Milenial/Legal/Integration Agreement
Milenial Legal

Integration Agreement

Governs API access, webhooks, rate limits, and third-party integrations.

Updated 12/3/2025v1

Document ID: IA-2024-001 · Effective Date: December 3, 2025 · Version: 1.0

1. Purpose and Scope

This Integration Agreement ("Agreement") governs the use of Milenial Compliance Platform APIs, webhooks, and third-party integrations. By accessing our APIs or enabling integrations, you agree to these terms.

2. API Access and Authentication

2.1 API Credentials

  • API keys are confidential and must not be shared
  • Each integration requires unique credentials
  • Keys must be rotated every 90 days for production environments
  • Compromised keys must be reported immediately

2.2 Authentication Methods

  • OAuth 2.0: Recommended for user-authorized integrations
  • API Keys: For server-to-server communications
  • JWT Tokens: For session-based authentication

3. Rate Limiting and Usage Quotas

3.1 Standard Rate Limits

TierRequests/MinuteRequests/DayBurst Limit
Free601,00010
Pro30050,00050
Enterprise1,000500,000200
Government2,0001,000,000500

3.2 Rate Limit Headers

All API responses include:

  • X-RateLimit-Limit: Maximum requests allowed
  • X-RateLimit-Remaining: Requests remaining
  • X-RateLimit-Reset: Time until limit resets

3.3 Exceeding Limits

HTTP 429 returned when limits exceeded. Implement exponential backoff for retries.

4. Data Exchange Responsibilities

4.1 Data Formats

  • Request/Response: JSON (application/json)
  • File Uploads: Multipart form-data
  • Bulk Operations: NDJSON or CSV
  • Character Encoding: UTF-8

4.2 Data Security

  • All API traffic must use HTTPS/TLS 1.2+
  • Sensitive data encrypted in transit and at rest
  • PII handling per Privacy Policy requirements
  • Data minimization principles apply

5. Webhooks and Event Notifications

5.1 Webhook Configuration

  • HTTPS endpoints required (no HTTP)
  • Signature verification mandatory
  • Retry logic: 3 attempts with exponential backoff
  • Failed webhooks logged for 7 days

5.2 Event Types

  • compliance.check.completed
  • document.uploaded
  • audit.report.generated
  • user.onboarding.completed
  • subscription.changed

5.3 Webhook Security

  • HMAC-SHA256 signature in X-Milenial-Signature header
  • Timestamp validation within 5-minute window
  • IP allowlisting available for enterprise

6. Change Management

6.1 API Versioning

  • Semantic versioning (v1, v2, etc.)
  • Major versions supported for minimum 24 months
  • Breaking changes only in major versions

6.2 Change Notifications

  • 90 days notice for breaking changes
  • 30 days notice for deprecations
  • Email notifications for registered developers

7. Intellectual Property

7.1 Restrictions

  • No reverse engineering of APIs
  • No circumventing rate limits or security
  • No reselling API access
  • No competing services using our APIs

8. Liability and Indemnification

API provided "as is" without warranty. You indemnify Milenial against claims arising from your integration, including data breaches and compliance violations.

9. Termination

Either party may terminate with 30 days written notice. Immediate termination for material breach or security incidents.

10. Contact

API Support: tech@milenialinc.com

← Back to Legal