Production Sign in

API terms of service

Effective 28 May 2026. This document governs your use of api.adevapro.com.au and the live ak_live_… keys. It sits on top of — and supplements, not replaces — the general Adeva Pro terms.

Privacy policy
This is the production API surface. Use of api.adevapro.com.au is governed by your existing Adeva Pro commercial agreement plus the additional terms below.

1. Scope

These terms apply to programmatic use of api.adevapro.com.au by an organisation that has signed a current Adeva Pro client agreement. In the event of conflict, the signed agreement prevails.

2. Authentication and key custody

  • You are responsible for the secrecy of your ak_live_… keys and your webhook signing secrets. If either is exposed, mint a replacement and revoke the original. We won't.
  • Adeva back-office may force-revoke any production key when we have reasonable suspicion of compromise. We will email the org administrator within 1 business day with the reason.
  • The least-privilege scope set is your friend. Don't mint :write keys for read-only integrations.

3. Rate limits

Defaults are documented at /developer/docs/auth. If your real volume routinely exceeds them, contact your account manager; raising the limit is preferable to you sharding requests across multiple keys.

4. Service availability

Targets, maintenance windows, and incident notification are defined in your master agreement. We don't reproduce them here. The /healthz probe is the canonical liveness signal.

5. Acceptable use

Programmatic use must be consistent with the product's intended purpose: raising and managing debts owned by your organisation, configuring branding and webhook delivery, and consuming lifecycle events for your own systems.

6. Prohibited use

  • Calling endpoints on debts that don't belong to your organisation, including by attempting to enumerate identifiers.
  • Bypassing rate limits, idempotency enforcement, or webhook signing.
  • Using the API to perform actions that the same operator could not perform via the client console (e.g. impersonating another organisation's administrator).
  • Anything that would violate Australian privacy law (Privacy Act 1988) in your handling of debtor data we return to you.

7. Data and privacy

Debtor data returned through /v1/* contains personal information governed by the Privacy Act 1988 (Cth) and our Privacy Policy. You must apply equivalent or stronger protections to anything you copy out of the API.

8. Webhook delivery

Adeva delivers webhook events on a best-effort basis with the documented retry schedule. We do not guarantee at-most-once. Your receiver must be idempotent and must verify the Adeva-Signature header on every delivery.

9. Termination

Termination of your master agreement immediately revokes all production keys and webhook configuration. We may suspend production API access without terminating the master agreement when necessary to prevent harm (security incidents, suspected abuse, lawful direction).

10. Contact

Production API support runs through your normal Adeva Pro support channel. Engineering escalation: engineering@adevapro.com.au.

Privacy policy applies to both surfaces and lives at www.adevapro.com.au/privacy. General Adeva Pro terms at www.adevapro.com.au/terms-of-service.