API Terms of Use

These API Terms supplement the Terms of Service and govern your use of the Jettson HTTP API at https://jettson.dev/api/ and the official Node and Python SDKs.

1. Authentication

Every API request requires a Bearer token (API key) issued via the dashboard at /console/api-keys. You are responsible for keeping your keys secret. Rotate keys quarterly and immediately on any suspicion of compromise. See Authentication for details.

2. Rate limits

Per-key rate limits apply by plan:

| Plan | Spawns / minute | Spawns / hour | | --- | --- | --- | | Free | 5 | 30 | | Pro | 30 | 500 | | Scale | 100 | 5,000 |

Rate-limited requests return 429 Too Many Requests with a Retry-After header. Honor the header and back off. Repeated abuse may result in suspension under the Acceptable Use Policy.

3. Logging and monitoring

We log API requests for billing, abuse detection, quota enforcement, and security. Logs include method, path, status, latency, and the key identifier (never the key itself). We do not log request bodies of agent runs by default.

4. Versioning

The API is versioned via the URL path (/api/v1). Backwards-incompatible changes ship under a new major version. We give at least 90 days' notice before deprecating an endpoint or breaking a documented contract. Notice is sent to the Account email and posted on the changelog.

Additive changes (new fields, new endpoints) happen in the current version without bumping. Your code should ignore unknown response fields gracefully.

5. Beta endpoints

Endpoints documented as beta or preview are governed by the Beta & Preview Terms and are excluded from the SLA.

6. Output ownership

You own the outputs produced by your agent runs. Jettson reserves the right to use aggregate, de-identified telemetry (latencies, error rates, usage volumes) to operate and improve the Service.

7. Prohibited API use

The following are prohibited in addition to the AUP:

• Reverse engineering. Do not attempt to extract model weights, prompts, or internal infrastructure characteristics.
• Scraping. Do not enumerate keyspaces, attempt brute-force discovery, or scrape proprietary endpoints not documented in our public API reference.
• Credential stuffing. Do not use the API to test stolen credentials against any system.
• Resale. Do not resell raw API access without a signed reseller agreement.
• Competitive training. Do not use API outputs to train a competing AI agent runtime.

8. Idempotency

Use the Idempotency-Key header on spawn requests where you might retry. Repeat calls with the same key within a short window return the same agent rather than creating a duplicate.

9. Webhooks

When webhooks become available, you will be responsible for verifying our signing header before acting on a webhook payload. We will publish the verification recipe in the docs.

10. Telemetry headers

We may add response headers such as X-Request-Id to help debug issues. Including these in support tickets speeds up triage.

11. Contact

API questions: customertek@rwxtek.com.