TRACES SUVIDHA Developer Portal & API Terms and Conditions

1. Definitions

In these Terms, unless the context otherwise requires, the following expressions shall have the meanings respectively ascribed to them below:

• "TRACES SUVIDHA" shall mean the platform exposing APIs and related services for the electronic preparation, filing, and processing of TDS/TCS statements, as made available via the Developer Portal.
• "Developer Portal" shall mean the web-based portal hosted on this site through which you may register, manage applications, obtain API credentials, and access documentation, sandbox tools, and related resources.
• "APIs" shall mean the application programming interfaces, endpoints, and related technical specifications (including, without limitation, those described in the applicable Swagger/OpenAPI definitions) made available as part of the Services.
• "You" / "User" / "Organization" shall mean the legal entity (and its duly authorised users, employees, contractors, or agents) registering on or using the Developer Portal for the purpose of integrating with the APIs.
• "Production Environment" shall mean the live environment intended for the filing of actual TDS/TCS statements or related submissions under applicable law.
• "Sandbox Environment" shall mean the test or non-production environment made available for integration testing using sample, masked, or obfuscated data and which shall not be used for actual regulatory filings.

2. Eligibility & registration

2.1. Only entities that are eligible under applicable law to file TDS/TCS statements, or their duly authorised intermediaries or service providers, may register for and use the Services. By registering, you represent and warrant that you satisfy such eligibility criteria and that your use of the Services is in compliance with all applicable laws and regulations.

2.2. As part of the registration process, you shall provide true, accurate, current, and complete information in respect of your organisation (including TAN and contact details) and the primary technical and administrative contact. You undertake to promptly update such information to keep it true, accurate, current, and complete at all times.

2.3. You represent and warrant that the individual creating or administering the account is duly authorised to bind the registering organisation to these Terms and to perform all acts contemplated hereunder on its behalf.

3. API access & credentials

3.1. Subject to your continued compliance with these Terms and any additional conditions communicated through the Developer Portal or otherwise in writing, you may be granted a limited, non-exclusive, revocable, and non-transferable right to access and use the APIs for the sole purpose of developing, testing, and operating systems that submit TDS/TCS statements via TRACES SUVIDHA.

3.2. You may be issued one or more credentials (such as client IDs, client secrets, access tokens, certificates, or similar instruments) for authenticating your applications. You shall:

• Keep all such credentials strictly confidential, secure, and protected against unauthorised access, disclosure, or use;
• Not embed credentials directly in client-side code or otherwise hard-code, publish, or distribute them to any unauthorised person; and
• Promptly notify us via the contact channels indicated in the Developer Portal if you become aware of or reasonably suspect any loss, theft, compromise, or misuse of your credentials.

3.3. You shall be solely responsible and liable for all calls made to the APIs and all activities carried out using your credentials, whether such use is authorised by you or not, and you shall indemnify and hold us harmless from any claims arising therefrom.

4. Your obligations

You hereby agree, covenant, and undertake that you shall:

• Use the Services strictly in accordance with these Terms, the applicable API documentation, and all applicable laws, rules, and regulations;
• Ensure that your systems, software, and integrations are properly designed, implemented, and tested so as not to introduce security vulnerabilities, instability, or undue load on the Services;
• Promptly implement any mandatory technical, security, or compliance changes or updates notified via the Developer Portal, documentation, or other prescribed communications;
• Maintain appropriate logs, records, and audit trails of your API usage for such periods as may be required under applicable law or reasonably requested for the investigation of issues; and
• Ensure that your end users (if any) are provided with appropriate notices and, where required, obtain valid consents in relation to the collection, use, storage, and disclosure of their data in accordance with applicable law.

5. Permitted and prohibited usage

5.1. You may use the APIs solely for the purpose of preparing, validating, and filing TDS/TCS statements and for related compliance workflows as permitted by applicable law and strictly in accordance with these Terms. Any other use shall be unauthorised and is expressly prohibited.

You shall not, whether directly or indirectly:

• Use the Services for any unlawful, fraudulent, unauthorised, or unethical purpose or in a manner that is contrary to public policy or morality;
• Attempt to gain unauthorised access to any systems, networks, or data beyond what is expressly permitted for your account or credentials;
• Bypass, disable, interfere with, or attempt to circumvent any authentication, authorisation, encryption, or other technical protection mechanisms implemented as part of the Services or APIs;
• Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, underlying ideas, algorithms, or structures of any component of the Services, except to the limited extent expressly permitted by applicable law;
• Introduce, transmit, or permit the introduction of any malware, virus, trojan, or other harmful or malicious code into the Services; or
• Use the Services in any manner that interferes with, degrades, or adversely impacts their performance, availability, or security for any other user.

6. Security, confidentiality & data protection

6.1. You shall implement and maintain appropriate technical and organisational measures to protect the confidentiality, integrity, and availability of any data that you process through the APIs, including taxpayer information, in accordance with applicable laws, regulations, and industry best practices.

6.2. You shall ensure that all transmissions to and from the APIs occur over secure communication channels as specified in the technical documentation (for example, TLS/HTTPS) and that cryptographic keys and certificates are appropriately managed.

6.3. You shall promptly notify the relevant authorities and, where applicable, us via the channels indicated in the Developer Portal if you become aware of any security incident, breach, or unauthorised access, use, or disclosure of data related to your use of the Services and shall cooperate in good faith with any investigation or remedial actions.

6.4. Your collection, use, storage, disclosure, and other processing of personal data through the APIs shall at all times comply with all applicable data protection and privacy laws. You are solely responsible for obtaining and documenting all necessary consents, authorisations, and approvals from data subjects, where required.

7. Rate limits, quotas & fair usage

7.1. Your use of the APIs may be subject to rate limits, quotas, thresholds, or other technical restrictions (for example, maximum requests per minute, maximum payload size, or concurrency limits), as may be communicated via the Developer Portal or documentation from time to time.

7.2. You shall not circumvent, attempt to circumvent, or otherwise interfere with such limits and shall design your integrations such that calls are efficient and do not generate unnecessary or abusive load on the Services.

7.3. We reserve the right to monitor API usage for security, operational, and capacity-planning purposes and may, at our sole discretion, temporarily throttle, restrict, or block requests that appear to adversely impact, or are reasonably likely to adversely impact, the stability, performance, or security of the Services.

8. Suspension & termination

8.1. We may, without incurring any liability, and without prejudice to any other rights or remedies available to us under law or equity, suspend, restrict, or revoke your access to all or part of the Services (including specific credentials or applications), with or without prior notice, if:

• We reasonably suspect misuse, security compromise, abusive behaviour, or violation of these Terms or any applicable law;
• Such action is required by law, regulation, order, or direction of a competent court, government body, or regulatory authority; or
• There is, in our reasonable opinion, an operational, technical, or security need to do so (for example, incident response, maintenance, or risk mitigation).

8.2. Upon suspension, restriction, or termination of access, you shall immediately cease using the affected credentials and APIs, and securely delete or disable any keys, tokens, or certificates that are no longer valid, except to the limited extent retention is required under applicable law.

9. Disclaimers, warranties & limitation of liability

9.1. The Services are provided on an "as is" and "as available" basis and you use them at your sole risk. To the fullest extent permitted by applicable law, all warranties, representations, guarantees, and conditions, whether express, implied, statutory, or otherwise (including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, non-infringement, or uninterrupted or error-free operation) are hereby disclaimed.

9.2. Nothing in these Terms is intended to exclude or limit any statutory obligations or liabilities that cannot be excluded or limited under applicable law. Subject to the foregoing, and to the extent permitted by law, our aggregate liability arising out of or in connection with your use of the Services, whether in contract, tort (including negligence), or otherwise, shall be limited to direct damages only and shall in no event include any indirect, incidental, consequential, special, exemplary, or punitive damages, or loss of profit, revenue, data, or business opportunity.

9.3. You remain solely and exclusively responsible for the accuracy, completeness, and timely preparation, validation, and filing of any TDS/TCS statements or other returns submitted using the Services and for compliance with all statutory and regulatory requirements relating thereto.

10. Changes to the Service & these Terms

10.1. The technical characteristics of the APIs (including supported versions, endpoints, data formats, and security controls) may evolve over time. Deprecation timelines and migration guidance will generally be communicated via the Developer Portal or documentation. You shall be responsible for updating your integrations within the announced timelines and acknowledging that continued use of deprecated versions may result in disruption or cessation of service.

10.2. We reserve the right to amend, modify, or replace these Terms from time to time. The latest version of the Terms will be published on this page and shall supersede all previous versions with effect from the date indicated as the effective date. Your continued access to or use of the Services after such publication shall constitute your deemed acceptance of the revised Terms.

11. Contact & support

If you have any queries regarding these Terms or your use of the TRACES SUVIDHA developer portal and APIs, you may raise a support ticket or use the contact channels provided within the Developer Portal. Communications made through such channels shall not be construed as legal advice.

This page is intended to provide the general contractual terms applicable to usage of the TRACES SUVIDHA developer portal and APIs. It does not replace, amend, or modify any statutory obligations, rules, circulars, or notifications issued by the competent authorities governing TDS/TCS compliance and does not constitute legal advice. You should obtain independent legal advice in respect of your specific circumstances if required.