API Terms of Use & Policy

01/ Policy Overview

The ArtPexels API is built to enable developer and community integrations to fetch rich high-definition wallpapers programmatically. By requesting a developer API Client Key, using our public wallpaper resources, or calling our endpoints, you acknowledge and agree to comply with our Terms of Use and Privacy Policy.

These policies are enforced to guarantee high service availability, secure server integrity, and ensure complete compliance with publisher monetizations and standard guidelines.

02/ Keys & Allowed Origins

To prevent unauthorized requests and API key leakages, ArtPexels enforces a strict **Allowed Origins (Domain / App Identifier)** security standard.

Key Restrictions and Rules:

Domain Whitelisting: Every API key should specify Allowed Origins (e.g. your website domain `mydomain.com`). Requests originating from other domains will be rejected with a 403 Forbidden status.
Mobile Application IDs: For Flutter, Android, iOS, or dynamic mobile apps, developers must bind their client package keys (e.g. `com.artpexels.app`). Applications must transmit this identity inside custom request headers.
Secure Storage: Developers are responsible for preserving key secrecy. Keys must never be made public on open repositories (e.g. GitHub public files).

03/ Fair Use & Rate Limits

To maintain equal infrastructure resources for all integrations, every API key operates under a standard **Rate Limit of 60 requests per minute** unless configured as unlimited by a global administrator.

Automated scrapers, brute-force crawlers, and aggressive background data sync scripts that exceed rate limits will face temporary `429 Too Many Requests` delays or automatic IP blocklisting.

04/ Termination & Block Policies

ArtPexels reserves the absolute right to suspend, terminate, or revoke developer keys and permanently ban requesting IP addresses under the following conditions:

Reason for Key Revocation:

Leaking or distributing the API Key to public domains or unauthorized users.
Attempting to bypass whitelisted origin restrictions via header forgery.
Spamming endpoints with malformed search query parameters.

Reason for Permanent IP Bans:

Executing invalid traffic, automated click bots, or scraper scripts that threaten Google AdSense network safety.
Distributed DDoS attempts or vulnerability scanning on ArtPexels API paths.
Deliberate brute force to bypass whitelisted keys.

05/ Google AdSense Safety & Monetization

ArtPexels uses Google AdSense and third-party advertising partners to sustain its free high-resolution wallpaper library. Because our monetized platforms depend directly on Google Publisher compliance, we strictly monitor our API to avoid "low value traffic", automated invalid ad impressions, and bot rings.

By protecting our API endpoints from bad actors and malicious automated tools, we successfully guarantee a clean, authentic visitor landscape for Google advertisers. This is why automated traffic profiling is mandatory.

06/ IP Address Logging & Privacy Compliance

Consistent with our general Privacy Policy, our server records API Request log profiles containing incoming IP addresses, Browser Agent values, Referrers, and specific path queries.

This IP collection is legally justified to ensure network security, maintain publisher compliance, protect monetization assets from invalid click networks, and enforce rate bounds.

Any collected IP logs are stored securely, handled confidentially, and are never shared with unauthorized third parties. System administrators are equipped with lazy auto-clearing utilities to purge logs older than 7 days dynamically, protecting your storage footprints.