API Terms of Use

Last updated: February 14, 2026

These terms govern your use of the MIR Assertions API as an issuer. By using the API, you agree to these terms and commit to creating assertions honestly and in accordance with the MIRA Constitution.

1. Definitions

"MIRA" refers to MIR Assertions, a cryptographic provenance registry for digital media, operated by phpMyDEV, LLC.

"Issuer" refers to any organization or individual approved to create assertions via the MIRA API or Issuer Portal.

"Assertion" refers to a cryptographically signed statement about a digital artifact (e.g., ISSUED_BY, NOT_ISSUED_BY, LICENSED_TO, DISPUTE).

"Artifact" refers to a digital media file identified by its SHA-256 hash.

"API" refers to the MIRA application programming interface and related services.

"Issuer Key" refers to a cryptographic signing key registered to an issuer for signing assertions.

2. API Access

2.1 Registration

To use the API, you must apply as an issuer and receive approval. Registration requires accurate information about your organization and intended use case.

2.2 API Keys

Your API key is confidential. You must:

• Keep your API key secure and never share it publicly
• Not embed API keys in client-side code or public repositories
• Immediately notify MIRA if your key is compromised
• Use only one active API key per approved issuer account

2.3 Issuer Keys

Cryptographic signing keys must be managed responsibly. You must:

• Protect private keys with appropriate security measures
• Revoke compromised keys immediately via the API or Issuer Portal
• Only issue key invites to authorized individuals within your organization

2.4 Rate Limits

API access is subject to rate limits. Default limits are 60 requests per minute for general endpoints and 30 requests per minute for batch operations. Issuers also have a daily assertion limit (default: 10) that may be increased upon verification. Exceeding limits may result in temporary throttling.

3. Acceptable Use

3.1 Permitted Uses

You may use the API to:

• Create assertions about media artifacts you have a legitimate relationship with
• Look up existing assertions by artifact hash or perceptual hash
• Manage your issuer keys and assertion lifecycle (revoke, supersede)
• File disputes against assertions you believe to be inaccurate
• Perform batch lookups for integration with your platforms or tooling

3.2 Prohibited Uses

You must NOT use the API to:

• Create false, misleading, or fraudulent assertions
• Assert ownership or authorship of artifacts you did not create or do not represent
• File frivolous or bad-faith disputes to suppress legitimate assertions
• Circumvent rate limits, daily limits, or access controls
• Scrape or bulk-download assertion data for purposes unrelated to your approved use case
• Impersonate another issuer or organization
• Use assertion data to harass, stalk, or harm individuals
• Attempt to reverse-engineer MIRA's internal systems or infrastructure
• Use the API in a manner that violates the MIRA Constitution

4. Data Handling

4.1 Assertion Permanence

Assertions are part of a public, auditable record. Once created, an assertion cannot be deleted — only revoked or superseded. Revoked assertions remain visible as revoked. You should understand this permanence before creating assertions.

4.2 Privacy Obligations

When handling assertion data, you must:

• Comply with applicable privacy laws in your jurisdiction
• Not use assertion lookup results to build surveillance profiles
• Respect that assertion data is a record of claims, not a source of truth
• Maintain appropriate security measures for any cached data

4.3 Cached Data Retention

You may temporarily cache MIRA lookup responses to support your product functionality. Cached data should be refreshed regularly as assertions may be revoked or superseded. You must delete all cached MIRA data upon termination of your issuer account.

5. Issuer Responsibilities

As an issuer, you acknowledge and agree that:

• Attribution: Your assertions are publicly attributed to your organization
• Accuracy: You are responsible for the accuracy of every assertion you create
• Disputes: If another party disputes your assertion, you must respond within 7 business days with supporting documentation
• Key management: You are responsible for the security of your API keys and issuer keys

6. Security Requirements

You must implement reasonable security measures including:

• Encrypted transmission (HTTPS/TLS 1.2+)
• Secure storage of API keys and cryptographic private keys
• Access controls limiting who can create assertions on your behalf
• Logging and monitoring for unauthorized access
• Incident response procedures

You must notify MIRA within 48 hours of discovering any security incident involving your issuer keys or API credentials.

7. Service Availability

MIRA strives for high availability but does not guarantee uninterrupted service. We may:

• Perform scheduled maintenance with advance notice
• Implement emergency changes without notice
• Modify API endpoints with reasonable deprecation periods
• Suspend access for investigation of policy violations

8. Termination

8.1 By You

You may cease using the API at any time. Your existing assertions remain in the public record. You must delete all cached MIRA data and revoke any active issuer keys.

8.2 By MIRA

We may suspend or terminate your access:

• Immediately for serious violations (fraud, false assertions, security incidents)
• With 30 days notice for other policy violations
• With 90 days notice for material business or operational reasons

Issuer status changes are logged in the public audit trail as required by the MIRA Constitution.

9. Liability

MIRA provides assertion registry services "as is" without warranty. We are not liable for:

• Decisions made based on assertion data
• Inaccurate assertions created by other issuers
• Service interruptions or data loss
• Indirect, consequential, or punitive damages

MIRA does not assess the truth or legality of assertions. We record who asserted what, not whether it is correct.

Your use of MIRA is at your own risk. You agree to indemnify MIRA against claims arising from your use of the API or assertions you create.

10. Changes to Terms

We may update these terms with notice. Continued use after changes take effect constitutes acceptance. Material changes will be communicated via email to registered issuers.

11. Contact

For questions about these terms:

• Email: legal@mirassertions.org
• General: hello@mirassertions.org
• Contact form: mirassertions.org/#contact

12. Governing Law

These terms are governed by the laws of the State of Arizona, without regard to conflict of law principles.