Skip to main content
Intentra

API Terms of Use

Version 1.0 — Effective February 14, 2026

These API Terms of Use ("API Terms") supplement the Terms of Service and govern your use of Intentra's REST API. By accessing or using the API, you agree to be bound by these API Terms in addition to the Terms of Service.

1. Introduction

These API Terms govern access to and use of the Intentra REST API, which enables programmatic interaction with the Intentra platform. The API allows authorized customers to query scan data, manage organizational settings, and integrate Intentra into existing workflows.

API access requires an Enterprise plan subscription. These API Terms are incorporated into and form part of your agreement with AB Foundry LLC dba Intentra.

2. API Access and Authentication

Access to the Intentra API is authenticated via API keys. The following conditions apply:

  • API keys are prefixed with "apk_" and are unique to each organization.
  • Keys are hashed using bcrypt and stored securely. Intentra does not store plaintext API keys after initial generation.
  • The Customer is solely responsible for maintaining the confidentiality of API keys and for all activities that occur using those keys.
  • API keys can be configured with expiration dates. Intentra recommends rotating keys periodically.
  • Compromised keys must be revoked immediately via the Intentra dashboard. Intentra is not liable for unauthorized access resulting from the Customer's failure to secure or revoke compromised keys.

3. Rate Limits and Usage

The following usage limits apply to API access:

  • Maximum of 10 active API keys per organization at any time.
  • Maximum of 5 new key creations per hour per organization.
  • API rate limits may apply and will be communicated via standard HTTP response headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset).
  • Intentra reserves the right to throttle or temporarily suspend API access for any organization that engages in excessive usage that degrades service quality for other customers.

4. Acceptable Use

When using the Intentra API, you agree not to:

  • Share API keys across organizations or with unauthorized third parties.
  • Attempt to circumvent rate limits through techniques such as key rotation, request distribution, or IP spoofing.
  • Use the API, or data obtained through the API, to develop, offer, or operate products or services that compete with Intentra.
  • Use the API for automated vulnerability scanning, penetration testing, or security probing of Intentra's infrastructure without prior written consent.
  • Redistribute, resell, or sublicense API access to third parties.

5. Data and Privacy

Use of the API is subject to the Intentra Privacy Policy and, where applicable, the Data Processing Agreement.

  • API requests are logged for security monitoring, debugging, and abuse prevention purposes.
  • API logs are retained for 30 days and include request metadata such as timestamps, endpoints accessed, response codes, and the originating IP address.
  • Intentra does not log request or response bodies beyond what is necessary for error diagnostics.

6. Availability and Support

  • API availability is governed by the applicable Service Level Agreement available at intentra.sh/legal/sla.
  • Changes to the API, including new endpoints, modified behaviors, and bug fixes, will be communicated with reasonable advance notice through release notes and documentation updates.
  • Deprecation of API versions will include a minimum 90-day notice period before the deprecated version is removed from service.

7. Intellectual Property

  • Intentra retains all rights, title, and interest in and to the API, including all related documentation, code, designs, and intellectual property.
  • The Customer retains all rights, title, and interest in and to their data accessed through the API. Intentra claims no ownership over Customer data.
  • No license is granted to the Customer beyond what is strictly necessary to use the API in accordance with these API Terms and the Terms of Service.

8. Termination

  • Intentra may revoke API access, including deactivating all API keys, for any organization that violates these API Terms, the Terms of Service, or the Acceptable Use policy.
  • The Customer may revoke any or all of their API keys at any time through the Intentra dashboard.
  • Upon termination or downgrade of the Enterprise plan, API access ceases immediately. Any active API keys will be deactivated and subsequent API requests will be rejected.

9. Limitation of Liability

The limitations and exclusions of liability set forth in the Terms of Service apply to use of the API. In addition:

  • Intentra is not liable for data loss, corruption, or unauthorized access resulting from the Customer's misuse of the API, including failure to secure API keys.
  • Intentra is not liable for any damages arising from temporary API unavailability due to scheduled maintenance, emergency patches, or circumstances beyond Intentra's reasonable control.
  • The API is provided "as is" and Intentra makes no warranties, express or implied, regarding the API's fitness for a particular purpose, accuracy, or uninterrupted operation.

10. Changes to API Terms

Intentra may update these API Terms from time to time. We will provide at least 30 days notice of material changes by email or through the Intentra dashboard. Continued use of the API after such notice constitutes acceptance of the revised API Terms.

Non-material changes, such as corrections to typographical errors or clarifications that do not alter the substance of these terms, may be made without prior notice.

11. Contact

For questions about these API Terms or API access, contact us at [email protected].

API Terms of Use - Intentra