These API Terms of Use ("API Terms") govern the access and use of the REST API provided by facilita.tools ("We", "Platform"). By generating an API Key, you ("User", "You") declare that you have read, understood, and accept these terms in full.
These API Terms complement the General Terms of Use of the platform, which remain valid. In case of conflict between the two documents, these API Terms shall prevail regarding API-specific matters.
1. Definitions
- API — The set of REST endpoints available at
facilita.tools/api/v1/that allow programmatic access to platform data and functionalities. - API Key — A unique authentication credential generated in your dashboard. It identifies you in every API request.
- Plan — The subscription tier (Free, Dev, Pro, Business) that defines your usage limits.
- Quota — The maximum number of allowed requests per month, according to your plan.
- Rate Limit — The maximum number of requests per minute, according to your plan.
- User — Any person or legal entity that registers on the platform and generates an API Key.
2. Service Scope and Best Effort
The API provides programmatic access to the same data available through the facilita.tools web tools, including: CNPJ lookup (Brazilian Federal Revenue open data), CEP lookup (postal codes), and currency conversion (Brazilian Central Bank official rates).
The service is provided on a best effort basis. We do not guarantee a specific uptime percentage (SLA). We make every effort to keep the API available, fast, and reliable, but outages may occur for maintenance, infrastructure issues, or external dependency failures.
In case of scheduled maintenance, we will provide advance notice whenever possible through our status page or email.
3. Authentication and API Key Responsibility
- Every API request must include the
X-Api-Keyheader with your valid key. - Your API Key is personal and non-transferable. Do not share it, publish it in public repositories, expose it in frontend code, or include it in client-side applications.
- You are responsible for all requests made with your key. If you suspect unauthorized use, revoke the key immediately in your dashboard and generate a new one.
- We store only the SHA-256 hash of your key. If you lose the original key, we cannot recover it — you must generate a new one.
4. Limits, Rate Limiting, and Quotas
Each plan has specific monthly and per-minute limits:
| Plan | Monthly | Per Minute | Price |
|---|---|---|---|
| Free | 5,000 | 5 | R$ 0 |
| Dev | 60,000 | 15 | R$ 49/mo |
| Pro | 230,000 | 40 | R$ 99/mo |
| Business | 1,200,000 | 100 | R$ 299/mo |
What happens when you exceed the limit:
- Rate limit (per minute): The API returns HTTP
429 Too Many Requests. Wait a few seconds and try again. - Monthly quota: Requests above the limit receive HTTP
429until the next billing cycle begins. You can upgrade your plan at any time to increase the limit immediately.
5. Permitted Use
You may use the API for:
- Integrating CNPJ, CEP, or currency queries into your internal systems, websites, or applications.
- Automating company registration validation in sign-up forms.
- Enriching your own business databases with public government data.
- Building tools or dashboards that consume our data, as long as you respect the limits of your plan.
6. Prohibited Use (Anti-Abuse)
The following practices are strictly prohibited:
- Aggressive scraping: Mass downloading of the entire database via sequential automated requests.
- Attacks and overload: Any attempt to destabilize, overload, or crash the service (DDoS, stress testing without authorization).
- Bypassing limits: Creating multiple accounts or keys to circumvent rate limits or quotas.
- Resale or redistribution: Reselling, sublicensing, or redistributing raw API data as a competing service.
- Sharing keys: Sharing your API Key with third parties, other companies, or unauthorized users.
- Reverse engineering: Attempting to decompile, reverse engineer, or reproduce the API infrastructure.
- Fraud: Using the API to validate or generate documents for fraudulent, illegal, or harmful purposes.
- IP spoofing: Falsifying your source IP address to evade tracking or limits.
We monitor usage patterns to detect anomalous behavior. We are fair: genuine mistakes or temporary spikes will not result in bans. But deliberate abuse will have consequences (see Section 8).
7. Monitoring, Logs, and Data Privacy (LGPD)
To ensure security, enforce limits, and comply with legal obligations, we collect and process the following data for each API request:
- IP address — To enforce rate limits and identify abuse patterns.
- Timestamp — Date and time of each request.
- Endpoint accessed — Which resource was queried (e.g., /api/v1/cnpj/).
- Request volume — Number of requests per period for quota tracking.
- HTTP status code — Response result (200, 400, 429, etc.).
We do NOT log the specific query parameters (e.g., the CNPJ number you looked up) or API response content.
Retention: Usage logs are retained for up to 90 days for security and auditing purposes, after which they are permanently deleted.
Legal basis (LGPD): Legitimate interest (Art. 7, IX) — security, fraud prevention, and contractual performance (Art. 7, V).
Your rights: You may request access, correction, or deletion of your personal data at any time by contacting us at our contact page. See our full Privacy Policy.
8. Suspension, Revocation, and Banning
We want all users to have a good experience. If we detect behavior that violates these terms, we will act proportionally:
| Level | Action | When |
|---|---|---|
| Warning | Email notification + temporary rate reduction | Minor violations, likely unintentional |
| Temporary block | API Key suspended for 24-72 hours | Repeated violations after warning |
| Permanent revocation | API Key revoked + account under review | Deliberate abuse, scraping, or attacks |
| Account ban | Account closed + legal measures if applicable | Fraud, illegal activity, or damages |
Before any permanent action, we will attempt to contact you whenever possible. If you believe a block was unjust, get in touch — we always investigate appeals.
9. Billing, Upgrades, Cancellation, and Refunds
- Free plan: No credit card required. You can use it indefinitely within the limits.
- Paid plans (Dev, Pro, Business): Monthly billing via Stripe. The new limits take effect immediately upon confirmation of payment.
- Upgrade: You can upgrade at any time. The price difference is prorated in the first billing cycle.
- Downgrade: Takes effect at the end of the current billing cycle. Your limits will adjust on the next renewal date.
- Cancellation: You can cancel at any time through your dashboard. Access continues until the end of the paid period. After that, you are moved to the Free plan.
- Refunds: We offer a refund within the first 7 days after the first payment of a new plan if you have used less than 10% of the monthly quota. After that, we do not offer refunds for partial months.
- Non-payment: If payment fails, we try up to 3 automatic retries. After that, the plan is automatically reverted to Free. No penalty is applied — you can subscribe again at any time.
10. Changes to These Terms
We may update these API Terms periodically. When we do:
- We will update the version number and date at the top of this page.
- We will notify you by email at least 15 days before the new version takes effect.
- Continued use of the API after the effective date constitutes acceptance of the new terms.
- If you disagree with the changes, you may cancel your plan and stop using the API before the new terms take effect.
11. Contact and Support
For questions, reports of abuse, or support related to API usage:
- Contact page: facilita.tools/en/contact
- Email: [email protected]
We respond to all inquiries within 2 business days.