This blog is part of a series devoted to understanding the legal realities of travel APIs and what it takes to integrate with third party APIs. The reason behind the series is to explain what the legal issues and risk areas are that travel startups need to cover when negotiating an API licensing deal.
In this piece, I provide a checklist of key issues and questions before doing a deep dive on specific areas that need extensive coverage. Parts 2 and 3 cover Intellectual Property, with Part 4 looking at Data (data protection & privacy). Part 5 covers what happens when things go wrong.
The Connected Traveler
We are well and truly in the era of the 'connected traveler'. Research has revealed critical insights on what travelers want from travel companies. Connected travelers do not see their holiday as a series of product touch points — it is their trip, and the trip as a whole needs to be as seamless as possible. It must encapsulate the 'holiday feeling' from the start and long after return.
Code, data, and API integrations in particular are key components in any travel startup's strategy to reach the holy grail of that 'holiday feeling'. However, delivering on that vision will take more than just technology and API integrations. The travel startups that truly manage to pull this off will have a great future and a sustainable competitive advantage.
Setting the Scene
The scenario I'll be exploring is the situation where APIs are only available following the signature of an NDA and API license agreement (i.e. Private/Partner). This is different from where a travel startup can start using the API subject to a set of Terms of Use on the API provider's website.
In our scenario, the travel startup will invariably be dealing with a larger company whose approach will often be a 'take it or leave it' one when it comes to their API license agreements. However, even in that case, there is a lot that travel startups can do to ensure they enter into these deals with their eyes open.
Work Starts…
After the euphoria of having signed an NDA, the real business starts when you get the API licensing agreement. Exactly when you get it depends on the provider — one travel startup I was representing had to wait 5–6 months before they got anything, and this API provider is a very well-known travel brand.
From a purely deal-making point of view, some API providers are better than others in terms of knowing what to negotiate, being commercial in their approach, and being supported well by in-house legal. All of these are key variables that will influence the pace of the deal.
A Checklist Before You Get Going
- What IP assets are covered by the agreement?
- Who owns what IP assets? Both you and the API provider will be bringing IP assets to the table as well as creating new IP assets during the agreement.
- What IP assets are licensed, and to whom? What do the licenses allow the licensee to do?
- Is the API provider guaranteeing quality of their API, whether they are safe to use, or that they do not infringe somebody else's IP? Are you asked to guarantee anything?
- Are there any other activities that the API provider prohibits and/or restricts?
- Is the API provider allowed to do any monitoring and auditing of you? If so, what does that involve?
- Are they charging you for anything (licensing fees, etc.)? If so, what and how much? When do you have to pay?
- Are they paying you for anything (e.g. sales you make for them)? If so, what and how much?
- What is the deal with information security? What are they asking you to do to prevent breaches?
- What does the licensing agreement say about your customer data? Who is responsible for the confidentiality, security or integrity of such data?
- Are there any confidentiality restrictions on both you and the API provider?
- Are there any restrictions on you in terms of developing products that might compete with theirs?
- Can the API provider suspend access to the API, discontinue, or terminate the licensing agreement? If so, when and how?
- If something goes wrong and it was down to you, what is your financial liability? Is it unlimited or capped?
This seems like a lot — but we will be exploring these questions in upcoming blog posts. A final point: it is not just a question of 'getting on' with API integrations. It needs analysis, legal input and ensuring you have covered off any risks. The deal has to be right.