API use policy
Definitions
User: every user of the MailUp service, regardless of whether they are paying for the service or taking advantage of the free trial period. Each User accepts the MailUp Terms of Use at the time they first log into the MailUp admin console, which is a required step to be using the service.
MailUp Terms of Use: all the terms that regulate the use of the MailUp service. When such terms are changed, Users are asked to agree to them again when they log into the MailUp admin console
Application: a software program that leverages the MailUp API to access MailUp-powered services, making them available to other programs, such as Web sites, e-commerce stores, CRM systems, etc.
Developer: the author of the application that uses the MailUp API. The Developer may or may not be a User. In the case of the MailUp REST API, the Developer is required to register the application in the MailUp system to obtain Application-specific access keys. Developers who are not Users may be provided with a "Developer Account", which gives access to the MailUp admin console free of charge, and with certain limitations.
MailUp API: a set of Web services that are accessible through the HTTP or HTTPS protocols and give Applications access to MailUp features
The MailUp API
The MailUp API is a family of different APIs developed and updated through the years.
The MailUp API family includes the following APIs.
SOAP API
Web services based on the SOAP protocol, accessible at the following URLs:
https://wsvc.ss.mailup.it/
... for the following Web services
http://<MAILUP_CONSOLE_URL>/Services
... for the following Web service
HTTP GET & POST API
Web pages associated with a specific MailUp account, which are accessed without authentication (e.g. subscription form) and are accessible at the URL:
http://<MAILUP_CONSOLE_URL>/frontend
JSONP API
Web services that allow script access to certain MailUp resources located on servers other than that the one that contains the original script.
These Web services are accessible at the URL:
https://services.mailup.com
REST API
Web services based on the REST architecture and accessible at the URL
https://services.mailup.com
SMTP+
An SMTP relay service that is built into the MailUp platform.
API access duration
Access to the Mailup API is dependent on the existence of a MailUp account (free or paying) that:
- has not expired
- has not been suspended
Any use of the MailUp API outside of these terms is not allowed and will be considered an abuse of the service.
Terms of use
The MailUp Terms of Use apply to the use of the MailUp API.
When the MailUp Terms of Use are changed, Users are notified at the time they access the MailUp admin console. If Users are accessing the MailUp service strictly through the API - and therefore never see and agree to the updated Terms at the time of login into the admin console - they will be contacted via email using the User's contact information. If the updated Terms are not agreed to because the User cannot be reached, access to the MailUp service may be suspended.
Documentation
Documentation for the MailUp API is available at http://api.mailup.com. It includes both features and known limitations.
Using undocumented features or services is not recommended as the availability of such services cannot be guaranteed.
Technical support is available via email using the following email addresses:
- English: support@mailup.com
- Italian: support@mailup.it
Disclaimer on issues with Applications
MailUp is in no way responsible for any issues, damages, or reduced level of service caused by access to the service via an Application.
This disclaimer applies to all Applications, including the "ready to use" ones that are listed on the MailUp Web site and the API online documentation.
Special warranties might apply to certain Applications: refer to the information provided with such Applications for details.
Absence of whitelabeling feature
Access to the MailUp API does not support service whitelabeling. Accessing the service via the MailUp API may result in the display of information that includes the MailUp name or logo. This may affect Users that have purchased the whitelabeling service as part of the MailUp account.
Technical considerations
Authentication
SOAP API, JSONP
access to the services requires the use of a time-limited authentication token. You may authenticate using API-specific credentials (username= ‘a’ + account ID, e.g.. a23432; non-expiring password) or with admin console credentials (password expires after 180 days). The SOAP API does not enforce list access permissions that exist at the admin console level: all Users can access all lists, regardless of whether such Users were restricted to certain lists when accessing the service via the admin console. When using the “Import” SOAP Web service, based on the HTTP protocol, the User is aware of the risks involved in the transmissions of access credentials in a non-encrypted format, and that it is possible to reduce any chances of unauthorized access by enforcing IP address validation in the API calls. [*]
For more information about the API access credentials and IP address validation, please see: Connecting to MailUp
HTTP GET & POST API
Calls to the HTTP GET and POST API are performed without authentication. To minimize any abuse of the service, Developers are strongly encouraged to enforce the confirmed opt-in subscription method when adding subscribers to a list and to enforce IP address validation. These apis are only available on the HTTP protocol. The User is aware of the risks involved in the transmissions of access credentials in a non-encrypted format, and that it is possible to reduce any chances of unauthorized access by enforcing IP address validation in the API calls. MailUp is not responsible for unauthorized access to the services via these APIs when such security precautions have not been implemented.
REST API
Access to the REST API requires both (a) Application registration (the Application has been registered by the Developer); and (b) user authentication (when accessing the REST API, the Application must use certain specific credentials obtained when registering the Application). Users can view a list of Applications authorized to access their account and may revoke such authorization at any time. MailUp reserves the right to block access to the REST API to certain Applications that are found to violate its Terms of Use. MailUp may enforce such block either globally to all Users that have authorized the Application, or individually for specific Users.
Application-based on the REST API may not store MailUp User access credentials in any way or form. They must instead store the access token obtained after the initial activation.
SMTP+
Access to the MailUp service via SMTP is restricted using standard SMTP authentication. Users obtain authentication credentials via the SMTP+ section of the MailUp admin console.
Rate limiting
MailUp reserves the right to reduce or suspend the service when the following thresholds have been exceeded.
API | Features / Methods | Limitation |
HTTP GET & POST | All | None |
SOAP API | CreateNewsletter SendNewsletterFast | Max 100 calls per day |
SendSingleNewsletter | Based on the level of service (bandwidth or messages per hour) purchased by the User [†] | |
SendNewsletter | Max 200 calls per day | |
SendDirectSMS SendSingleSMS | Max 10 calls per second | |
Other SOAP API methods | Max 5 calls per second | |
REST API | Transactional and personal emails | Based on the level of service (bandwidth or messages per hour) purchased by the User |
| Transactional SMS | Max 30 calls per second | |
| Stop/Delete sendings | Max 1 call every 30 seconds | |
Other REST API methods | Max 5 calls per second | |
SMTP+ | Transactional and personal emails | Based on the level of service (bandwidth or messages per hour) purchased by the User [‡] |
Error handling and logging
MailUp does not provide application logs.
It is the responsibility of the Developer to correctly interpret and store - if needed - any errors returned by MailUp in case of calls to any Web service, as well as the implementation of effective "retry policies" to handle temporary errors.
Support is limited to the use of the API and does not cover proper development of any Application, including error handling and logging, unless otherwise agreed in writing.
Throttling limitations
Here below the throttling limitations:
| Day | Hour | Minute | |
|---|---|---|---|
| /frontend/xmlsubscribe.aspx | 20000 | 5000 | 300 |
| /frontend/subscribe.aspx | 20000 | 5000 | 300 |
Disabling of certain APIs
Certain APIs that are not being used by a User may be disabled to further minimize any risk of unauthorized use.
API | Features / Methods | How to disable it |
HTTP GET & POST API | Subscribe.aspx | Cannot be disabled |
Other pages (e.g.. xmlSubscribe.aspx) | Via admin console (Settings > Account settings > Developer's corner > Web services > FrontEnd) | |
SOAP API | MailUpImport | Via admin console (Settings > Account settings > Developer's corner > Web services > MailUpImport) |
Other SOAP API methods | Cannot be disabled [§] | |
REST API | All | Revoke Application authorization in the admin console [**] |
SMTP+ | All | Remove all SMTP+ users |
Updates
MailUp reserves the right to update its APIs - with or without prior notice - to achieve the following objectives.
- SOAP API, JSONP, HTTP GET & POST API: backward compatibility, implementation of new features, increase in security
- REST API: supports versioning and multiple versions can be active at the same time. An older version should be considered deprecated 6 months after the next version was released.
- SMTP+: maintain compliance with the SMTP protocol specifications
Modifications to the API and information on new features (or versions, in the case of the REST API) that have become deprecated are registered in the API documentation. In some cases, updates might be sent to Users and Developers via email or another form of communication.
Footnotes
[*] IP address-based restrictions do not apply to the SOAP Web Services “MailUpSend”, “MailUpManage”, “MailUpReport” and to the JSONP Web services
[†] Without exceeding 100 calls per day if message type=HTML and 5,000 calls per day if message type=ID
[‡] Service limitations are introduced when requests to send messages are sent at a speed that is far superior to the allocated bandwidth or messages per hour, with the result of a sending queue that exceeds 1,000,000 messages
[§] Unless all passwords associated with the MailUp accounts are reset
[**] If the feature cannot be accessed, please contact MailUp support