Developer terms for use of BNZ’s sandbox APIs

1. General
2. Fees for using the Sandbox APIs
3. API Client submission and approval process
4. Access, currency, reporting and audit requirements
5. Your information and feedback you provide us
6. Your obligations when using the Sandbox APIs
7. Your API Client
8. Content
9. Branding requirements
10. Suspension and Termination
11. Liability for the Sandbox APIs
12. Confidentiality
13. Other provisions

1. General

1.1 These terms and conditions govern your use of Bank of New Zealand’s (NZBN 9429039342188) (‘BNZ’, ‘us’, ‘our’, ‘we’) application programming interfaces, other developer services and associated software (collectively, ‘Sandbox APIs’) made available to you by BNZ. Subject to your compliance with these terms, you may use the Sandbox APIs only in our sandbox environment to test and develop your software programs (‘API Client’) for non-production uses. Where the terms below refer to you accessing or using our Sandbox APIs, that reference shall be deemed also to include a reference to accessing our sandbox environment.

1.2 By accessing or using the Sandbox APIs, you are agreeing to the terms above and below, which form a contract between you and BNZ. Collectively, we refer to the terms above and below and any applicable BNZ policies and guidelines as the “Terms”. You must comply with all of the Terms. If you are agreeing to these Terms not as an individual but on behalf of your organisation (e.g. a company), then “you” means your organisation and you are binding your organisation to these Terms.

1.3 Nothing under or in connection with the Terms or your access to or use of our Sandbox APIs shall constitute an offer or agreement that you will be granted access to our Sandbox APIs for production purposes. Production uses of our APIs will be subject to you first passing BNZ’s requirements, which shall include (without limitation) information security and data use requirements, as well you as entering a separate contract with BNZ.

2. Fees for using the Sandbox APIs

2.1 We do not currently charge a fee for using the Sandbox APIs. We may, however, introduce a fee in the future. If we do so, we will comply with the change control process set out in clause 13.1 (Modifications to the Sandbox APIs and to the Terms).

3. API Client submission and approval process

3.1 In order to access the Sandbox APIs you will be required to submit an application providing certain information (such as name, contact details, company details, intended uses of the Sandbox APIs). By submitting your application, you represent and warrant to us that your API Client, and your intended uses of the Sandbox APIs, comply with these Terms. You agree to cooperate with us and provide all reasonable assistance required by us in our review of your submission (which may include making yourself reasonably available for meetings with us via telephone or in person).

3.2 To accelerate the application process, we may provide you with temporary access to our Sandbox APIs while we carry out our review of your application.

3.3 You acknowledge and agree that we may in our sole discretion:

  • determine that your use of the Sandbox APIs or your API Client does not meet these Terms;
  • refuse to provide you with access to the Sandbox APIs in connection with your API Client;
  • withdraw your access to the Sandbox APIs in connection with your API Client at any time; or
  • approve your use of the Sandbox APIs and your API Client.

We will notify you if your application is accepted, accepted subject to the completion of our review of your application, or rejected. We may, but are not required to, provide reasons for our decision.

3.4 The development of your API Client and the performance of your obligations under these Terms are at your sole cost and expense.

4. Access, currency, reporting and audit requirements

4.1 You are responsible for maintaining up-to-date and accurate information with us (including a current e-mail address and other required contact information).

4.2 We may require you to submit information to authenticate your identity or to renew your registration with us.

4.3 Upon a request from us at any time, you must submit such other information as we may require.

4.4 You must provide us with a written progress report on the development of your API Client upon a request from us, which we shall request no more than once per calendar month. Your report must contain the information that we reasonably request

5. Your information and feedback you provide us

5.1 BNZ may collect information about your use of the Sandbox APIs. You agree to BNZ collecting and using this information, and any other information you provide to us, for the purposes of carrying out our business, internal or external. This includes, without limitation, providing enhancements to the Sandbox APIs, or any other use as set out in any relevant BNZ privacy notice or product terms.

5.2 BNZ would also like your feedback on the Sandbox APIs. You agree that BNZ may use, profit from, disclose, publish, or otherwise exploit any feedback you provide. BNZ may use your feedback to modify the Sandbox APIs at our discretion.

6. Your obligations when using the Sandbox APIs

Commercial use prohibited

6.1 You shall not use the Sandbox APIs for commercial use. You shall not provide access to our Sandbox APIs to any user that is external to your organisation without BNZ’s prior written consent.

Prohibited use of the APIs

6.2 You must not, and you must ensure that users of your API Client (‘Users’) do not, use the APIs, or your API Client, to:

  • contravene any applicable law, regulation, or third party rights (including without limitation, any third party intellectual property rights);
  • encourage or promote illegal activity;
  • falsely imply that it is associated with BNZ or a BNZ group member (except as otherwise permitted by the Branding requirements set out in clause 9 below);
  • interfere with, damage, impede, disrupt or adversely impact the APIs or our servers, systems or networks providing the APIs, or any of our data or confidential information;
  • transmit any viruses, worms, defects, trojan horses, malware or any code of a destructive manner;
  • provide a service where the use or failure of the API Client could lead to death, personal injury, or environmental damage; or
  • reverse engineer or attempt to extract the source code from the APIs, except to the extent that this restriction is expressly prohibited by applicable law.

6.3 You must not, and you must ensure that your Users do not, use the APIs in connection with an API Client that:

  • undermines or impairs or damages the reputation of a BNZ group member (as determined by us in our absolute discretion);
  • contains unlawful, offensive, threatening, defamatory, pornographic, obscene or otherwise objectionable content or information; or
  • uploads, posts, hosts, or transmits unsolicited email, SMSs, or "spam" messages.

 API use must comply with any documentation issued by BNZ

6.4 You will only access (or attempt to access) the Sandbox APIs:

  • by the means described in the documentation for each Sandbox API; and
  • in accordance with any use case submitted by you and approved by us during the application process (and as varied after the application process with our written approval).

Sandbox request limitations

6.5 We may set and enforce limits on your use of the Sandbox APIs (e.g. limiting the number of API requests that you may make or the number of Users you may serve), at any time. You must not attempt to circumvent such limitations, and you agree to use each of the Sandbox APIs for reasonable volumes that are not excessive or abusive.

6.6 If you would like to use any Sandbox API beyond these limits, you must obtain BNZ's prior express written consent. BNZ may decline such a request or set conditions on your use, or include additional terms for that use. To seek such approval, contact the relevant BNZ API team for information. If you do not agree to any conditions we impose, you must discontinue your use of that API in the sandbox.

Open source software

6.7 Some of the software required by or included in the Sandbox APIs may be offered under an open source license. Open source software licenses constitute separate written agreements. For certain Sandbox APIs, open source software may be listed in the documentation. To the limited extent that any open source software license expressly supersedes the Terms, the open source license instead sets forth your agreement with BNZ for the applicable open source software.

BNZ’s right to compete with the API Clients

6.8 Your use of the API sandbox is non-exclusive. You acknowledge that BNZ and other developers may develop products or services that may compete with or provide similar functionality to your API Client.

Security and cyber fraud prevention

6.9 You must:

  • on becoming aware of any event which has compromised or may have comprised the security or integrity of the Sandbox APIs or our servers, systems or networks providing the Sandbox APIs, or any of our data or confidential information, or your password, API key or access details (“Security Risk”):
    • immediately notify BNZ of the Security Risk and provide such details as BNZ reasonably requires in order to respond to the Security Risk (including by promptly providing BNZ with system logs in your possession or control); and
    • provide all assistance reasonably requested by BNZ to respond to and protect against or prevent the occurrence of the Security Risk (including, without limitation, by taking measures to prevent the installation of your API Client on devices that have had their inbuilt security controls compromised (i.e. jailbroken devices)).
      Note that events which are in scope for attacking customer account credentials/authentication include phishing sites, malware attacks, especially trojans, or other means of criminal compromise of user data.
  • take reasonable care in the use of your password, API key and access details. For example, you must not disclose your password and/or your API key to any other person;
  • ensure that your API Client is developed in accordance with and addresses the risks described in, the OWASP Top 10 – 2017 rc1 (“The Ten Most Critical Web Application Security Risks”); and
  • provide to BNZ a security attestation in the form and at such frequency as we may require from time to time.

7. Your API Client

7.1 You are solely and entirely responsible for your API Client (including but not limited to any actions taken and/or any claims made by others related to your API Client), including but not limited to your API Client’s development, operation, maintenance, compliance with all laws and regulations, and all materials that appear on or within your API Client. Without limiting the foregoing, you are responsible for:

  • ensuring that you notify Users of how you handle and manage personal information you collect in connection with your API Client;
  • ensuring that you protect personal information you receive from unauthorised use, disclosure or access by third parties; and
  • any creating and posting, and ensuring the accuracy, quality, integrity, legality, reliability, completeness, and appropriateness of information posted on or in connection with your API Client.

8. Content

Ownership of API Client and content

8.1 We do not acquire ownership in your API Client, and by using the Sandbox APIs, you do not acquire ownership of any rights in the Sandbox APIs or the content that is accessed through the Sandbox APIs (‘API Content’).

8.2 You grant to us a paid-up, royalty-free, non-exclusive, worldwide, irrevocable, license to use, perform, and display your API Client and its content for our internal testing purposes (including security testing) and any other purpose for which we have your prior written consent.

Content in Sandbox APIs

8.3 API Content may be subject to intellectual property rights, and, if so, you may not use it unless you are licensed to do so by the owner of that content or are otherwise permitted by law. Your access to the API Content may be restricted, limited, or filtered in accordance with applicable law, regulation, and policy.

8.4 Any API Content from third parties is the sole responsibility of the person that makes it available.

Submission of content

8.5 Some of the Sandbox APIs may allow the submission of content. BNZ does not acquire any ownership of any intellectual property rights in the content that you submit to the Sandbox APIs through your API Client, except as expressly provided in the Terms. For the sole purpose of enabling BNZ to provide, secure, and improve the Sandbox APIs (and the related service(s)) and only in accordance with the applicable BNZ privacy policy, you grant BNZ a perpetual, irrevocable, worldwide, sublicensable, royalty-free, and non-exclusive license to Use content submitted, posted, or displayed to or from the Sandbox APIs through your API Client. “Use” means use, host, store, modify, communicate, and publish.

8.6 Before you submit any content to the APIs through your API Client, you must take reasonable steps to ensure that you have the necessary rights (including the necessary rights from your Users) to grant us the licence.

Prohibited use of content

8.7 Unless expressly permitted by applicable law, you must not, and must take reasonable steps to ensure that your Users and others acting on your behalf do not, do the following with the API Content:

  • scrape, build databases, or otherwise create permanent copies of such content, or keep cached copies longer than permitted by the cache header;
  • copy, translate, modify, create a derivative work of, sell, lease, lend, convey, distribute, publicly display, or sublicense it to any third party;
  • misrepresent the source or ownership;
  • remove, obscure, or alter any copyright, trademark, or other proprietary rights notices; or falsify or delete any author attributions, legal notices, or other labels of the origin or source of material;
  • retain any copies of the content or extracts thereof or any information derived from the content, or in any way index or mine the content. Your license to content is limited to making direct server calls to BNZ for the data and to distributing the data to your Users;
  • use or aggregate the content with content from other financial institutions; or
  • modify or alter the API Content to render the API Content unfair, deceptive, abusive, false or misleading.

9. Branding requirements

Brand Features

9.1 “Brand Features” is defined as the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party. Except where expressly stated, the Terms do not grant either party any right, title, or interest in or to the other party's Brand Features. All use by you of BNZ's Brand Features (including any goodwill associated therewith) will inure to the benefit of BNZ.


9.2 You must not use any of BNZ’s Brand Features without first obtaining BNZ’s prior written approval.


9.3 You will not make any statement regarding your use of a Sandbox API which suggests partnership with, sponsorship by, or endorsement by BNZ without BNZ's prior written approval.

10. Termination and suspension


10.1 BNZ may suspend access to the Sandbox APIs by you or your API Client without notice at any time without liability or other obligation to you.


10.2 You may stop using the Sandbox APIs at any time with or without notice. Further, if you want to terminate the Terms, you must provide BNZ with prior written notice and upon termination, cease your use of all Sandbox APIs.

10.3 BNZ reserves the right to terminate the Terms with you or discontinue the Sandbox APIs or any portion or feature or your access thereto for any reason and at any time without liability or other obligation to you.

10.4 Upon any termination of the Terms or discontinuation of your access to our Sandbox APIs, you will immediately stop using the Sandbox APIs, cease all use of the BNZ Brand Features, and delete any cached or stored content.

Surviving provisions

10.5 Upon termination of the Terms, those terms that by their nature are intended to continue indefinitely will continue to apply, including but not limited to, clauses 5, 6.9, 7, 9.3, 10.5, 11 and 12.

11. Liability for the Sandbox APIs

Statutory warranties

11.1 All representations and warranties (statutory, express or implied) which are not expressly referred to in this agreement are excluded to the fullest extent permitted by law. You acknowledge and agree that your access to the Sandbox APIs is solely for business purposes.

Warranties excluded

11.2 BNZ provides its Sandbox APIs on an “as is” basis and does not warrant that:

  • the Sandbox APIs will meet your specific requirements;
  • your access to or use of the Sandbox APIs will be uninterrupted or error-free, or that
  • any errors in the Sandbox APIs will be corrected.

Limitation of liability

11.3 We will not be liable to you or any of your Users for any loss or damage suffered or incurred by you or any of your Users, whether arising directly or indirectly, from your access, use, attempted use or operation of the Sandbox APIs in circumstances where there is no unlawful or negligent act by us or any of our personnel.

11.4 BNZ is not liable to you or any third party for any loss of data, loss of profits, loss of use, loss of revenue, loss of goodwill, interruption of business or for any indirect, special, incidental, exemplary, punitive or consequential damages of any kind, arising out of or in connection with the Terms or the use of the Sandbox APIs.

11.5 To the maximum extent permitted by law, BNZ’s total liability for loss or damage suffered or incurred by you as a result of any act or omission by BNZ under or in connection with the Terms or your use of the Sandbox APIs (whether in contract, tort (including negligence) or otherwise) is limited in the aggregate for all claims to the amount of NZD $50.


11.6 Unless prohibited by applicable law, you will defend, hold harmless and indemnify BNZ and each BNZ group member against all direct liabilities, direct damages, direct losses, direct costs, direct fees (including all legal fees and expenses on a solicitor and own client basis), and direct expenses suffered or incurred by us relating to any allegation or third-party legal proceeding to the extent arising from:

  • your misuse of the Sandbox APIs;
  • your breach of the Terms; or
  • any content or data routed into or used with the Sandbox APIs by you, those acting on your behalf, or your Users,

except to the extent that our loss is due to our unlawful or negligent acts. You agree to pay us the amount of the indemnity promptly on demand by us.

12. Confidentiality

12.1 API Content, and other information we may make (or have previously made) available to you in connection with these Terms, may contain our confidential information. Our confidential information includes any information that is confidential or proprietary to BNZ (or a third party that has disclosed it to BNZ) and any information that we disclose to you in connection with these Terms or in the API documentation that we designate as constituting our confidential information (which may include the specifications for certain Sandbox APIs themselves), but excludes:

  • information that is or becomes part of the public domain otherwise than as a consequence of a breach by you of these Terms;
  • information that is independently developed by you; or
  • information that is obtained by you from a source other than BNZ which source is entitled to disclose it to you.

12.2 You must protect our confidential information, use it only for the purposes contemplated by these Terms, and not disclose it to any third party without our permission. You may disclose our confidential information when compelled to do so by law.

13. Other Provisions

Modifications to the Sandbox APIs and to the Terms

13.1 BNZ may at any time add to, remove, change or impose restrictions on, the functionalities of the Sandbox APIs. In addition, BNZ may charge a fee, change a fee, or change the Terms, at any time and for any reason. You will be notified of changes via the email address you have provided to us when establishing your account. Changes will not apply retroactively and will become effective no sooner than 5 (five) days after they are posted. However, changes addressing new functions for a Sandbox API or changes made for legal or security reasons will be effective immediately. If you do not agree to the modified Terms for a Sandbox API, you should discontinue your use of that Sandbox API. Your continued use of the Sandbox API constitutes your acceptance of the modified Terms.

13.2 You acknowledge that a modification to the Sandbox APIs or the API Content may have an adverse effect on your API Client, including but not limited to:

  • changing the manner in which your API Client communicates with the Sandbox API;
  • changing the manner in which your API Client requests, receives, accesses, displays, transmits, and/or uses API Content; and/or
  • changing the API Content associated with a particular Sandbox API.

We shall have no liability of any kind to you or any User with respect to any modification or any adverse effects resulting from such modifications.

General legal terms

13.3 The Terms do not create any third party beneficiary rights or any agency, partnership, or joint venture. Nothing in the Terms will limit either party's ability to seek injunctive relief. We are not liable for failure or delay in performance to the extent caused by circumstances beyond our reasonable control. If you do not comply with the Terms, and BNZ does not take action right away, this does not mean that BNZ is giving up any rights that it may have (such as taking action in the future). If it turns out that a particular term is not enforceable, this will not affect any other terms. The Terms are the entire agreement between you and BNZ relating to their subject matter and supersede any prior or contemporaneous agreements on that subject matter.

Governing law

13.4 The Terms are governed by the law in force in New Zealand and each party irrevocably and unconditionally submits to the non-exclusive jurisdiction of the courts of New Zealand.