As part of the onboarding process, you will receive an onboarding package from Cova.
This package provides you with credentials required to access COVA APIs.
If you need an onboarding package, contact apisupport@covasoftware.com
In order to make authorized requests to COVA APIs, your application must first obtain an Access Token.
COVA APIs are protected by OAuth2.
Requests to the COVA APIs are limited to help to manage server load, ensuring that high API request volumes do not impact overall performance.
They also help to protect from deliberate or accidental denial of service as a result of APIs being flooded with requests.
If you run into the 429 Too Many Requests error, please contact support.
All rate limits are applied per service, not aggregated across all services.
There are three rate limit policies that are applied to the APIs.
The Authenticated Limit policy determines how many Authenticated Requests can be made during the Rate Limit Window.
Authenticated Requests are made to COVA APIs that require authentication, and include an in the HTTP Header.
To determine the per-minute limit, make an Authenticated Request to an COVA API, then check the COVA-APIM-RateLimit-Limit HTTP Header of the response.
The Anonymous Limit policy determines how many Anonymous Requests can be made during the Rate Limit Window.
Anonymous Requests are made to COVA APIs that do not require authentication.
To determine the per-minute limit, make an Anonymous Request to an COVA API, then check the COVA-APIM-RateLimit-Limit HTTP Header of the response.
The Rate Limit Window policy determines when the current rate limit will be reset.
The default window is 60 seconds
Responses from the COVA API’s may have the following headers
If the rate limit is exceeded, the response will be 429 Too Many Requests and the service will not be able to make further requests until the quota resets.
>HTTP/1.1 429 Too Many Requests
Content-Type: application/json
COVA-APIM-RateLimit-Limit: 1000
COVA-APIM-RateLimit-Retry-After: 41
rate limit exceeded
Most COVA APIs support application/json response formats depending on the type of request. Documentation for each individual API will explicitly state which response formats are supported.
When sending an API request, you can select the format to return by defining the value in the HTTP Accept header, using the syntax Accept: {ResponseFormat}.
Example
>Accept: application/json
The API version is shown in the endpoint’s URL (e.g. /v1). Newer API versions will be highlighted in their respective API reference documentation.
Should there be a breaking change to an existing API, COVA will trigger a release of a newer version and notify stakeholders. Please take note that not all API versions will be backward compatible.
Terms of Use
Last updated: June 30, 2022
Please read these terms carefully before using the Cova Platform made available by Retail Innovation Labs Inc. dba “Cova Software” (if you are located in Canada) or by Retail Innovation Labs, LLC (if you are located outside of Canada) (“we”, “us”, “our”, or “Cova”).
These terms of use (“Terms”) are between you (“you”) (the developer/user, and/or the organization you represent—being a Cova Subscriber, Partner, or an entity interested in receiving Cova services) and us.
1. Acceptance of Terms
We invite you to review, download and use our tools and documentation provided by us or as may be otherwise provided to you to access the Cova Platform. This invitation is subject to your review and agreement with these Terms and, if applicable, your payment of fees (“Fees”) to Cova. Your use of the Cova Platform constitutes acceptance of these Terms. If you are using the Cova Platform on behalf of an organization, you represent and warrant that you have authority to bind the organization and agree to these Terms on behalf of the organization.
2. Definitions
· Access Credentials means the necessary keys, client secrets, client IDs, usernames, passwords, tokens and other identifiers required to access the Cova Platform.
· API Endpoint means an address, URI (Uniform Resource Identifier) where a resource or Cova Platform can be accessed by an Application.
· API means a Cova application programming interface.
· Application means any application, product, integration, website or service you license from a third party or integrate to or create using the Cova Platform.
· Cova Marks means Cova®, and Cova’s other product, service, and Cova Platform names, trademarks, marks, branding, and logos made available for use in connection with the Cova Platform.
· Cova Platform means Cova’s APIs and any accompanying or related documentation, source code, executable applications, and other materials created or licensed by Cova and described in the provided documentation.
· Data means the data that you access, use, process, and/or transmit through your use of the Cova Platform.
3. Intellectual Property
Except as otherwise indicated herein, we and/or our licensors reserve all rights, title and interest in and to all intellectual property rights (including all patent, trademark, copyright, trade secret, and other proprietary rights) subsisting in the Cova Marks, the Cova Platform (including its documentation and specifications), and all other Cova technology or services.
Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, non-sub-licensable, revocable right (“Licence”) to access and utilize the Cova Platform. This right shall include the right to (a) access, transmit and store Data available via APIs, as well as to aggregate Data with your proprietary information and third party information, to the extent necessary to format and display it through the Application; and (c) retain, use and display any included Cova Mark to identify that the Data originates from the Cova Platform (subject to such use and display being subject to review by Cova, and you agreeing to modify any such use and display in accordance with instructions from Cova).
4. Disclaimer of Warranty and Liabilities
The Cova Platform is provided “as-is”, exclusive of any warranty whatsoever. We disclaim all implied warranties, including any implied warranties of merchantability and fitness for a particular purpose. In no event shall we have any liability hereunder to you for any damages whatsoever, including but not limited to direct, indirect, special, incidental, punitive, or consequential damages, or damages based on lost profits, Data or use, however caused and, whether in contract, tort or under any other theory of liability, whether or not you have been advised of the possibility of such damages.
5. Other Agreements
If you are or become a licensed user of Cova software or services, either as a subscriber (“Subscriber”) or partner (“Partner”) and you have existing agreement(s) (“ Existing Agreements ”) in place with Cova, these Terms shall supplement the Existing Agreements.
In the event of any conflict between these Terms and the Existing Agreements, the Existing Agreements will take precedence to the extent of such conflict.
6. Restrictions on Use
· You must comply with all applicable laws and regulations in the jurisdiction(s) where you are located, accessing and using the Cova Platform.
· You must comply with any documentation or instructions we provide to you as well as the API policies (“API Policies”) that are attached as Attachment 1 to these Terms.
· You will not use the Cova Platform in any manner to compete with Cova or try to copy our products without permission.
· You may not sell, transfer, sub-license or otherwise disclose your account or Access Credentials to any other party or use it for any other purpose except in connection with your Application.
· You may only access your account with the Access Credentials provided by Cova.
· Your Application must embed Access Credentials, including within all updates and revisions, in a secure manner not accessible by third parties.
· You shall not, under any circumstances, through your Application or otherwise, repackage or resell the Cova Platform, API(s) or any information that is proprietary to Cova.
· You are not permitted to use the APIs or any Data in any manner that does or could potentially undermine the security of the Cova Platform, or the Data stored or transmitted by the Cova Platform.
· You shall not, and shall not attempt to:
o interfere with, modify or disable any features, functionality or security controls of the Cova Platform;
o avoid, bypass, remove, deactivate or otherwise circumvent any protection mechanisms for the Cova Platform;
o reverse engineer, decompile, disassemble or derive source code, underlying ideas, algorithms, structure or organizational form from the Cova Platform.
· Your Application must not substantially replicate products or services offered by Cova or use or access the Cova Platform to monitor the availability, performance, or functionality of any of the services Cova offers in comparison to third-party software products or services or for any similar benchmarking purposes.
· You will be solely responsible for:
(i) the content, development, support, maintenance, technical installation and operation of Applications;
(ii) creating and displaying information and content on, through, or within Applications;
(iii) ensuring that Applications and the use thereof do not violate or infringe the proprietary rights, including intellectual property rights, of any third party;
(iv) ensuring that Applications are not and your use of the Cova Platform is not offensive, profane, obscene, libelous or otherwise illegal;
(v) ensuring that Applications do not contain or introduce malicious software into the Cova Platform, any Data or other Data stored or transmitted by the Cova Platform;
(vi) ensuring that Applications are not designed to or utilized for “spamming” any Cova Subscribers or Partners; and
(vii) complying with all applicable local, state, provincial, national and international laws and regulations, including, without limitation, all applicable export control laws, and maintaining all licences, permits and other permissions necessary to exercise your licensed rights hereunder.
· You will not interfere or engage in any conduct that would otherwise have the effect of interfering, in any manner, with the business relationship between Cova and any of its customers, including, but not limited to, urging or inducing, or attempting to urge or induce, any customer to terminate its relationship with Cova or to cancel, withdraw, reduce, limit, or modify in any manner its business relationship with Cova .
· You shall not, without Cova’s prior written consent, directly or indirectly, solicit or recruit for employment; hire; attempt to solicit or recruit for employment; attempt to hire; or accept as an employee, consultant, contractor, or otherwise, any employee of Cova, or urge, encourage, induce, or attempt to urge, encourage, or induce any Cova employee to terminate their employment with Cova.
7. Comments and Feedback
You hereby grant Cova and its affiliates a royalty-free, worldwide, transferable, sub-licensable (through multiple tiers of distribution), irrevocable and perpetual licence to incorporate into the Cova Platform, or any of the other products or services offered by Cova and its affiliates, or otherwise use any suggestions, enhancement requests, recommendations or other feedback (“Feedback”) Cova receives from you without any further permissions or notifications to you. You represent and warrant that (i) you either are the sole and exclusive owner of all Feedback or that you have all rights, licences, consents and releases necessary to grant us the foregoing licence; and (ii) neither the Feedback, nor the uploading, publishing or posting of Feedback, nor our use of Feedback will infringe, misappropriate or violate a third party’s intellectual property or proprietary rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation.
8. Indemnity
You shall indemnify and hold Cova, its affiliates, and their respective directors, employees, agents, representatives, shareholders, successors, and permitted assigns harmless against from and against all damages, losses, and expenses of any kind (including reasonable legal fees and costs) arising out of your violation of this Agreement, use or misuse of the Cova Platform, or breach of the representations, warranties, and covenants made by you. We reserve the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate with our defense of these claims. We will use reasonable efforts to notify you of any such claim, action, or proceeding upon becoming aware of it.
9. Monitoring Usage
· You agree that Cova may monitor your use of, and collect usage data related to the Cova Platform to ensure quality and verify your compliance with these Terms.
· You agree not to block or interfere with such efforts and to provide us with reasonable access to information related to your compliance with these Terms.
· Upon request, you shall provide proof that your Applications and any content within your Applications are properly licensed.
10. Enforcement of Terms
We may enforce these Terms without notice if we determine you are violating these Terms, either you or we suffer a security breach, your Application is negatively impacting the Cova Platform, or you are in violation of any payment terms you have with Cova.
Enforcement may include any action we deem appropriate, including but not limited to:
· Revoking Access Credentials;
· Disabling Applications;
· Restricting access to the Cova Platform;
· Requiring you to delete Data;
· Terminating the Licence, these Terms, and/or any other existing agreements between you and Cova; and
· Using any technical means to overcome any interference.
11. Data Use and Protection
· To the extent an Application transmits Data outside the Cova Platform, you represent and warrant that you have notified all users of such Application or the relevant individuals whose personally identified information is included in the Data (as applicable) that their Data will be transmitted outside the Cova Platform and that Cova is not responsible for the privacy, security or integrity of such Data.
· You represent and warrant that to the extent an Application stores, processes, or transmits Data, neither you nor the Application will, without appropriate prior user consent or except to the extent required by applicable law; (i) modify the content of Data in a manner that adversely affects the integrity of Data; (ii) disclose Data to any third party; or (iii) use Data for any purpose other than providing the Application functionality to users of such Application.
· You shall maintain and handle all Data in accordance with all applicable privacy laws and regulations and all privacy and security measures reasonably adequate to preserve the confidentiality and security of all Data.
· You may be able to enter test Data and create content in a demo environment for the purposes of testing you r integration . All such Data and content must not contain any personally identifiable information; and it must have a realistic product name, image, and price, or it must be immediately deleted after its use.
12. Support
You are solely responsible for providing all support and technical assistance to Application end-users. You acknowledge and agree that Cova has no obligation to provide support or technical assistance to Application users and you shall not represent to any such users that Cova is available to provide such support. You agree to use commercially reasonable efforts to provide reasonable support to Application users.
13. Privacy
Except when necessary to enhance the performance of your App and its functionality, you shall not cache any content retrieved from the Cova Platform.
14. Modification
· We reserve the right to modify the the Cova Platform and to release subsequent versions of the Cova Platform with Non-Breaking Changes * at any time without notice to you. If Cova makes a change to the Cova Platform that Cova is aware is a Breaking Change* ( * as defined in the API Policies) AND you have an Existing Agreement, you will be given written notice of such change.
· You may be required to use the most recent version of the Cova Platform for an Application to function.
· We reserve the right to modify these Terms at any time. Cova will provide you written notice of such modification if you have an Existing Agreement which may be sent by mail or email to an authorized representative of your company.
· Your continued use of the Cova Platform will signify your acceptance of modifications to the API Policies and Terms.
15. Termination
We may terminate these Terms by notifying you or by terminating your ability to access l and/or use the Cova Platform. You may terminate these Terms by notifying us and ceasing use of the Cova Platform.
16. General
If you are in the US, these Terms will be governed by and construed in accordance with the laws of the State of Delaware. If you are in Canada, these Terms will be governed by and construed in accordance with the laws of the Province of British Columbia and Canada.
ATTACHMENT 1 – API POLICIES
Access
To access and use the Cova Platform and APIs, you (the developer/user, Subscriber, Partner, and/or the organization, Subscriber or Partner you represent) must obtain Access Credentials from Cova.
Access Credentials are the necessary keys, client secrets, client IDs, usernames, passwords, tokens and other identifiers required to access the Cova Platform.
Access Credentials will enable Cova to associate your API activity and may be used for metering API usage and billing as applicable. All activities that occur using your Access Credentials are your responsibility regardless of whether such activities are undertaken by you or a third party on your behalf. Keep them secret. Do not sell, transfer, sublicense or otherwise disclose them.
You agree to notify Cova immediately if you believe that your Access Credentials have been compromised. Our responsibility as an API provider is to revoke access associated with those credentials within a reasonable timeframe once notified.
Cova reserves the right to revoke Access Credentials if you fail to comply with the Terms, any Existing Agreement, or these policies.
You may only access the API in the way set out in our instructions, and you are not entitled to gain unauthorized access to, disturb or deactivate the API. You furthermore undertake not to introduce viruses, worms, Trojan horses or other forms of malware in the API. Your Access Credentials will be provided to you in an onboarding package supplied to you from Cova. Please note that these credentials are provided in plain-text by email from Cova to you, it is your responsibility to ensure the representatives of your organization receiving this onboarding package have the necessary authority to access these Access Credentials and that they have read and understood the obligations associated with them as per the Terms and these policies.
Test Content
Any test content and test products created by you in either the demo company “Cova Café” or “Cova Canada” must fulfill the following product criteria:
• Realistic Product Image
• Existing Product Name
• Price must be non-empty
• Inventory must be non-empty
If product does not fulfill criteria above, it must be archived within 48 hours upon creation. Both “Cova Café” and “Cova Canada” are used for sales pitch demos, therefore the catalog must not contain incomplete test data
Onboarding
Cova offers the following onboarding services to a Cova Platform user:
· API access provisioning
· Onboarding package delivery
· API documentation review
· Ongoing support throughout the implementation process
Cova does not provide project management, development or quality assurance services to a Subscriber as part of the standard onboarding package.
Usage Limitation
You will respect and comply with the technical and policy-implemented limitations of the Cova Platform in designing and implementing Applications. You shall not violate or attempt to circumvent any explicit rate limitations on calling or otherwise utilizing the Cova Platform.
Cova may use technical means to prevent over usage and/or stop usage of the Cova Platform if an Application exceeds such limitations. Cova reserves the right to change such technical and policy-implemented limitations, and if you have an Existing Agreement, Cova will provide you notice of such change.
Versioning
Cova guarantees that Breaking Changes to an existing API will trigger a release of a new version. We do not commit to backward compatibility across API versions.
Cova reserves the right to make Non-Breaking backward compatible changes to an API without prior notification to you and does not take any responsibility for breaking any existing Application.
Cova is not responsible for inadvertent Breaking Changes – that is, if you use the APIs in a non-documented way and we make a change that breaks your integration, that is not our responsibility.
The API version shows in the URLs of the endpoints; for example, /v1.
Non-Breaking Changes
“ Non-Breaking Changes ” include but are not limited to:
· Addition of new functionality to an API
o New API endpoints
o New methods for existing endpoints
o Support for new media types
o New properties in API responses
· Changes to the order of items in an API response
· Changes to data types that do not cause data loss
· Changes to currently undocumented APIs
· Changes that do not change the core functionality of such API
Breaking Changes
“ Breaking Changes ” include but are not limited to:
· Removal of existing functionality
o Resources, properties of resources, headers, media type support, etc.
· Updates to existing API functionality
o URIs, resource structure and property names, expected error codes, etc.
· Changes that do change the core functionality of such API
Deprecation
Cova reserves the right to, based on our reasonable assessment and providing notice to you, permanently or temporarily discontinue any API in part or entirety.
Data Caching and Retention
You may cache data received using the API to improve an Application and/or a user’s experience thereof, but you should try to keep the data up to date.
Cova is not liable for any issues that may occur with Applications caused by inappropriately implemented caching policies. You have the sole responsibility to ensure that your data is current and accurate enough to meet your needs. Cova accepts no liability in this regard. We recommend that you do not cache any data for more than 30 days as a caching best practice.
Cova may publish specific caching policies to our Developer Portal from time to time that you must comply with as per requested.
Billing
APIs may have usage monitoring enabled and, if applicable, we may bill based on the volume of API calls. Therefore, it is important to decide how to treat API calls that fail and how that affects billing.
An API call can fail for one of three reasons:
1. The API client does something wrong
2. A Cova API does something wrong
3. A combination of the API client and Cova API results in a failed call
The general billing principle is that when an API receives an API call, then it is recorded as a legitimate call. All legitimate API calls are billable unless that call fails for the reason that does not involve the client and instead involves something on the provider side.
If an API call fails at any point after being received due to a client-side problem, like a syntax or authentication error, then it is billable.
However, if a call fails because of a provider-side problem, then the liability is on Cova, and it is not billable. This policy does not apply to malicious or intentionally harmful API usage.
API calls where a client has disconnected before the server can respond are billable. Note that when a client has disconnected, there is no delivery mechanism for the HTTP status code, but Cova has the means to identify these requests.
This policy is implemented by billing logic that is based on HTTP status codes.
For RESTful APIs, the relevant status codes are as follows:
· 2xx status codes indicate that a client API request was received, understood, accepted and processed successfully. These calls are billable.
· 3xx status codes indicate that a client API request has been received, understood, accepted and redirected to another resource. For example, a client makes a call to our API to acquire a digital asset and we redirect them straight to Microsoft Azure Blob Storage. These calls are billable.
· 4xx status codes indicate that a client API request was received but not able to be processed because the client seems to have made an error. These calls are billable.
· 5xx status codes indicate that a client API request was received but that the server is aware that an error occurred or the server is otherwise incapable of performing the request. These calls are not billable.
For SOAP APIs, the relevant status codes are as follows:
· 2xx status codes indicate that a client API request was received, understood, accepted and processed successfully. These calls are billable.
· 5xx status codes generally indicate that a client API request was received but the request contained some sort of client error. These calls are billable.
· Calls with 5xx status codes that result from a Cova server error or outage are not billable.
Termination
Cova will revoke Access Credentials if your access is terminated.
Data owned by you that has been acquired via API before termination and potentially cached by an Application will not be affected if it complies with data caching and retention policy.
Data owned by Cova that has been acquired via API before termination and potentially cached by an Application must be deleted upon access being terminated.
Documentation
For securing and maintaining the availability and quality of the Cova Platform and the API content, you must adhere to instructions outlined in technical documentation we provide to you from time to time.