In order to protect the delivery.com ecosystem, you must adhere to the following rules and best practices. Failure to do so will result in the revocation of your API key.
- Never ask users for their delivery.com account credentials or credit card information. We support OAuth 2.0 authentication. When adding credit cards, we have a similar flow to OAuth 2.0. See more in the Authentication and Payment sections.
- Do not store or cache our data. This will certainly lead to bugs, as data tends to change frequently, and it also violates our terms of service. If you think a particular endpoint is too slow, please let us know and we’ll do our best to improve it.
- In the instance of alcohol or tobacco sales, certain guidelines must be followed. See the Legal Disclaimers section for more information.
- Adhere to our branding and attribution requirements.
- To prevent your transactions from being incorrectly flagged as fraudulent, you must send the customer’s actual data. Examples include, but are not limited to:
- The customer’s actual credit card data. Don’t use one card for all of your users.
- IP address. (Please specify the true client IP in http header “HTTP_X_FORWARDED_FOR“.)
- Email address.
- First and last name.
- Phone number.
For more detailed DO’s and DON’Ts (along with a healthy dose of legalese) please see our Terms of Service.