arising from:- Transmission, disclosure, or exposure of CJIS, HIPAA, PII, PHI, or other sensitive information
- Security breaches or data loss caused by Customer systems or integrations
- Violations of law or policy resulting from API use
- Misuse of the API by Customer personnel or third parties acting under Customer authority
7. API Support and Service Levels
API Support
GovWorx offers API-level support only through a separate API Support Subscription, which includes:- Access to API documentation
- Guidance on endpoints, authentication, and request structure
- Assistance interpreting API responses
- Debugging or troubleshooting of Customer systems
- Custom development or integration engineering
- Vendor support for third-party tools
API Outside SLA Coverage
- The GovWorx API is not covered under any service level agreements.
- No guaranteed uptime.
- Downtime does not qualify for service credits.
- GovWorx may modify, restrict, or discontinue API functionality at any time.
8. Rate Limits and Usage Controls
GovWorx may enforce:- Rate limits
- Volume caps
- Bandwidth constraints
- Concurrency limits
- Temporary throttling
- Suspension of API access
- Permanent revocation of API Keys for repeated abuse
9. Monitoring and Auditing
GovWorx may log all API calls for:- Security monitoring
- Troubleshooting
- Compliance
- Usage tracking
- Policy adherence
10. Modifications and Deprecation
GovWorx may update or deprecate API endpoints, schemas, or authentication methods at any time. Reasonable efforts will be made to communicate changes, but uninterrupted availability is not guaranteed.11. Termination of API Access
GovWorx may suspend or terminate API access for:- Policy violations or misuse
- Security or operational risks
- Non-payment of required fees
- Integrations that degrade platform performance
- Suspicious or unauthorized activity
12. Disclaimer of Warranties
The API is provided “as is”, with no warranties, including:- No guarantee of uninterrupted access
- No guarantee of error-free requests or responses
- No guarantee of compatibility with Customer systems
- No guarantee of performance or suitability
13. Limitation of Liability
GovWorx is not liable for:- Indirect, incidental, special, consequential, punitive, or exemplary damages
- Data loss, exposure, or breaches caused by Customer systems
- Regulatory or compliance penalties arising from API use