APIs are now widely used across the travel industry so it seems like they’ve been around for decades. In some industries, like finance, they have, but their use is still relatively new for travel businesses.
APIs (which stands for Application Programming Interfaces, and not Advance Passenger Information which is an entirely different thing!) are, as the name suggests, interfaces which communicate with other technologies and which effectively allow content and data to be pulled from one system to another.
In travel, that means travel providers, like airlines, hotels, cruise companies and car hire companies, can share availability and prices more easily and through different sales channels. They can also provide (more) information about ancillary products that they sell, like an offer of more leg room on a flight, or ordering meals in advance at a hotel. This might seem quite simple but was much more difficult through traditional sales channels.
For travel agents and aggregators, APIs can give them access to this extra information from a multitude of different providers allowing them to offer it all in one place and dynamically price accordingly.
For those businesses looking at the legal aspects of APIs for the first time, here are a few top tips to consider:
APIs are a form of technology but they are not software and shouldn’t be categorised (or contracted for) as such. They need their own form of agreement.
Saying that, there are a lot of similarities between a software licence and an API agreement. A customer needs to be granted a licence to use the API, and the terms of that use need to be clearly set out – who does the licence extend to, can it be sub-licensed, what does ‘use’ mean? This may be negotiated or may be in a standard form offered by the API provider.
The API will need to be ‘integrated’, meaning the interface connection will need to be made and then kept live for the data to be pulled (or pushed) through when called. There will need to be obligations on both supplier and customer to make sure the interface is made, tested, kept active and kept secure.
An API provider is unlikely to give any guarantee as to the security of a customer’s system but it should commit to not introducing malicious malware to the system. A customer may also be able to agree that certain security standards must be met.
What data is being made available, and can be called through the API, and what rights are needed to use that data? Data ‘ownership’ is a topic on its own which is not covered here but there needs to be certainty on the data that can be called down and what the customer can do with it once they have it. The API provider may not be the supplier of that data and so this question may be one for a different agreement, but it certainly needs to be covered off.
Consider what promises the API provider gives in respect of service levels or availability of the API. This will depend on whether the connection is a ‘nice to have’ for a customer or whether it is more business critical, in which case something close to 100% availability may be needed. In addition, when thinking about permitted down time, consider the time zones within which the customer and the API provider operate to ensure there is no down time just when it’s needed at the peak of a trading day.
How does payment and pricing for the API work? Is it a subscription/monthly fee arrangement, or on a per-data call basis, or on a ‘look-to-book’ ratio? Certainly on payment terms is obviously a key factor.
We have seen a myriad of different API agreements and licences and there is no one-size-fits all. The above are common themes we see throughout though and should be on the radar of anyone negotiating one of these agreements.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent. Read More
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
1 year 1 month 4 days
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*
1 year 1 month 4 days
Google Analytics sets this cookie to store and count page views.
CONSENT
2 years
YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
VISITOR_INFO1_LIVE
6 months
YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC
session
Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices
never
YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id
never
YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
__cf_bm
1 hour
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.