Published using Google Docs
CanvasCBL Developer Key Agreement
Updated automatically every 5 minutes

CanvasCBL Developer Key Agreement

Apply for a Developer Key here.

Summary

This summary serves to make the CanvasCBL Developer Key Agreement more human-readable, although you are bound by the Full Developer Key Agreement, not this summary. Please read the Full Developer Key Agreement as well as this summary.

Full Developer Key Agreement

CanvasCBL ("Us" or "We") provides the canvascbl.com API and various related services (collectively, the "API" or the “Service”, also a Developer Key, “DK”) to You, the Developer, subject to your compliance with all the terms, conditions, and notices contained or referenced herein (the "DK Agreement"), as well as any other written agreement between us and you.

In addition, when using particular services or materials on this Website, Users shall be subject to any posted rules applicable to such services or materials that may contain terms and conditions in addition to those in these Terms of Service. All such guidelines or rules are hereby incorporated by reference into these Terms of Service.

These Terms of Service are effective as of 02/02/2020. We expressly reserve the right to change these Terms of Service from time to time without notice to you. You acknowledge and agree that it is your responsibility to review this Website and these Terms of Service from time to time and to familiarize yourself with any modifications.

We reserve the sole right to either modify or discontinue the API, including any of the API’s features, at any time with or without notice to you. We will not be liable to you or any third party should we exercise such right. Any new features that augment or enhance the then-current services on this API shall also be subject to these Terms of Service.

Approval Process

If You, the Developer, want a Developer Key, you MUST fill out the form at the top of this document. No other way of applying for a DK is valid.

Requesting Data

When You request data from the API, You must request as little data as possible to fulfill Your task. You may not request more data than is needed.

All API Calls are logged.

Storing Data

You are prohibited from storing any non-profile data from the API. You are permitted to store only the data in the following list. If You are unsure about whether something may be stored, You are to contact Us before storing it.

Also, data that was somehow derived (We are to define “somehow derived”-- we recommend that You contact Us if You have any questions) from data from the CanvasCBL API may not be stored. For example, if Your application recommends YouTube videos based on grades in certain classes, You may not store recommended videos; storing that a Calculus video was recommended to a user would create an inference that the user has a low grade in Calculus.

You may store the following:

We understand that, during development, You may want to store Your own data. This is permissible, but you must:

If You are found storing any data not in the above list, Your DK will be immediately disabled and You will need to contact Us.

Data Privacy

Data Privacy is very important to Us, and it must be a priority to You. To assist you with this, we enforce some standards that must be met:

User Transparency

At all times when data from the API is shown to users, a notice must be shown to users that the data came from CanvasCBL. That message must meet all of the following standards:

An example of a compliant statement looks like this:

This data is from CanvasCBL. <Your App Name> is not affiliated or made by CanvasCBL.” Note that the entire message is clickable, and sends users to https://canvascbl.com.

Another compliant statement, provided that there are space or artistic constraints, would be the following: “Data from CanvasCBL.

An example of a non-compliant statement looks like this: “❤️CanvasCBL”. That statement is not compliant because it does not clearly state that the data is from CanvasCBL.

When redirecting users to any API URL (like the /api/oauth2/auth endpoint), You are prohibited from using anything that would obscure the URL, like a URL shortener or a proxy.

Termination of this Agreement

This agreement, at any time, for any reason, may be terminated by Us with or without notice to You.

This agreement, at any time, may be terminated by You, provided that You:

Upon termination, any OAuth2 Grants created with your DK will immediately cease to work. Your DK will also no longer able to create any new OAuth2 Grants.