Legal

API Terms of Use

Last updated: 2026-05-13 Effective: 2026-05-13

API Terms of Use — Delivery Zone

Version: 1.0 Last updated: 2026-05-13 Effective date: 2026-05-13

These API Terms supplement the Terms of Service and apply specifically to programmatic access to the Delivery Zone API. They apply to all API keys created under any subscription plan, including the free plan.

1. API Licence

Subject to your active subscription plan and compliance with these terms, we grant you a limited, non-exclusive, non-transferable, revocable licence to call the Delivery Zone API for the purpose of:

  • Checking delivery availability for postcodes within your configured delivery zones.
  • Calculating indicative delivery prices based on your configured rules.
  • Integrating these capabilities into your own products or services.

Permitted use is limited to submitting individual validation requests required for the Customer's normal business operations, such as checking whether a specific customer order, address, postcode, or delivery destination is serviceable.

This licence does not include the right to:

  • Reverse-engineer the API or the service.
  • Scrape, enumerate, reconstruct, extract, or create a substitute postcode database, coordinate database, or derived location dataset.
  • Create a competing delivery-zone or postcode-lookup SaaS.
  • Resell API access as a standalone product.

2. Authentication

All API requests must be authenticated using a valid API key passed in the X-Api-Key request header. API keys are organisation-scoped; each key is tied to a specific organisation and can be revoked independently.

Confidentiality obligation: You must keep your API key secrets confidential at all times.

  • Never embed API key secrets in public-facing frontend code (JavaScript, HTML, mobile apps).
  • Never commit API key secrets to public version control repositories (GitHub, GitLab, etc.).
  • Never share API key secrets with parties outside your organisation.
  • Store API keys as environment variables or in a secrets management system (e.g., environment

secrets in your CI/CD pipeline, not in source code).

API key secrets are shown once at creation and cannot be recovered. If a key is compromised, revoke it immediately from the dashboard and generate a replacement.

3. Rate Limits and Quotas

Each subscription plan includes:

  • A monthly API call quota (resets at the start of each billing period).
  • A per-minute rate limit to ensure fair use across all customers.

Current limits per plan are shown on the Pricing page and in your dashboard under Usage.

Response codes for limit breaches:

  • 402 Payment Required — monthly quota exceeded.
  • 429 Too Many Requests — per-minute rate limit exceeded.

Implement exponential back-off and retry logic in your integration. Do not implement retry logic that ignores 402 or 429 responses, as this constitutes AUP abuse.

4. Accuracy and Interpretation of Results

API responses reflect the delivery zone rules you have configured and the postcode reference data available at the time of the request. Results must be interpreted as follows:

canDeliver: true

The queried postcode matches one of your configured delivery zones based on currently available data. This does not guarantee that a physical delivery will be completed. Your actual delivery capacity may be limited by scheduling, vehicle availability, and other operational factors outside this service.

canDeliver: false

The postcode does not match any active delivery zone with your current configuration. This does not mean delivery is permanently impossible. It reflects your current rules and the current reference data. Review your zone configuration and the Postcode Data Disclaimer if you believe the result is incorrect.

Price estimates

Any price returned by the API is calculated from your configured rules and is indicative only. Final delivery pricing is your responsibility. You must not bind yourself or your customers to the returned price without your own business logic review.

You are responsible for how you present API results to your end customers and for the commercial decisions you make based on them.

5. API Logging

We log the following data for each API request for billing, security, and audit purposes:

  • Postcode value queried.
  • Timestamp.
  • HTTP response status.
  • Organisation ID and API key prefix (not the secret).
  • Caller IP address (your server's IP, not your end customer's IP in typical usage).

We do not log: full basket contents, customer names, full delivery addresses, or any data beyond what is listed above. API logs are retained for up to 12 months.

6. Versioning and Backward Compatibility

The current API version is v1 (base path /api/v1/). Within a major version, we will maintain backward compatibility. We will not:

  • Remove or rename existing API fields in responses.
  • Change the semantics of existing request parameters without notice.
  • Remove endpoints without prior deprecation notice.

If we need to make a breaking change, we will:

  1. Publish a new major version (e.g., /api/v2/).
  2. Provide at least 90 days' notice by email and in-app announcement before deprecating

the previous major version.

  1. Keep the old version functional until the end of the deprecation period.

We reserve the right to make non-breaking additive changes (new optional fields, new endpoints) at any time without prior notice.

7. Emergency Changes

We reserve the right to make immediate changes to the API — including temporarily restricting or disabling endpoints — without prior notice in the following circumstances:

  • Active security incident or abuse attack.
  • Regulatory requirement.
  • Critical bug fix that requires a breaking change to prevent data corruption or security

compromise.

We will notify affected customers as soon as practicable in such cases.

8. Suspension for Misuse

We may suspend API key access or account access without prior notice for:

  • Exceeding rate limits repeatedly or deliberately.
  • API key compromise or misuse.
  • Violation of the Acceptable Use Policy.
  • Non-payment or subscription expiry.

We will restore access promptly once the underlying issue is resolved.

9. No Warranty on API Continuity

We aim to provide a reliable, high-availability API but do not guarantee uninterrupted access. The service is provided "as is" and "as available". See the Service Availability Policy for details of our operational commitments and what is excluded from availability guarantees.

10. Postcode Data Accuracy

See the Postcode Data Disclaimer for information about the accuracy, sources, and known limitations of the postcode reference data used by the API.

11. Permitted API Use — Real-Time Validation Only

Delivery Zone API responses are provided solely for real-time postcode, delivery-zone, and delivery-availability validation within the Customer's own checkout, logistics, or operational workflow. Any other use is outside the scope of this licence.

12. Prohibited Storage, Caching, and Database Reconstruction

The Customer must not store, persist, copy, cache, scrape, harvest, bulk download, export, or otherwise retain Delivery Zone API responses for the purpose of creating, enriching, replacing, or reconstructing any postcode database, delivery-zone database, geographic dataset, distance table, address dataset, or similar derived dataset.

The Customer may not save Delivery Zone API results into its own database or systems except for strictly limited operational logging that is necessary for debugging, fraud prevention, billing verification, security monitoring, or legal compliance. Such logs must be minimised, access-controlled, and must not be used to recreate the underlying dataset.

13. No Resale, Redistribution, or Sublicensing of API Responses

The Customer must not resell, sublicense, publish, disclose, share, redistribute, make available, or provide third-party access to Delivery Zone API responses, datasets, derived datasets, or validation outputs, whether directly or indirectly.

14. No Bulk Querying, Scraping, or Enumeration

The Customer must not use automated scripts, bots, batch jobs, systematic queries, enumeration techniques, or other methods to extract, map, infer, or reconstruct the coverage, postcode, distance, or delivery-zone data behind the Service.

15. No Derived Competing Product

The Customer must not use the Service or API responses to develop, train, improve, benchmark, or operate a competing product, data product, postcode validation service, delivery-zone validation service, logistics dataset, or similar commercial service.

16. Acceptable API Use (General)

API use is also subject to our Acceptable Use Policy. Key restrictions: no bulk scraping of postcode data; no circumventing rate limits or quotas; no exposing API key secrets in public code or repositories; no using the API to build a competing product without consent.

17. Enforcement

Delivery Zone may suspend, throttle, block, or terminate access to the Service if it reasonably suspects misuse, excessive querying, dataset reconstruction, scraping, resale, unauthorised storage, or other prohibited use. Such actions may be taken without prior notice where the suspected violation poses an immediate risk to the integrity of the Service or its underlying licensed data.

18. Contact

For API integration questions: [email protected] For security issues or key compromise: [email protected] API documentation: /docs/api