California SaaS API Access & Rate Limiting Demand Letters

Contract Breach Claims Good Faith & Fair Dealing API Terms Violations Updated Dec 2025
SaaS API Access Disputes Overview
What This Guide Covers: When a SaaS vendor revokes your API access, changes rate limits without notice, or breaks integrations that your business depends on, you may have legal claims for breach of contract, violation of the implied covenant of good faith and fair dealing, and breach of API terms of service. This guide provides California-specific legal guidance and demand letter templates.
Common API Access Disputes
Dispute Type Description Business Impact
API Access Revoked Vendor terminates API access without proper notice or cause Complete integration failure; business operations halt
Rate Limits Changed Vendor reduces API call limits, breaking existing integrations Degraded performance; forced upgrade to expensive tiers
Integration Broken Vendor changes API without deprecation notice or migration path Development costs; downtime; customer complaints
Authentication Revoked API keys invalidated without explanation or appeal process Immediate service disruption; data access blocked
Endpoint Deprecation Critical endpoints removed without adequate transition time Forced rewrite; compatibility issues; feature loss
Why API Disputes Matter
  • Business Dependency: Modern businesses rely on SaaS APIs for critical operations - payment processing, data sync, automation, customer communications
  • High Switching Costs: API integrations represent significant development investment; switching vendors requires rewriting code
  • Contractual Expectations: When you pay for API access, you have reasonable expectations about service continuity, rate limits, and deprecation policies
  • Customer Impact: Your customers suffer when your integrations break due to vendor actions
  • Data Access: API access often means access to your own data stored on the platform
Act Quickly: API disputes require immediate action. Document the issue, preserve evidence of the vendor's actions, and calculate your damages. Many API agreements have short notice periods for disputes or mandatory arbitration clauses with strict filing deadlines.
Legal Claims Available
Legal Theory When It Applies Potential Damages
Breach of Contract Vendor violates express terms of API agreement, SLA, or service terms Direct damages, consequential damages if not disclaimed
Good Faith & Fair Dealing Vendor exercises discretion unreasonably to deprive you of contract benefits Contract damages plus potential for greater recovery
Promissory Estoppel You relied on vendor's promises about API stability, deprecation policies Reliance damages (development costs, migration expenses)
Unfair Competition (CA B&P 17200) Vendor's practices are unlawful, unfair, or fraudulent Restitution, injunctive relief (API access restoration)
Conversion Vendor blocks access to your data stored on platform Value of data plus damages from inability to access
California Advantage: California law provides strong protections through the implied covenant of good faith and fair dealing. Even if the API agreement gives the vendor broad discretion, California courts require that discretion be exercised reasonably and not to deprive you of the agreement's expected benefits.
California Legal Framework for API Disputes
Breach of Contract Elements

To establish breach of contract for API access under California law, you must prove:

  • Existence of Contract: API Terms of Service, subscription agreement, or service agreement governing API access
  • Your Performance: You paid for the service, complied with usage policies, and met your obligations
  • Vendor's Breach: Vendor violated specific terms - unauthorized termination, rate limit changes without notice, breaking deprecation policies
  • Resulting Damages: You suffered quantifiable harm - lost revenue, development costs, customer losses
Key Contract Terms to Review:
  • Termination provisions - what notice is required? What constitutes cause?
  • Rate limit commitments - are limits guaranteed or "subject to change"?
  • Deprecation policy - how much notice for API changes?
  • SLA provisions - uptime guarantees, performance standards
  • Limitation of liability - are consequential damages disclaimed?
Implied Covenant of Good Faith and Fair Dealing

California Civil Code and case law impose an implied covenant of good faith and fair dealing on all contracts:

California Civil Code Section 1670.5: Even contracts with broad discretionary language cannot be used to defeat the reasonable expectations of the parties or deprive one party of the benefits of the agreement.
Vendor Action Good Faith Violation? Legal Reasoning
Revoking API access without stated cause Likely violation Defeats reasonable expectation of continued service while paying
Reducing rate limits by 90% without notice Likely violation Materially changes the bargain; forces upgrade or exit
Breaking changes with 7-day deprecation notice Possible violation Industry standard is 6-12 months; unreasonable timeline
Blocking data export after termination Likely violation Data belongs to customer; blocking access is conversion
Selective enforcement of terms against competitor Likely violation Discriminatory application of policies
API Terms of Service Violations

Many API agreements include specific commitments that, when violated, constitute breach:

  • Deprecation Policies: "We will provide 12 months notice before removing any API endpoint"
  • Rate Limit Guarantees: "Your plan includes 10,000 API calls per day"
  • Uptime SLAs: "99.9% API availability guaranteed"
  • Versioning Commitments: "We will maintain backward compatibility for 2 major versions"
  • Support Obligations: "Technical support response within 24 hours"
Watch for One-Sided Terms: Many API agreements include terms like "we may modify or discontinue the API at any time" or "rate limits subject to change without notice." However, California law may still protect you:
  • Unconscionable terms may be unenforceable (Civil Code 1670.5)
  • Good faith covenant still applies even with broad discretion
  • Implied terms from industry custom and prior course of dealing
  • Reasonable reliance on documentation and communications
California Unfair Competition Law (Bus. & Prof. Code Section 17200)

California's UCL provides additional remedies for API disputes:

  • Unlawful: Conduct that violates any other law (breach of contract, consumer protection statutes)
  • Unfair: Conduct that offends public policy or causes substantial consumer injury
  • Fraudulent: Misleading statements about API capabilities, stability, or terms
UCL Remedies: Under Section 17200, you can seek restitution (return of subscription fees, development costs) and injunctive relief (court order requiring API access restoration). This can be more valuable than contract damages alone.
Statute of Limitations
Claim Type Time Limit Starts Running
Written Contract Breach 4 years (CCP 337) Date of breach (API revocation, rate limit change)
Oral Contract Breach 2 years (CCP 339) Date of breach
UCL Claim 4 years (B&P 17208) Date of unfair conduct
Fraud 3 years (CCP 338(d)) Discovery of fraud
Common API Dispute Scenarios
Scenario 1: API Access Revoked Without Warning
The Situation: You wake up to find your API credentials have been revoked. Your integration is down, customers are complaining, and you receive a vague email about "terms violation" with no specific details.

Legal Analysis:

  • Most API agreements require notice before termination (review your terms)
  • Termination "for cause" typically requires specific violation and opportunity to cure
  • Vague accusations without evidence suggest pretextual termination
  • Blocking access to your data compounds the damages

Demand Letter Should Include:

  • Request for immediate reinstatement or specific explanation
  • Citation to notice/cure provisions in agreement
  • Documentation of your compliance with terms
  • Quantified damages from downtime and customer impact
  • Deadline for response (10-14 days)
Scenario 2: Rate Limits Drastically Reduced
The Situation: Your integration was working fine at 50,000 API calls/day. Without notice, the vendor reduces your plan's rate limit to 5,000 calls/day. Your integration breaks, and the vendor says you need to upgrade to an enterprise plan at 10x the cost.

Legal Analysis:

  • Material change to the bargain - you contracted for specific capacity
  • Forced upgrade is economic coercion, potentially bad faith
  • Lack of notice violates reasonable expectations
  • May constitute unfair business practice under UCL

Demand Letter Should Include:

  • Original rate limits promised in your plan/agreement
  • Date limits were changed without notice
  • Business impact (performance degradation, customer complaints)
  • Demand for restoration of original limits or pro-rata refund
  • Alternative: migration assistance if you choose to leave
Scenario 3: Integration Broken by API Changes
The Situation: The vendor releases a new API version that breaks backward compatibility. Despite their documentation promising 12 months deprecation notice, you received only 30 days. Your development team must scramble to rewrite integrations.

Legal Analysis:

  • Express breach of deprecation policy (12 months promised, 30 days given)
  • Reliance damages for emergency development costs
  • Lost revenue during migration period
  • Customer damages if service was degraded

Demand Letter Should Include:

  • Quote of deprecation policy from documentation
  • Timeline showing actual vs. promised notice period
  • Itemized development costs for emergency migration
  • Lost revenue during transition
  • Demand for extension of old API or cost reimbursement
Scenario 4: Authentication Keys Invalidated
The Situation: Your API keys are suddenly invalidated. When you contact support, they claim your account was flagged for "suspicious activity" but won't provide details. You cannot access the platform or your data.

Legal Analysis:

  • Security claims require specific evidence (not vague assertions)
  • Blocking data access may constitute conversion
  • Due process - you deserve to know the accusation and respond
  • If no actual violation, bad faith termination

Demand Letter Should Include:

  • Request for specific security concerns with evidence
  • Offer to implement additional security measures if legitimate issue
  • Demand for immediate data export regardless of account status
  • Timeline for resolution or escalation to legal action
Scenario 5: Vendor Blocks Competitor Integration
The Situation: After you announced a partnership with the vendor's competitor, your API access was suddenly "reviewed" and restricted. Coincidence? Your lawyer thinks not.

Legal Analysis:

  • Discriminatory enforcement of API terms
  • Potential tortious interference with business relationships
  • Antitrust concerns if vendor has market power
  • Clear bad faith if timing correlates with competitor relationship

Demand Letter Should Include:

  • Timeline showing correlation between competitor partnership and API issues
  • Evidence of differential treatment vs. non-competitor customers
  • Demand for equal treatment under API terms
  • Notice of potential antitrust and unfair competition claims
Create Your API Access Demand Letter

Use this interactive generator to create a customized demand letter for your SaaS API access dispute. Fill in the form on the left, and your letter will update in real-time on the right.

Your Information
SaaS Vendor Information
API Agreement Details
Cite specific terms from your API agreement
API Access Issues
Business Impact & Damages
Emergency fixes, migration costs
Resolution Demanded
Typically 10-14 days for API disputes
Live Preview
After generating your letter:
  • Review all highlighted fields and ensure accuracy
  • Attach copies of your API agreement, invoices, and communications
  • Send via certified mail AND email to ensure delivery
  • Keep copies of everything including proof of delivery
  • Set a calendar reminder for your deadline date
Sample API Access Demand Letters
Sample 1: API Access Revoked Without Cause
[Your Company Name] [Your Address] [City, State ZIP] [Phone] | [Email] [Date] [Vendor Name] Legal Department [Vendor Address] Via Email (legal@vendor.com) and Certified Mail RE: DEMAND FOR IMMEDIATE API ACCESS RESTORATION Account: [Your Account ID] Plan: Enterprise API - 100,000 calls/day Dear [Vendor Name] Legal Department: I am writing on behalf of [Your Company] regarding [Vendor]'s wrongful revocation of our API access on [Date], without notice or legitimate cause. BACKGROUND [Your Company] has been a paying customer since [Start Date], maintaining an Enterprise API subscription at $999/month. We have consistently paid all invoices on time and have operated in full compliance with your Terms of Service and API Usage Guidelines. Our account is in good standing with no outstanding violations or disputes. THE WRONGFUL REVOCATION On [Date], our API access was terminated without warning. We received a single automated email stating "Your API access has been suspended due to a Terms of Service violation" with no further explanation. Our requests for specific information about the alleged violation have been ignored. This revocation violates your API Terms of Service, which state: - "We will provide 30 days written notice before terminating API access for any non-emergency reason" - "For alleged policy violations, we will notify the customer and provide an opportunity to cure before suspension" You have provided no notice, no specific allegations, and no opportunity to cure. DAMAGES Your actions have caused immediate and ongoing harm: - Our customer-facing dashboard has been non-functional for [X] days - [Number] customers have complained; [Number] have threatened contract cancellation - Lost revenue: approximately $[Amount] per day - Emergency development costs for workaround: $[Amount] - Reputational damage with enterprise clients DEMAND We demand that [Vendor] immediately: 1. Restore full API access within 24 hours 2. Provide specific written documentation of the alleged Terms violation 3. If any legitimate violation exists, provide 30 days to cure as required by your Terms 4. Compensate us for damages incurred during the wrongful suspension DEADLINE If we do not receive API restoration and a satisfactory written response within 10 days, we will: - File a lawsuit in California Superior Court for breach of contract and bad faith - Seek preliminary injunction requiring API access restoration - Pursue all compensatory and consequential damages - File a complaint with the California Attorney General This demand is made without prejudice to any claims and with full reservation of rights. Sincerely, [Your Name] [Title] [Your Company] Enclosures: - API subscription agreement - Payment history - Suspension notification email - Customer complaint examples
Sample 2: Rate Limit Changes Without Notice
[Your Company Name] [Address] [Date] [Vendor Name] [Address] RE: DEMAND REGARDING UNAUTHORIZED RATE LIMIT REDUCTION Account: [ID] | Plan: Pro API (50,000 calls/day) Dear [Vendor]: This letter concerns [Vendor]'s material breach of our API agreement through the unauthorized reduction of our API rate limits. THE BREACH When we subscribed to the Pro API plan on [Date], we contracted for 50,000 API calls per day at $499/month. This rate limit was essential to our business operations and was a material term of our agreement. On [Date], without any prior notice, [Vendor] reduced our rate limit to 5,000 calls/day - a 90% reduction. When we contacted support, we were told this was the "new standard" for Pro plans and that we would need to upgrade to Enterprise ($2,499/month) to restore our original capacity. This constitutes: 1. Breach of express contract terms (the plan we purchased guaranteed 50,000 calls/day) 2. Unilateral modification of a material term without consent 3. Violation of the implied covenant of good faith and fair dealing 4. Bait-and-switch tactics constituting unfair business practices under Cal. Bus. & Prof. Code 17200 BUSINESS IMPACT Your actions have caused: - Application performance degradation (90% API request failures) - Customer complaints regarding slow/failed operations - Engineering time spent on emergency rate limit handling - Risk of customer churn DAMAGES TO DATE: Approximately $[Amount] DEMAND 1. Immediate restoration of 50,000 calls/day rate limit 2. Written commitment to 12-month rate lock at current pricing 3. Compensation of $[Amount] for damages incurred 4. Refund of subscription fees for the degraded service period We require response within 10 days. Failure to resolve this matter will result in legal action including claims for breach of contract, bad faith, and unfair competition. Sincerely, [Name]
Sample 3: Breaking Changes Without Proper Deprecation
[Your Company Letterhead] [Date] [Vendor Name] Legal Department [Address] RE: BREACH OF API DEPRECATION POLICY - DEMAND FOR DAMAGES Affected Endpoint: /v2/data-sync Dear [Vendor]: This demand letter concerns [Vendor]'s breach of its published API deprecation policy, causing significant harm to [Your Company]. FACTUAL BACKGROUND [Your Company] built mission-critical integrations relying on [Vendor]'s /v2/data-sync endpoint. Per your API documentation (archived copy attached), your deprecation policy states: "API endpoints will not be removed without a minimum of 12 months notice. We will provide migration guides and maintain backward compatibility during the transition period." THE BREACH On [Date], [Vendor] sent an email announcing the immediate removal of /v2/data-sync with only 30 days notice. The replacement /v3/data-sync endpoint is not backward compatible and requires complete rewrite of our integration code. 30 days notice violates your 12-month deprecation commitment. You have provided no migration guide and no backward compatibility layer. DAMAGES 1. Emergency development costs: $[Amount] - 3 senior engineers x 6 weeks at loaded cost 2. Lost revenue during transition: $[Amount] - [X] days of degraded service 3. Customer compensation: $[Amount] - SLA credits issued to affected customers 4. Opportunity costs: $[Amount] - Delayed product roadmap features TOTAL DAMAGES: $[Amount] DEMAND 1. Extension of /v2/data-sync availability by 9 months (to fulfill 12-month commitment) 2. Alternatively, compensation of $[Amount] for forced accelerated migration 3. Written confirmation of adherence to deprecation policies going forward Deadline: 14 days from receipt of this letter. [Signature block]
Attorney Services for API Disputes
API Access Disrupted? Integration Broken?

I represent businesses in disputes with SaaS vendors over API access, rate limiting, deprecation violations, and integration failures. I handle demand letters, negotiations, arbitration, and litigation to restore access and recover damages.

Services for API Customers
  • Analyze API agreement terms and identify legal claims
  • Draft and send formal demand letters to vendors
  • Negotiate API access restoration and damage compensation
  • File emergency motions for preliminary injunction (access restoration)
  • Litigate breach of contract and bad faith claims
  • Handle arbitration proceedings under API agreements
  • File regulatory complaints with California AG for unfair practices
  • Advise on migration strategies and vendor transition
When to Seek Legal Help
Consider legal representation when:
  • API access disruption is causing significant daily revenue loss
  • Vendor is unresponsive to reasonable requests for restoration
  • Agreement terms clearly support your position but vendor ignores them
  • You need emergency court intervention (preliminary injunction)
  • Damages exceed $25,000 and justify litigation investment
  • Vendor is blocking access to your data (conversion claim)
Fee Structures
Service Typical Fee
Demand letter drafting and sending Flat fee $450
Negotiation and settlement $240/hr
Emergency preliminary injunction $10,000 - $25,000 flat fee
Arbitration (full proceeding) $15,000 - $50,000+
Litigation (through trial) $25,000 - $100,000+
Contingency (strong cases with $50k+ damages) 33-40% of recovery
Contact Information
Schedule a Consultation
Email: owner@terms.law

I offer initial consultations to review your API agreement, assess the strength of your claims, and recommend next steps. Bring copies of your API agreement, the termination/change notice, and documentation of your damages.
Frequently Asked Questions
It depends on your contract. Most SaaS API agreements include a "limitation of liability" clause disclaiming consequential damages (lost profits, business interruption, etc.). However, these clauses may be unenforceable in California if: (1) they are unconscionable (hidden, unexpected, or grossly one-sided); (2) the vendor acted in bad faith or with gross negligence; or (3) the clause was not conspicuous or was buried in fine print. Review your agreement carefully and consult an attorney - even with a limitation clause, you may have arguments for recovery, especially if the vendor's conduct was egregious.
Yes, you likely still have rights despite this language. California law imposes an implied covenant of good faith and fair dealing on all contracts. Even with broad termination discretion, the vendor cannot exercise that discretion: (1) to deprive you of the expected benefits of the contract; (2) in bad faith or for pretextual reasons; (3) in a discriminatory manner; or (4) to force you into an unfair situation (like a surprise upgrade demand). Courts look at the totality of circumstances including your payment history, their stated policies, industry custom, and the reasonableness of their actions. A vendor that terminates a paying customer in good standing without real cause may still face liability despite "at any time" language.
This is a strategic decision with pros and cons. Continuing to pay: (1) preserves your claim that you are fulfilling your obligations; (2) prevents them from claiming you breached first; (3) may keep your account active for easier restoration. However, continuing to pay for service you are not receiving can feel wrong and increase your damages. One approach: continue paying but send written notice that payments are "under protest" and "subject to refund claim." Document everything. Do NOT stop payment without legal advice, as this could give the vendor an excuse to formally terminate your account and complicate your claims.
Many SaaS agreements require disputes to go to arbitration (typically AAA or JAMS) rather than court. Arbitration has pros and cons: it can be faster and less formal, but arbitrator fees can be expensive and you lose access to a jury. If your agreement has an arbitration clause, you will likely need to arbitrate rather than sue. However, you can still send a demand letter first - most arbitration clauses require or encourage pre-arbitration negotiation. Also check if the clause allows small claims court (many do for claims under $10,000). Some arbitration clauses are unconscionable and unenforceable under California law, particularly if they are hidden, have grossly unfair terms, or waive important statutory rights.
Evidence preservation is critical. Immediately: (1) Screenshot/archive all API documentation, terms of service, and deprecation policies (these may change); (2) Save all emails and communications with the vendor; (3) Document the timeline with dates of issue discovery, outreach attempts, and vendor responses; (4) Capture API error responses and logs showing the denial/limitation; (5) Calculate and document damages daily (lost transactions, error counts, customer complaints); (6) Archive your own codebase showing the integration and when it was built; (7) Get written statements from affected customers if possible; (8) Use the Internet Archive (Wayback Machine) to capture vendor's public documentation. Send a litigation hold notice to your own team to prevent routine deletion of relevant data.