Thanks for your thoughtful response to the new API terms. I genuinely
appreciate you taking the time to respond. Please find my comments
I believe this aspect of the API terms warrants review. I agree that
both cases you raise are problematic. Your points have prompted an
internal conversation. I'll let you know how this turns out.
> "7. If you are displaying DigitalNZ metadata retrieved via the
> DigitalNZ API on or through a website or application that requires
> registration you must, on request by DIA or any metadata contributor,
> provide a logon to the website or application to DIA or the metadata
> contributor, without charge."
> What would DIA or any metadata contributor do with their access? What
> are they checking for?
This provision was added in response to our content partners. They
want to be able to verify that applications are using data as per the
> "12. You must not make more than 3000 API calls per day, per API key
> issued to you, without written approval from DIA."
> It would be nice if this was friendlier. 3000 API calls isn't much if
> a particular app got popular. Also, an app "in the wild" might be
> suddenly discovered or shared on social media causing a spike of
> traffic completely unknown by the developer. Surely DigitalNZ can
> implement some basic throttling or DDOS prevention to reduce the
> impact of a traffic spike?
This wording is a problem. It does not adequately convey our
intentions. How does something like the following sound?
"The default limit on API calls is 3000 API calls per day, per API key
issued to you. Please contact the DigitalNZ team to discuss high rate
limits if need be."
> "(a) not to grant an API key to any person at its complete
> I don't think a clause like this should be in a government API. There
> should be solid grounds for disallowing online access, not simply
> "(ii) providing a website or application that is enabling others to
> bringing or could bring DigitalNZ, the National Library, DIA or any
> contributor of metadata to DigitalNZ into disrepute; and"
> Ditto. Would a site that used Digital NZ data to critique
> institutional practices be shut down by such a clause?
We would only activate these clauses if the data was being used in a
completely inappropriate way. Unfortunately, it is difficult to
foresee all the possible inappropriate ways that data might be used.
Our track record to date is good. In the history of DigitalNZ we have
only ever terminated one API key. That was for commercial use.
> "19(d) to otherwise terminate your access to, or discontinue, the
> DigitalNZ API at any time, for any reason and at its sole discretion."
> Ditto. This type of clause was in the very first terms for DigitalNZ
> (~June 2009) and was subsequently removed - why has it made a
> comeback? I don't like the idea that DigitalNZ/DIA could unilaterally
> terminate my use, especially if I have put significant time or money
> into developing an application. There's no mention of any mechanism
> for handling disputes or misunderstandings.
Your comments here have prompted a closer review of this clause. We
are considering changing or removing this clause. We will still need a
clause to allow us to terminate access if usage contravenes our terms.
I will keep the list updated.
Thanks again, Jonathon. Please let me know if you have further