API Terms

1. Overview

These API Terms govern your use of the application programming interfaces (the API) and Model Context Protocol (MCP) server provided by Funded with Flow L.L.C. (Funded with Flow, the Platform, we, us). They apply in addition to your overall agreement with the Platform and our AI, MCP & Automation Terms.

The Platform is a simulated, evaluation-based prop-trading practice environment and is not a broker-dealer, investment adviser, exchange, custodian, or bank. By generating an API or MCP key or making API requests, you agree to these API Terms.

2. Key Ownership and Responsibility

API and MCP keys are issued to you for use with your own account only. Each key is user-scoped and may not access administrative functions or any other user's account or data.

You are solely responsible for all activity conducted using your keys, including all requests, instructions, orders, and actions, whether performed by you, by software you operate, or by an AI agent or automation you have connected. Activity authenticated with your key is treated as authorized by you.

3. Permission Scopes

Access is governed by granular permission scopes. New keys are read-only by default. A read-only key can retrieve information but cannot place, modify, or cancel orders.

Trade-execution permission is opt-in and gated by multiple independent controls. You must take deliberate steps to enable it and must understand the difference between read-only and trade-execution access before doing so. You are responsible for granting only the scopes you actually need and for understanding the consequences of each scope you enable.

4. Rate Limits

API and MCP access is subject to rate limits and other protective controls. We may throttle, queue, suspend, or reject requests that exceed applicable limits or that we reasonably believe threaten Platform stability, security, or our providers.

Limits may change without notice. You must design your integrations to respect rate limits and to handle throttling, backoff, retries, and error responses gracefully.

5. Prohibited Use

You must not use the API or MCP server to:

• Deploy malicious, deceptive, or harmful automation;
• Scrape, harvest, or bulk-extract data outside permitted interfaces and limits;
• Reverse engineer, decompile, probe, or attempt to bypass security controls or rate limits;
• Access administrative functions, other users' accounts, or data outside your authorized scopes;
• Circumvent, manipulate, or abuse evaluation or challenge mechanics; or
• Interfere with, overload, degrade, or disrupt the Platform or its providers.

6. Data Restrictions

Data made available through the API and MCP server, including real-time market data, is provided for your own in-platform use only. You must not redistribute, resell, republish, sublicense, or otherwise share market data or other protected data obtained through the API, except where we have expressly authorized it in writing.

Market data is sourced from a third-party provider and is subject to our Market Data Disclaimer. You are responsible for using such data only in accordance with these restrictions.

7. Security Expectations

Keys are displayed only once at creation and are stored by us solely as cryptographic hashes (HMAC), never in plaintext. You must:

• Keep your keys secret and never share, embed publicly, or expose them;
• Rotate keys periodically and after any suspected exposure;
• Revoke keys you no longer use or that may be compromised; and
• Store keys securely in your own systems.

You are responsible for safeguarding your keys and for any activity resulting from their compromise.

8. Key Revocation

You may revoke any of your keys at any time. We may also suspend, restrict, or revoke any key, with or without notice, where we reasonably believe it is necessary to protect the Platform, its users, our providers, or compliance obligations, or where you violate these API Terms.

Revocation may interrupt or terminate any integration, agent, or automation relying on the affected key.

9. Monitoring and Logging

We log and monitor API and MCP access. Access logs are retained and used for safety, debugging, security, abuse prevention, and compliance purposes, and may be used to detect and respond to misuse. Handling of this information is described in our Privacy Policy and Data Processing Information.

10. No Resale or Redistribution

Unless we have expressly authorized it in writing, you may not resell, redistribute, sublicense, or commercially exploit the API, the MCP server, or any data or output obtained through them. Access is granted to you for your own use and may not be transferred.

11. Service Availability, Changes, and Compatibility

The API and MCP server are provided "as is" and "as available". We do not guarantee uptime, availability, accuracy, or uninterrupted operation, and the service may be delayed, interrupted, or unavailable.

We may modify, deprecate, or discontinue the API, the MCP server, endpoints, scopes, or features at any time. We do not guarantee backward compatibility, and changes may require you to update your integrations. You are responsible for monitoring for changes and maintaining your integrations accordingly.

12. Consequences of Abuse; Contact

Violation of these API Terms may result in rate limiting, suspension or revocation of keys, suspension or termination of your account or API access, and other measures we deem appropriate, in addition to any rights or remedies available to us.

For questions about these API Terms, contact [email protected]. To report a security issue, contact [email protected].