Skip to content
Trimble Unity Construct

Trimble Unity API Acceptable Use Policy

Acceptable Use Policy

Section titled “Acceptable Use Policy”

Applicability: This policy applies to all developers, partners, and customers (“Users”) accessing the Trimble Unity Application Programming Interfaces (APIs).

Purpose and Scope

Section titled “Purpose and Scope”

This AUP governs the use of Trimble Unity APIs. Our mission is to provide a high-performance, secure, and reliable integration layer for the Trimble Unity ecosystem. By accessing our APIs, you agree that your access is a privilege, not a right, and is subject to continued compliance with these standards to ensure the stability and security of the platform for all stakeholders.

Permitted Use and Technical Intent

Section titled “Permitted Use and Technical Intent”

The Trimble Unity API is designed exclusively for Transactional Data Exchange and Point-to-Point Integration.

Transactional Alignment: Use cases must be limited to facilitating specific, user-initiated actions or real-time data synchronization between Trimble Unity and authorized third-party systems.

Workflow Enhancement: Integration must provide demonstrable value to the end-user experience within a defined workflow (e.g., syncing a work order, updating asset status).

Internal Productivity: Use is permitted for automating internal business processes that rely on Trimble Unity as the system of record.

Data Integrity and Prohibited Practices

Section titled “Data Integrity and Prohibited Practices”

To protect Trimble’s Intellectual Property and system performance, the following data practices are strictly prohibited:

Anti-Mirroring and Bulk Extraction

Section titled “Anti-Mirroring and Bulk Extraction”

  • No Database Mirroring: You may not use the API to replicate, in whole or in part, the Trimble Unity database schema or content in an external persistent storage system.

  • No Scraping: Use of automated “crawlers” or “spiders” to harvest data is strictly prohibited.

  • Analytical Offloading: The API is not to be used for ETL (Extract, Transform, Load) processes intended for external Data Warehousing, Big Data analytics, or Business Intelligence (BI) tools without explicit written “Data Export” licensing.

Caching and Persistence

Section titled “Caching and Persistence”

  • Ephemeral Storage: Data may be cached locally and temporarily (maximum 24 hours) solely to improve application latency.

  • Refresh Requirement: All cached data must be refreshed or purged upon the expiration of the 24-hour window.

  • Derivative Works: You are prohibited from using Trimble data to train Machine Learning (ML) models, Artificial Intelligence (AI) systems, or creating “shadow” products that compete with Trimble Unity features.

API Governance and Traffic Management

Section titled “API Governance and Traffic Management”

Trimble employs active traffic shaping to ensure “Fair Use” for all participants.

  • Rate Limiting: Users must respect the headers returned by our gateway (e.g., X-RateLimit-Limit).

  • Graceful Handling: Applications must be designed to handle HTTP 429 (Too Many Requests) errors gracefully using exponential backoff algorithms.

  • Concurrency: We reserve the right to limit the number of concurrent connections per API Key/Client ID.

  • Load Testing: You may not perform load tests or penetration tests against Trimble Unity production endpoints without a minimum of 10 business days’ prior written notice and approval from the Trimble API Operations team.

Security and Compliance

Section titled “Security and Compliance”

Security is a shared responsibility. Failure to secure your integration is a violation of this policy.

  • Authentication: All requests must use modern authentication protocols (e.g., OAuth 2.0).

  • Credential Hygiene: API keys and secrets must be stored in secure vaults (e.g., Azure Key Vault, AWS Secrets Manager). Credentials must never be hard-coded in client-side code (JavaScript, Mobile Apps) or committed to version control systems (GitHub).

  • Data Residency & Privacy: You must comply with all regional data protection laws (GDPR, CCPA, etc.). If you are processing personal data of Trimble users, you must maintain a publicly accessible Privacy Policy.

  • Breach Notification: If your API credentials are compromised, or if your system—which stores Trimble data—is breached, you must notify security@trimble.com within 24 hours.

Prohibited Activities

Section titled “Prohibited Activities”

You may not use the Trimble Unity API to:

  • Fuzz or Probe: Attempt to discover undocumented fields, private endpoints, or bypass security controls.

  • Redistribute: Resell, lease, or sublicense API access to third parties.

  • Decompile: Reverse engineer the API responses to reconstruct underlying proprietary algorithms.

  • Spam: Use the API to send unsolicited communications or engage in “resource exhaustion” attacks.

Lifecycle and Operational Notice

Section titled “Lifecycle and Operational Notice”

  • SLA: Trimble does not guarantee a specific uptime for the API unless explicitly defined in a separate Service Level Agreement.

  • Deprecation Policy: Trimble follows a “Version-Minus-One” deprecation strategy. When a new major version of an API is released, the previous version will be supported for a minimum of 6 months before sunset.

  • Breaking Changes: We reserve the right to push emergency patches for security or stability without prior notice.

Enforcement and Audit Rights

Section titled “Enforcement and Audit Rights”

  • Monitoring: Trimble proactively monitors all API traffic for patterns indicative of AUP violations.

  • Audit: Upon reasonable notice, Trimble reserves the right to audit your application’s integration logic and data storage practices to ensure compliance with the “No Mirroring” and “Caching” clauses.

  • Sanctions: Violations may result in immediate level-based sanctions, including:

    • Level 1: Temporary Throttling or Quota reduction.
    • Level 2: Suspension of API credentials.
    • Level 3: Permanent termination of access and legal action for damages or IP infringement.