Legal

API & Developer Terms

Terms governing programmatic access to the PayServices Network — for end-customers using their own data and for third-party fintechs and banks integrating with the Network.

Last updated: May 5, 2026
This document is provided in English. Translations of other parts of the site are for convenience only; the English version governs.

1. Scope and integrator categories

These API & Developer Terms ("API Terms") govern programmatic access to the PayServices Network and to data and services exposed through application programming interfaces, software development kits, webhooks, server-to-server connections, and similar developer-facing surfaces (collectively, the "API"). They are part of, and supplemental to, the Terms of Service; the Terms of Service govern in case of any inconsistency that is not resolved by these API Terms.

These API Terms apply to two distinct categories of integrator. The rules that follow distinguish between them, and where a rule applies only to one category, it says so:

  • Category A — End-customer programmatic access. A Member who accesses the API only with respect to data and accounts belonging to that Member, including the Member's own employees, agents, treasury systems, ERP systems, accounting systems, custom dashboards, and the like. The data flowing through the API in this category is the Member's own data.
  • Category B — Third-party integrators. A regulated or unregulated entity (a fintech, software vendor, payment service provider, bank, money services business, or similar) that accesses the API to provide services to its own customers, where data, transactions, or other artifacts of those customers flow through the API. The Category B integrator is acting as an intermediary between its customers and the PayServices Network.

An integrator may operate in both categories at once, with respect to different uses of the API; the rules of each category then apply to the corresponding use.

2. Definitions

Capitalized terms not defined here have the meaning given in the Terms of Service. The following terms are used throughout these API Terms:

  • "API Credentials" means the client identifiers, secrets, certificates, signing keys, and other authentication material we issue to allow your software to call the API on behalf of you or, in Category B, on behalf of your customers.
  • "Authorized Customer", in Category B, means an end-user of the integrator's product who has agreed to the integrator's terms, who has separately consented to the data sharing and transactions effected through the integrator's use of the API, and who is, where required by law, a verified Member of the PayServices Network.
  • "API Data" means data accessed through, or returned by, the API, including transaction data, balance data, identity data, KYC artifacts, Digital Passport credentials, message and call records (subject to the rules of the Messaging Policy), and any derivative data.
  • "Production" and "Sandbox" refer respectively to the live API and to the test environment we make available for development.

3. Registration and credentials

To access the API you must register through the developer portal we make available, agree to these API Terms, and complete any onboarding steps we require, which may include identity verification, business verification, technical due diligence, and, for Category B, a regulatory and compliance review of your program.

API Credentials are issued to you, are not transferable, and must be protected as confidential information. You are responsible for any call made with your API Credentials, whether by you, your employees, your contractors, your software, or any third party who has obtained access to those credentials. You must rotate, revoke, and re-issue API Credentials promptly on (a) loss, theft, or suspected compromise; (b) departure of personnel with access to them; (c) request by us; or (d) any other event that places those credentials at risk.

We may suspend or revoke API Credentials at any time, with or without notice, where we reasonably believe that the credentials have been compromised, that the API is being used in violation of these API Terms, or that suspension is required to comply with applicable law, the rules of our banking partners, or the security of the Network.

4. End-customer access (Category A — your own data)

A Member using the API to access only its own accounts and data — for example, to integrate ITAM with the Member's accounting system, ERP, treasury workstation, or internal dashboards — operates in Category A.

In Category A:

  • The data flowing through the API is the Member's own data, accessed under the Member's own consent and the Member's existing relationship with the Bank.
  • The Member is responsible for the security of any system into which the API Data is exported or any system from which API calls are made, and for compliance with the Member's own internal policies, security obligations, and applicable law.
  • No additional contract for the protection of third-party data is required, because no third-party data is involved.
  • Software the Member writes against the API is licensed under Section 6 (License and acceptable use) and must comply with the security obligations in Section 8 (Security and incident reporting).

An integrator that begins as Category A but then makes the integration available to other persons — for example, by white-labelling it, redistributing it, or operating it as a service for customers other than itself — has crossed into Category B and must comply with Section 5 from that point forward.

5. Third-party access (Category B — your customers' data)

An integrator that uses the API to provide services to its own customers, where data and transactions of those customers flow through the API, operates in Category B. Category B is the higher-risk and higher-obligation tier.

Authorized Customers only. A Category B integrator may only effect calls, transactions, or data flows in respect of an Authorized Customer who has separately consented, in a manner that satisfies applicable consumer-protection and data-protection law, to (i) the integrator's terms of service, (ii) the integrator's privacy notice, and (iii) the data sharing and transactions effected through the integrator's use of the API. The integrator must retain evidence of that consent and produce it on request by the Bank or by a competent authority.

Member status of Authorized Customers. Where applicable law, the rules of the Network, or the type of transaction requires that the end-user be a verified Member, the integrator must ensure that the Authorized Customer has completed the Network's Digital Passport verification or, where permitted, an equivalent verification carried out by the integrator under a written agreement with us. The integrator may not present a non-verified end-user to the Network as if the end-user were verified.

Data-processing role. With respect to the personal data of Authorized Customers that flows through the API, the Bank acts as a data controller (or, where applicable, joint controller) for the purposes for which the Bank is independently subject to legal obligations as a regulated financial institution — including KYC, AML/CFT, sanctions screening, fraud prevention, recordkeeping, and regulatory reporting — and the integrator acts as the controller of the data for the purposes of operating its own product to its Authorized Customers. Where the integrator processes data on the Bank's behalf, a separate data-processing addendum applies and is incorporated by reference where signed.

Pass-through obligations. The integrator must ensure that its own terms of service with Authorized Customers contain provisions, no less protective than these API Terms and the Terms of Service, on (a) acceptable use, (b) sanctions and AML compliance, (c) the Bank's role and limits of liability, (d) intellectual property, (e) data protection, (f) recording, retention, and lawful access to communications conducted through ITAM, and (g) dispute resolution.

No misrepresentation. The integrator must not represent itself, expressly or by implication, as a branch, agency, subsidiary, or licensee of PayServices Bank, and must not represent that its product is operated, endorsed, or guaranteed by the Bank, except to the extent expressly authorized in writing. The integrator must not represent that funds held at the integrator are insured by the Bank or by any deposit-insurance scheme by virtue of the Bank's involvement, except where that representation is true and is approved in writing by us.

Bank-to-bank category B integrators. A bank, money services business, or other regulated financial institution that integrates with the API to extend the Network's services to its own customers operates as a Category B integrator and is in addition subject to the Network participation rules of the institution-to-institution agreement we enter into with it. In case of conflict between these API Terms and that participation agreement, the participation agreement governs.

6. License and acceptable use

Limited license. Subject to your compliance with these API Terms, we grant you a limited, personal, non-exclusive, non-transferable, non-sublicensable, revocable license to call the API, to receive responses, and to integrate the responses into the application or system for which you registered the API Credentials, solely for the purposes for which we make the API available.

Reservation. All rights not expressly granted are reserved. The API, the documentation, the SDKs, the developer portal, and all underlying software, databases, models, and infrastructure are owned by PayServices Bank or its licensors and are protected by intellectual-property law. Nothing in these API Terms transfers ownership of any of those items to you.

Acceptable use. You may not, and may not permit any third party to:

  • Reverse-engineer, decompile, disassemble, or attempt to derive the source code or underlying architecture of the API or any related component, except to the extent expressly permitted by applicable law that cannot be waived by contract;
  • Use the API to build a product that is substantially similar to the Services or that competes with the Services;
  • Use the API to scrape, mass-extract, or build a dataset of API Data for resale, redistribution, or syndication to third parties;
  • Use the API to train, fine-tune, evaluate, or operate any machine-learning model in a manner not expressly authorized by us in writing;
  • Use the API to circumvent any usage limit, fee, security control, or compliance control of the Network;
  • Use the API in any way that violates the Terms of Service, the Messaging Policy, applicable law, or the rules of any banking partner whose data or services are reachable through the API.

7. Data, privacy, and confidentiality

Permitted purpose. You may use API Data only for the purpose for which it was made available to you and only as expressly permitted by these API Terms, the Terms of Service, and the consent given by the Member or Authorized Customer to whom the data relates. You may not use API Data for any other purpose, including for advertising, profiling, behavioral targeting, credit scoring outside the integrator's lawful credit-decisioning use, or any other secondary purpose, without express written permission from us and from the data subject where required by law.

Confidential information. The API, the documentation, the API Data, the API Credentials, and any non-public technical, financial, or business information that we share with you in connection with the API constitute the Bank's confidential information. You must protect this information using a reasonable standard of care and at minimum the standard you use to protect your own confidential information, and you may not disclose it to any third party except as expressly permitted by these API Terms or required by law.

Aggregation and de-identification. You may not produce, use, or disclose aggregate or de-identified statistics derived from API Data except to the extent that (a) the dataset is genuinely de-identified by means that prevent re-identification, (b) the use is consistent with applicable privacy law, and (c) the use is not prohibited by your agreement with the data subject. The Bank's separate data-protection rules continue to apply regardless.

Cross-border transfers. Where API Data crosses borders in connection with your use of the API, you are responsible for the lawfulness of the transfer under applicable data-protection law, including any standard contractual clauses, transfer impact assessments, or local data-residency rules that apply to you.

8. Security and incident reporting

You must maintain a security program, appropriate to the volume, sensitivity, and category of API Data you handle, that includes at minimum: encrypted transport for all API calls; secure storage of API Credentials and API Data at rest; role-based access controls and the principle of least privilege; logging and monitoring sufficient to detect anomalous use of API Credentials; secure software-development practices; vulnerability management; and incident response.

Incident reporting. You must notify us, without undue delay and in no event later than seventy-two (72) hours after you become aware, of any (i) actual or reasonably suspected unauthorized access to or disclosure of API Credentials, API Data, or the systems on which they are processed, (ii) actual or reasonably suspected compromise of the integrity of API Data, or (iii) any other security incident materially affecting the API or the Network. Notice must be sent to info@payservices.com and must include the information we reasonably require to assess the incident and to comply with our own notification obligations.

Cooperation. You must cooperate with us in good faith in the investigation, mitigation, and remediation of any incident affecting API Credentials, API Data, or the Network, and in any related notifications to data subjects, customers, regulators, or law enforcement.

9. Compliance and lawful use

Your use of the API must comply with all law applicable to you, to your customers, to the data you handle, and to any transaction effected through the API, including without limitation the law of the jurisdiction in which you are organized, the law of any jurisdiction in which your customers reside, U.S. federal and state law applicable to PayServices Bank, sanctions law applicable to either party, AML/CFT law, anti-corruption law, data-protection law, consumer-protection law, and tax law.

The Bank's transaction-by-transaction sanctions and compliance screening (described in Section 3 of the Terms of Service) applies to API-initiated transactions on the same basis as any other transaction. The fact that a transaction is initiated through the API does not create an exception to any compliance obligation.

Cooperation with regulators. You must cooperate, on reasonable notice, with examinations, audits, and information requests by U.S. and non-U.S. regulators having jurisdiction over the Bank, the Network, or your operations, to the extent that the request relates to the API or to your use of it.

10. Rate limits, fair use, and availability

The API is subject to rate limits, concurrency limits, payload limits, and fair-use rules published in the developer portal and updated from time to time. You must respect these limits and must implement reasonable back-off, retry, and queuing logic in your client.

The API is provided on an "as available" basis. We may schedule maintenance windows, deploy security or stability patches, and take other operational actions that affect API availability. We will provide reasonable advance notice through the developer portal of planned maintenance and material changes, except where notice is impractical due to a security or operational emergency.

11. Fees and billing

API access may be subject to fees, including per-call fees, throughput fees, premium-tier fees, support fees, and certification fees. Applicable fees are as set out in the developer portal and the standard Fee Schedule, and are billed in arrears unless otherwise stated.

For Category B integrators, fees are typically borne by the integrator and are not passed through to Authorized Customers in the form of an additional charge by the Bank. The integrator is free to pass through fees to its Authorized Customers as part of its own pricing, subject to consumer-protection law applicable to the integrator.

We may change API fees from time to time. Material changes will be disclosed in the developer portal with reasonable advance notice.

12. Branding and disclosure

You may state factually that your product integrates with, or is connected to, the PayServices Network, and you may use the marks "PayServices Network" and "ITAM" solely to describe that integration, in accordance with any brand and trademark guidelines we publish. You may not use the Bank's, the Network's, or ITAM's marks in a manner that is likely to cause confusion as to source, endorsement, or affiliation, or as part of your own product name, domain, or logo.

For Category B integrators, your customer-facing materials must clearly identify the integrator as the entity providing the integrator's product and must not represent the Bank as the provider of that product. Where regulatory disclosures are required (for example, the identification of the bank that holds funds or the disclosure of a bank-as-a-service relationship), those disclosures must be presented accurately and prominently.

13. Changes, deprecation, and breaking changes

The API is subject to evolution. We may add, modify, deprecate, or remove endpoints, fields, behaviors, error codes, and features. We will publish breaking changes and deprecation timelines in the developer portal and, where reasonably practicable, will support deprecated endpoints for a transition period before removal.

You are responsible for keeping your integration current. We are not liable for breakage caused by your continued use of a deprecated endpoint after the announced removal date.

We may change these API Terms from time to time. Material changes will be disclosed in the developer portal with reasonable advance notice; your continued use of the API after the effective date of the updated API Terms constitutes acceptance.

14. Liability and warranties

Disclaimer. Except as expressly provided in these API Terms or required by applicable law, the API is provided "as is" and "as available." To the maximum extent permitted by law, we disclaim all warranties of any kind, whether express or implied, including warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, uninterrupted availability, or freedom from error.

Limitation of liability. To the maximum extent permitted by law, our aggregate liability arising out of or in connection with the API is limited to the API fees actually paid by you to us in the twelve (12) months preceding the event giving rise to the claim. We will not be liable for any indirect, incidental, consequential, special, or punitive damages, or for any loss of profits, revenues, data, or goodwill.

Indemnification by you. You will indemnify, defend, and hold harmless PayServices Bank, its affiliates, and their respective officers, directors, employees, agents, and partners from and against any claim, damage, loss, liability, cost, or expense (including reasonable attorneys' fees) arising out of or related to (a) your use of the API, (b) your breach of these API Terms or the Terms of Service, (c) your violation of any law or regulation, (d) for Category B integrators, any claim of any Authorized Customer or other third party arising out of your product, your terms with the Authorized Customer, or your handling of API Data, and (e) any third-party claim that your software, content, or use of the API infringes a third-party right.

15. Term and termination

These API Terms apply for as long as you have access to the API. You may terminate by ceasing all use of the API, deleting your API Credentials, and notifying us. We may terminate or suspend your access to the API at any time, with or without notice, where (i) you breach these API Terms, the Terms of Service, or applicable law, (ii) we are required to do so by law or regulator, (iii) we reasonably suspect fraudulent, unauthorized, or unlawful use, (iv) continuing to provide the API to you would expose us or our partners to material legal, regulatory, or reputational risk, or (v) we discontinue the API generally.

On termination, the licenses granted to you cease, you must stop using the API and delete API Credentials and locally-stored API Data except as required to be retained by law, and the provisions of these API Terms that by their nature should survive (including confidentiality, data protection, indemnification, and liability) survive termination.

16. General provisions

Governing law and dispute resolution. These API Terms are governed by the law of the State of Idaho, USA, and applicable U.S. federal law. The dispute-resolution rules in Section 26 of the Terms of Service (including the arbitration and class-action waiver) apply to disputes arising from these API Terms, and the local-rights and local-language rules in Section 27 apply where required by mandatory local law.

Relationship to Terms of Service. These API Terms are part of the Terms of Service and are incorporated by reference into them. The Terms of Service govern any matter not addressed in these API Terms. In case of inconsistency between these API Terms and the Terms of Service on a matter that is addressed in both, these API Terms govern with respect to API access and the Terms of Service govern with respect to all other matters.

Severability, no waiver, assignment. If any provision is held invalid or unenforceable, the remaining provisions remain in effect. Our failure to enforce any provision is not a waiver. You may not assign these API Terms without our prior written consent. We may assign these API Terms in connection with a merger, acquisition, or sale of assets.

Notices. Notices to us under these API Terms are effective when received at the address in Section 17. Notices to you may be given through the developer portal, by email to the address you have registered, or as otherwise permitted by the Terms of Service.

17. Contact us

For questions about these API Terms or to report a security incident, please contact us at:

PayServices Bank
950 W Bannock Street, Suite 1100
Boise, Idaho 83702-6140
United States

info@payservices.com