Acceptable Use Policy – Syncore API
V1 – Effective June 30, 2026
Scope
This Policy applies to direct access or use of the Syncore REST API (“API”) via an Integration.
“Integrations” means any integration that accesses, uses or otherwise triggers the API except Facilisgroup’s pre-built integrations made available through Syncore Connect and the Syncore for Outlook Email Integration. References to “Use” and “access” of the API in this Policy should be construed as usage and access of the API via such integrations.
This Policy applies to any and all Partners who access or use the API or use data that has been accessed via the API via an Integration.
By accessing or using the API, you (or and the Partner on whose behalf you are acting) agree to be bound by the terms of this Policy. If you do not agree to this Policy, you must discontinue use of the API.
Summary
The API provides programmatic access to Syncore’s Orders and CRM components. Usage limits and quotas are subject to change. All Integrations should be designed to accommodate variable rate limits and quotas.
Facilisgroup is committed to expanding the API’s capabilities and operational efficiency over time to support a broader range of integration use cases.
Authorization
Only Partners with a current Partner Agreement in effect with Facilisgroup are authorised to access or use the API. Authorization is automatically and immediately revoked upon termination of such Partner Agreement. Facilisgroup’s Partner Agreement Terms and conditions at https://facilisgroup.com/terms-and-conditions/ apply in addition to this Policy.
All Integrations must be approved through the Syncore API Certification Program prior to use. Unauthorized Integrations are prohibited.
Each Integration must register a unique User-Agent string that identifies the integration in all API requests. This User-Agent must be provided in writing as part of the certification process.
Rate Limits and Quotas
The following rate limits are enforced on API access to maintain platform stability. When a daily limit is reached, API requests are throttled to the overage rate for the remainder of the period. Daily limits reset at 00:00 EST.
/crm endpoints:
| Limit | Max. Rate | Period | Overage | |
| GET | 10,000 | 60 req/min | daily | 20 req/min |
| POST | 10,000 | 60 req/min | daily | 20 req/min |
| PUT | 10,000 | 60 req/min | daily | 20 req/min |
/orders endpoints:
| Limit | Max. Rate | Period | Overage | |
| GET | 20,000 | 90 req/min | daily | 30 req/min |
| POST | 15,000 | 90 req/min | daily | 30 req/min |
| PUT | 15,000 | 90 req/min | daily | 30 req/min |
Monthly Aggregate Limit
Each Partner is permitted a maximum of 250,000 API calls per calendar month across all endpoints. Integrations exceeding this limit will be throttled pending review.
Partner requiring rate limits, quotas, or monthly allocations above the thresholds defined in this Policy may submit a request for review through the Syncore API Certification Program. Approval of increased allocations is at Facilisgroup’s sole discretion and may be subject to additional terms.
Monitoring Your Usage
Partners can monitor their usage, review call volumes, and verify compliance with this Policy through the Syncore API Insights portal at developers.syncore.app.
Prohibited Actions
The following activities are prohibited:
- Unauthorized Integrations: Operating any Integrations that has not been certified through the Syncore API Certification Program.
- Bulk Data Extraction: Routine data synchronization performed within the rate limits and quotas defined in this Policy is permitted. Running continuous or recurring bulk extraction processes intended to replicate, mirror, or maintain a complete copy of the Syncore dataset is prohibited. Facilisgroup maintains fully redundant backups of all platform data.
- Excessive Polling: Polling endpoints at a frequency or volume that exceeds the rate limits and quotas defined in this Policy, or that degrades platform performance for other consumers. Integrations should be designed to poll at the minimum frequency necessary to meet their operational requirements.
- Circumventing API Limitations: Designing or operating Integrations that work around current API limitations in a manner that results in excessive API consumption. Where the API does not yet support a specific capability (e.g., incremental change detection), Integrations must operate within the defined rate limits and quotas rather than compensating through high-volume request patterns.
- Credential Exposure: Exposing API keys, tokens, or Syncore API endpoints in client-side code, public repositories, or any publicly accessible location.
Enforcement
Facilisgroup monitors API usage and reserves the right to take the following actions, at its sole discretion, in response to any violation of this Policy:
- Notification: Formal notification to the Partner outlining the violation and required corrective actions.
- Audit: Review of the Partner’s API usage to identify and remediate issues.
- Suspension: Temporary or permanent suspension of API access.
Facilisgroup may suspend API access without prior notice to protect the stability and integrity of the Syncore platform.
Data Handling
Partners are responsible for handling all data accessed through the API in compliance with applicable data protection and privacy laws. Specific data handling obligations are defined in your Partner Agreement.
Modifications
Facilisgroup reserves the right to modify this Policy, including but not limited to the list of prohibited actions, rate limit parameters, and usage quotas, at any time. Facilisgroup will provide no less than thirty (30) days’ written notice to Partners prior to any material modifications taking effect. Notice will be delivered via email to the address on file for the Partner’s API certification. Continued use of the API following the effective date of any modification constitutes acceptance of the revised Policy.
Contact
For questions or concerns regarding this Policy, please contact [email protected].