API Terms of Use

These API Terms of Use ("API Terms") govern your programmatic access to the HexaClaw Cloud API Platform. These API Terms supplement, and are incorporated into, the Terms of Service. In the event of a conflict between these API Terms and the Terms of Service, these API Terms control with respect to API access.

By using a HexaClaw API Key to make requests to the Cloud API Platform, you agree to these API Terms.

Access to the Cloud API Platform requires a valid API Key. You agree to:

• Keep your API Keys confidential and not share them publicly (e.g., in client-side code, public repositories, or documentation)
• Rotate or revoke compromised API Keys immediately via the dashboard or CLI
• Not embed API Keys in client-side applications, mobile apps, or any environment accessible to end users
• Use server-side proxying when integrating HexaClaw into user-facing applications
• Not share, sell, or transfer API Keys to third parties outside your organization

HexaClaw may revoke API Keys that are found to be compromised, shared publicly, or used in violation of these API Terms, with or without prior notice.

The Cloud API Platform enforces rate limits and daily quotas per subscription tier to ensure fair access. Current limits are:

Rate-limited requests receive an HTTP 429 response with a Retry-After header. You must implement backoff logic and respect rate limit headers. Automated retry without backoff may result in temporary suspension.

We reserve the right to adjust rate limits with at least 14 days' notice. Enterprise customers may negotiate custom rate limits.

All API requests consume Credits based on the service and usage volume:

• LLM completions: Billed per million tokens (input and output priced separately per model)
• Embeddings: Billed per million tokens
• Web search: 1 Credit per query
• Image generation: 1-6 Credits per image depending on quality tier
• TTS: 1-2 Credits per 1,000 characters
• STT: 1 Credit per minute of audio
• Browser automation: 2 Credits per minute of session time
• Vector upsert: 1 Credit per 1,000 vectors
• Vector query: Free
• Guardian scan: 1 Credit per scan

Credit costs for specific models are published on our pricing page and in the /v1/models endpoint response. Prices may change with 14 days' notice.

If your Credit balance reaches zero during a request, the request will complete but subsequent requests will be rejected with HTTP 402 until Credits are replenished.

We target high availability for the Cloud API Platform but do not guarantee specific uptime percentages outside of Enterprise agreements. The following apply:

• The Cloud API Platform depends on Third-Party Provider availability. If a provider experiences an outage, requests to that provider's models will fail regardless of HexaClaw infrastructure status.
• We implement circuit breakers and automatic failover where possible, but cannot guarantee uninterrupted service for any specific model or provider.
• Planned maintenance windows will be announced at least 48 hours in advance via email and our status page.
• Credits are not deducted for failed requests (HTTP 5xx from HexaClaw infrastructure). Credits may still be deducted if the Third-Party Provider processed the request before returning an error.

Enterprise customers may negotiate a Service Level Agreement (SLA) with defined uptime targets and credit remedies. Contact hello@hexaclaw.com for details.

The Cloud API Platform uses the /v1/ prefix for the current stable API version. When breaking changes are introduced:

• A new version prefix (e.g., /v2/) will be introduced
• The previous version will remain available for at least 6 months after the new version is released
• Deprecation notices will be sent via email and returned in API response headers (Deprecation and Sunset headers)

Non-breaking changes (new optional fields, new models, new endpoints) may be added to the current version without a version bump.

Individual AI models may be deprecated by their respective Third-Party Providers. When a model is deprecated, we will provide at least 30 days' notice and suggest alternative models.

For full details on data handling, see our Privacy Policy. Key points for API users:

• Request content (prompts, images, audio) passes through our proxy but is not stored or logged by HexaClaw
• Response content (completions, generated images, transcriptions) is streamed through our proxy but is not stored or logged by HexaClaw
• Billing metadata (model, token counts, timestamps, request IDs) is stored in your credit ledger for billing and usage reporting
• Third-Party Providers process your request content according to their own data retention policies. Most providers do not train on API-submitted data by default, but you should review each provider's data use policy.
• Vector storage data (via /remember) is stored persistently until you delete it or your account is terminated

When using your own Third-Party Provider API keys through the BYOK feature:

• A platform fee of 5% of the equivalent Credit cost applies (minimum 1 Credit per request)
• Your API keys are transmitted to the provider over TLS but are never stored on HexaClaw servers
• You are directly bound by your Third-Party Provider's terms for usage through your own keys
• HexaClaw is not responsible for charges incurred on your Third-Party Provider account
• BYOK requests still count toward your HexaClaw rate limits and are subject to Guardian scanning if enabled

In addition to the prohibitions in our Acceptable Use Policy, the following are specifically prohibited when using the API:

• Sending requests at a rate designed to overwhelm or stress-test the platform
• Using the API to build a competing API proxy, aggregator, or routing service
• Scraping or systematically extracting model pricing, availability, or capability information for competitive purposes
• Submitting content that you know violates a Third-Party Provider's acceptable use policy
• Using browser automation sessions for credential stuffing, automated account creation, or attacks against third-party services
• Misrepresenting AI-generated content as human-authored in contexts where such disclosure is legally required

You are expected to implement proper error handling:

• Implement exponential backoff with jitter for retries on 429 and 5xx responses
• Respect Retry-After headers when present
• Do not retry 4xx errors (except 429) as they indicate client-side issues
• Implement timeouts appropriate to your use case (LLM streaming may take 30-120 seconds for long completions)

We may suspend or terminate your API access immediately and without notice if:

• You violate these API Terms or the Terms of Service
• Your account has a negative credit balance or unpaid invoices
• We detect activity that threatens the security or stability of the platform
• Required by law or a Third-Party Provider

Upon termination, all API Keys associated with your account are immediately revoked.