Published — v. 14

API use policy

Definitions

User: every user of the MailUp service, regardless of whether they are paying for the service or taking advantage of the free trial period. Each User accepts the MailUp Terms of Use at the time they first log into the MailUp admin console, which is a required step to be using the service.

MailUp Terms of Use: all the terms that regulate the use of the MailUp service. When such terms are changed, Users are asked to agree to them again when they log into the MailUp admin console

Application: a software program that leverages the MailUp API to access MailUp-powered services, making them available to other programs, such as Web sites, e-commerce stores, CRM systems, etc.

Developer: the author of the application that uses the MailUp API. The Developer may or may not be a User. In the case of the MailUp REST API, the Developer is required to register the application in the MailUp system to obtain Application-specific access keys. Developers who are not Users may be provided with a "Developer Account", which gives access to the MailUp admin console free of charge, and with certain limitations.

MailUp API: a set of Web services that are accessible through the HTTP or HTTPS protocols and give Applications access to MailUp features

The MailUp API

The MailUp API is a family of different APIs developed and updated through the years.

The MailUp API family includes the following APIs.

Whenever you see <MAILUP_CONSOLE_URL>, that is the URL of the MailUp admin console (i.e. the MailUp account) that the Developer wishes to connect to

SOAP API

Web services based on the SOAP protocol, accessible at the following URLs:

https://wsvc.ss.mailup.it/ 

... for the following Web services

http://<MAILUP_CONSOLE_URL>/Services

... for the following Web service

HTTP GET & POST API

Web pages associated with a specific MailUp account, which are accessed without authentication (e.g. subscription form) and are accessible at the URL:

http://<MAILUP_CONSOLE_URL>/frontend

JSONP API

Web services that allow script access to certain MailUp resources located on servers other than that the one that contains the original script.

These Web services are accessible at the URL:

https://services.mailup.com

REST API

Web services based on the REST architecture and accessible at the URL

https://services.mailup.com

SMTP+

An SMTP relay service that is built into the MailUp platform.

API access duration

Access to the Mailup API is dependent on the existence of a MailUp account (free or paying) that:

  • has not expired 
  • has not been suspended

Any use of the MailUp API outside of these terms is not allowed and will be considered an abuse of the service.

Terms of use

The MailUp Terms of Use apply to the use of the MailUp API.

When the MailUp Terms of Use are changed, Users are notified at the time they access the MailUp admin console. If Users are accessing the MailUp service strictly through the API - and therefore never see and agree to the updated Terms at the time of login into the admin console - they will be contacted via email using the User's contact information. If the updated Terms are not agreed to because the User cannot be reached, access to the MailUp service may be suspended.

Documentation

Documentation for the MailUp API is available at http://api.mailup.com. It includes both features and known limitations. 

Using undocumented features or services is not recommended as the availability of such services cannot be guaranteed.

Technical support is available via email using the following email addresses:

Support requests submitted through other channels, including social media, comments on the MailUp blog and online documentation (including this very Web site), and other resources, may not be answered as they are not entered into the company's support ticket system. Make sure to open a support ticket by sending an email to the addresses listed above.

Disclaimer on issues with Applications

MailUp is in no way responsible for any issues, damages, or reduced level of service caused by access to the service via an Application.

This disclaimer applies to all Applications, including the "ready to use" ones that are listed on the MailUp Web site and the API online documentation.

Special warranties might apply to certain Applications: refer to the information provided with such Applications for details.

Absence of whitelabeling feature

Access to the MailUp API does not support service whitelabeling. Accessing the service via the MailUp API may result in the display of information that includes the MailUp name or logo. This may affect Users that have purchased the whitelabeling service as part of the MailUp account.

Technical considerations

Authentication

SOAP API, JSONP

access to the services requires the use of a time-limited authentication token. You may authenticate using API-specific credentials  (username= ‘a’ + account ID, e.g.. a23432; non-expiring password) or with admin console credentials (password expires after 180 days). The SOAP API does not enforce list access permissions that exist at the admin console level: all Users can access all lists, regardless of whether such Users were restricted to certain lists when accessing the service via the admin console. When using the “Import” SOAP Web service, based on the HTTP protocol, the User is aware of the risks involved in the transmissions of access credentials in a non-encrypted format, and that it is possible to reduce any chances of unauthorized access by enforcing IP address validation in the API calls. [*] 

For more information about the API access credentials and IP address validation, please see: Connecting to MailUp

HTTP GET & POST API

Calls to the HTTP GET and POST API are performed without authentication. To minimize any abuse of the service, Developers are strongly encouraged to enforce the confirmed opt-in subscription method when adding subscribers to a list and to enforce IP address validation. These apis are only available on the HTTP protocol. The User is aware of the risks involved in the transmissions of access credentials in a non-encrypted format, and that it is possible to reduce any chances of unauthorized access by enforcing IP address validation in the API calls. MailUp is not responsible for unauthorized access to the services via these APIs when such security precautions have not been implemented. 

REST API

Access to the REST API requires both (a) Application registration (the Application has been registered by the Developer); and (b) user authentication (when accessing the REST API, the Application must use certain specific credentials obtained when registering the Application). Users can view a list of Applications authorized to access their account and may revoke such authorization at any time. MailUp reserves the right to block access to the REST API to certain Applications that are found to violate its Terms of Use. MailUp may enforce such block either globally to all Users that have authorized the Application, or individually for specific Users. 

Application-based on the REST API may not store MailUp User access credentials in any way or form. They must instead store the access token obtained after the initial activation.

SMTP+

Access to the MailUp service via SMTP is restricted using standard SMTP authentication. Users obtain authentication credentials via the SMTP+ section of the MailUp admin console.

Rate limiting

MailUp reserves the right to reduce or suspend the service when the following thresholds have been exceeded.

API

Features / Methods

Limitation

HTTP GET & POST

All

None

SOAP API

CreateNewsletter

SendNewsletterFast

Max 100 calls per day

SendSingleNewsletter

Based on the level of service (bandwidth or messages per hour) purchased by the User [†]

SendNewsletter

Max 200 calls per day

SendDirectSMS

SendSingleSMS

Max 10 calls per second

Other SOAP API methods

Max 5 calls per second

REST API

Transactional and personal emails

Based on the level of service (bandwidth or messages per hour) purchased by the User

Transactional SMSMax 30 calls per second
Stop/Delete sendingsMax 1 call every 30 seconds

Other REST API methods

Max 5 calls per second

SMTP+

Transactional and personal emails

Based on the level of service (bandwidth or messages per hour) purchased by the User [‡]

Error handling and logging

MailUp does not provide application logs.

It is the responsibility of the Developer to correctly interpret and store - if needed - any errors returned by MailUp in case of calls to any Web service, as well as the implementation of effective "retry policies" to handle temporary errors.

Support is limited to the use of the API and does not cover proper development of any Application, including error handling and logging, unless otherwise agreed in writing.

Throttling limitations

Here below the throttling limitations:


DayHourMinute
/frontend/xmlsubscribe.aspx200005000300
/frontend/subscribe.aspx200005000300


Disabling of certain APIs

Certain APIs that are not being used by a User may be disabled to further minimize any risk of unauthorized use.

API

Features / Methods

How to disable it

HTTP GET & POST API

Subscribe.aspx

Cannot be disabled


Other pages (e.g.. xmlSubscribe.aspx)

Via admin console (Settings > Account settings > Developer's corner > Web services > FrontEnd)

SOAP API

MailUpImport

Via admin console (Settings > Account settings > Developer's corner > Web services > MailUpImport)

Other SOAP API methods

Cannot be disabled [§]

REST API

All

Revoke Application authorization in the admin console [**]

SMTP+

All

Remove all SMTP+ users

Updates

MailUp reserves the right to update its APIs - with or without prior notice - to achieve the following objectives.

  • SOAP API, JSONP, HTTP GET & POST API: backward compatibility, implementation of new features, increase in security
  • REST API: supports versioning and multiple versions can be active at the same time. An older version should be considered deprecated 6 months after the next version was released.
  • SMTP+: maintain compliance with the SMTP protocol specifications

Modifications to the API and information on new features (or versions, in the case of the REST API) that have become deprecated are registered in the API documentation. In some cases, updates might be sent to Users and Developers via email or another form of communication.

Footnotes

[*] IP address-based restrictions do not apply to the SOAP Web Services “MailUpSend”, “MailUpManage”, “MailUpReport” and to the JSONP Web services

[†] Without exceeding 100 calls per day if message type=HTML and 5,000 calls per day if message type=ID

[‡] Service limitations are introduced when requests to send messages are sent at a speed that is far superior to the allocated bandwidth or messages per hour, with the result of a sending queue that exceeds 1,000,000 messages

[§] Unless all passwords associated with the MailUp accounts are reset

[**] If the feature cannot be accessed, please contact MailUp support