EBSCO Information Services (EIS) and its customers share a responsibility to protect publisher content accessed via APIs. This document outlines the expectations of both EIS and its customer representatives. A customer representative can be the customer itself, a partner, a vendor, or an implementer working on behalf of the customer.

Authorization

• EIS: Protect access to licensed content by limiting API access to authorized customers only.
• Customer Representative: Protect access to licensed content by limiting application access to authorized end-users of their organization (*guest access exception).

Guest Access

• EIS: Protect access to licensed content by enforcing restrictions for public users identified as “guests” by the customer.
• Customer Representative: Protect access to licensed content by identifying guest users separately from authenticated users. The customer application MUST inform the API which users are guests as described in the API documentation.

API Rate Limiting

• EIS: Ensure a reliable system for all customers by informing applications when they are making too many requests. Excess requests will receive a throttle response and not be fulfilled.
• Customer Representative: The application MUST slow down the rate of requests sent when instructed by the API. The application may optionally replay any unfulfilled requests within the limits provided.

Bots/Malicious Traffic

• EIS: Ensure a secure and stable system for all customers by blocking traffic patterns identified as malicious.
• Customer Representative: Ensure any public-facing applications can identify malicious traffic patterns and not pass them along to the API. If unable to do so, the application must pass end-user client details with all API requests, as described in the API documentation.