Developer / API Terms
Last updated: March 28, 2026
1. API License
Sloxly grants you a limited, non-exclusive, revocable license to access our APIs for the purpose of building integrations with your applications.
2. Rate Limiting
| Endpoint | Limit | Window |
|---|---|---|
| OAuth Authorization | 100 requests | Per minute |
| Token Exchange | 60 requests | Per minute |
| User Info | 120 requests | Per minute |
| Captcha Verify | 200 requests | Per minute |
Exceeding rate limits returns HTTP 429 responses. Implement exponential backoff in your retry logic.
3. Authentication Requirements
- All API requests must include valid credentials (API key, access token, or client credentials).
- Client secrets must never be exposed in client-side JavaScript or mobile app source code.
- Use environment variables or secure vaults for credential storage.
4. Data Handling Obligations
- User data obtained via OAuth must only be used for the stated purposes in your consent screen.
- You must delete user data within 48 hours if a user revokes access to your application.
- You must not aggregate user data across multiple Sloxly users for profiling purposes.
5. Branding Requirements
- OAuth buttons must follow the Sloxly brand guidelines (available in your project branding settings).
- You must not modify or alter the Sloxly logo when used in "Continue with Sloxly" buttons.
- Your application must clearly indicate it's a third-party integration, not an official Sloxly product.
6. API Changes
We may update, modify, or deprecate APIs with 30 days notice via email to registered developers. Breaking changes will be communicated at least 60 days in advance.
7. Enforcement
Violations may result in: API key revocation, rate limit reduction, temporary suspension, or permanent account termination.