Don't Sign Until You Read This
Broker API terms of service are dense legal agreements that most trading platform founders skim through before clicking "I Agree." This is a costly mistake. These contracts govern your access to critical infrastructure and can expose you to unlimited liability, sudden termination, and regulatory pass-through obligations.
I've reviewed API agreements from every major broker offering API access. This guide breaks down what to look for, what to negotiate, and which provisions are deal-breakers.
⚠ Termination Without Notice
Most broker APIs reserve the right to terminate your access immediately without cause. If your entire business depends on one broker's API and they cut you off with zero notice, your platform goes dark overnight. Always have backup broker integrations ready.
Key TOS Provisions to Review
Before integrating any broker API, I systematically review these critical sections:
- Termination Rights: Can the broker terminate my access immediately? With or without cause? What notice period do I get? Can they terminate during market hours?
- Service Level Commitments: Is there a guaranteed uptime percentage? What happens if the API goes down during trading hours? Do I get credits or refunds for outages?
- Liability Caps: What is the maximum the broker will pay if their API causes me losses? Is it capped at fees paid? Is it unlimited? Does it cover consequential damages?
- Data Ownership: Who owns customer data? Can the broker use my customer data? Can they market to my customers? What happens to data if I terminate?
- Rate Limiting: What are the request limits? Per second? Per day? What happens if I exceed limits? Will they throttle or cut me off entirely?
- Indemnification Scope: What am I required to indemnify the broker for? Does it cover their own negligence? Is there a cap? Does my insurance cover it?
- Fee Changes: Can the broker raise fees unilaterally? How much notice do they give? Can I terminate if fees increase? Are there volume discounts?
- Modification Rights: Can they change the TOS at any time? Do they notify me? What's the notice period? Can I object to changes?
- Regulatory Compliance: Who is responsible for compliance? If the broker gets sanctioned, does it affect me? Do they pass through regulatory requirements?
- IP and Trademark Usage: Can I use their logo? Under what restrictions? Do I need approval for marketing materials? What happens if I violate trademark rules?
Liability Limitations & Indemnification
This is where broker agreements get dangerous. I need to understand exactly what liability I'm assuming.
Liability Cap Analysis
| Liability Type | Typical Broker Position | What I Should Negotiate |
|---|---|---|
| Direct Damages | Capped at fees paid in last 12 months | Increase to 12-24 months of fees or $100K minimum |
| Consequential Damages | Completely excluded | Carve out for gross negligence or willful misconduct |
| API Downtime | No liability | Service credits for downtime exceeding SLA |
| Data Breach | Capped or excluded | Broker covers breaches on their systems |
| Trade Execution Errors | Broker has no liability | Liability for broker's execution platform errors |
Indemnification Red Flags
🚨 Dangerous Indemnification Clauses
- Unlimited indemnification: "You agree to indemnify Broker for any and all claims" with no cap
- Indemnifying broker's negligence: You pay even when they mess up
- No knowledge qualifier: You're liable even for violations you didn't know about
- Third-party claims: You indemnify for claims by anyone, not just your customers
- Regulatory penalties: You cover their fines if regulators sanction them
- No right to control defense: They settle claims against you without your input
💡 Insurance Implications
Most E&O insurance policies have exclusions for contractual liability and indemnification obligations. Before signing an API agreement with broad indemnification, confirm with my insurance broker that the policy covers these obligations. Otherwise I'm personally exposed.
Data Ownership & Usage Rights
Who owns the customer data flowing through the API? This question determines whether I'm building equity or just renting customers.
Critical Data Questions
- Customer ownership: Does the broker consider end users "their" customers or mine?
- Data portability: Can I export customer data if I switch brokers?
- Marketing restrictions: Can the broker directly market to my users?
- Data aggregation: Can they aggregate and sell anonymized data from my users?
- Competitive use: Can they use insights from my platform to build competing products?
- Retention after termination: What happens to customer data if my API access ends?
⚠ The "White Label" Trap
Some broker agreements position you as a "white label" partner, meaning the broker owns the customer relationship. You're just the interface. If the agreement terminates, the broker keeps the customers and you lose everything. Make sure the contract clearly states you own the customer relationship.
Data Usage Rights Comparison
| Data Type | Your Rights | Broker Rights | Negotiate |
|---|---|---|---|
| Customer PII | Own and control | Process for execution only | ✓ |
| Trading Activity | Access and export | Aggregate for reporting | ⚠ |
| Account Balances | Real-time access | Monitor for risk | ✓ |
| Platform Analytics | Exclusive ownership | No access | ✕ |
| Market Data | Licensed use only | Sublicense from exchanges | ⚠ |
Rate Limits & Throttling
API rate limits can kill your platform's performance. I need to understand the technical and contractual constraints.
Rate Limit Questions
- What are the request limits per second/minute/day?
- Are limits per API key, per user, or per platform?
- What happens when I hit limits? Hard cutoff or throttling?
- Can I request higher limits? At what cost?
- Are there separate limits for market data vs. trading endpoints?
- Do limits apply during market open vs. after hours?
- Is there burst capacity for peak usage?
💡 Scaling Costs
Rate limits often require purchasing additional API tiers or "units" as you scale. A broker might advertise "free API access" but charge $500/month for each additional 1,000 users. Model these costs into your unit economics before committing to a broker.
Typical Rate Limit Structures
| Broker Tier | Requests/Second | Daily Limit | Cost |
|---|---|---|---|
| Free Tier | 5-10 req/sec | 10,000 - 50,000 | $0 |
| Standard | 50-100 req/sec | 500,000 - 1M | $200 - $500/mo |
| Professional | 200-500 req/sec | 5M - 10M | $1,000 - $2,500/mo |
| Enterprise | Custom | Unlimited | Custom pricing |
Termination & Suspension Rights
This is the provision that keeps me up at night. Most broker APIs can terminate access instantly, and my entire business goes offline.
Termination Triggers
- Immediate Termination for Cause: Breach of TOS, regulatory violation, fraud, illegal activity. This is standard and acceptable.
- Termination Without Cause: Broker can terminate "for any reason or no reason" with 30-90 days notice. Negotiate for longer notice period (180 days minimum).
- Suspension Without Notice: Broker can immediately suspend access if they "reasonably believe" a violation occurred. Demand right to cure within 24-48 hours.
- Regulatory Termination: If broker loses licenses or gets sanctioned, your access terminates. Ask for transition assistance to move to new broker.
- Non-Payment Termination: Failure to pay fees allows termination. Negotiate for 15-day cure period after notice.
⚠ Survival Clauses
Even after termination, certain obligations survive: indemnification, confidentiality, liability limitations. I could be on the hook for claims years after my API access ends. Try to negotiate a survival period cap (e.g., 2-3 years maximum).
Termination Best Practices
- Multi-broker strategy: Integrate with 2+ brokers from day one so termination doesn't kill your platform
- Data export plan: Regularly export customer data so you can migrate quickly
- Transition assistance: Negotiate for broker to assist with customer account transfers if they terminate
- Notice escalation: Require termination notice to go to CEO/legal, not just account manager
- Cure rights: For non-material breaches, get 30 days to cure before termination
Regulatory Compliance Pass-Through
When I integrate a broker's API, do I inherit their regulatory obligations? This is a critical question with expensive implications.
Compliance Responsibilities
| Obligation | Broker Responsibility | Your Responsibility |
|---|---|---|
| Trade Execution | FINRA compliance, best execution | Ensure platform doesn't interfere |
| Customer Accounts | KYC/AML, account approval | Accurate customer data submission |
| Market Data | Exchange agreements, licensing | Comply with data usage restrictions |
| Order Handling | Reg NMS, order protection | Proper order routing via API |
| Suitability | Not applicable (self-directed) | Risk disclosures if providing guidance |
| Pattern Day Trader | Monitor and enforce PDT rules | Display warnings in UI |
| Margin | Reg T compliance, margin calls | Accurate display of buying power |
💡 Regulatory Exam Exposure
If the broker gets examined by FINRA or the SEC, the examiners may request information about your platform. The TOS likely requires you to cooperate with regulatory exams and produce documents on demand. Budget time and legal costs for responding to exam requests.
Pass-Through Obligations to Watch
- Market data fees: Exchanges require non-professional vs. professional subscriber classification. Misclassification can result in massive retroactive fees.
- FINRA rules: If the broker is FINRA-regulated, communications and marketing restrictions may apply to your platform.
- Order handling: Reg NMS requires certain order protections. Your platform can't introduce latency that violates these rules.
- Cybersecurity: SEC and FINRA have cybersecurity requirements. The broker may audit your security practices.
- Record retention: Books and records rules may require you to retain customer communications and trade records for 3-7 years.
Customer Disclosure Requirements
What do I have to tell my customers about the broker relationship? This affects my user agreements and risk disclosures.
Required Disclosures
- Broker Identity: Must disclose which broker-dealer holds customer accounts and executes trades. Cannot hide this relationship.
- SIPC Coverage: Must explain SIPC insurance coverage limits and what is/isn't protected. Required by SEC.
- Order Routing: If broker has payment for order flow arrangements, may need to disclose. Rule 606 requires order routing disclosures.
- Market Data Disclaimers: Exchange data requires specific disclaimer language about delays, accuracy, and usage restrictions.
- Platform vs. Broker Responsibilities: Clarify what your platform does vs. what the broker does to avoid customer confusion.
- Fees: Transparent disclosure of all fees, including broker fees, platform fees, and exchange fees.
💡 Sample Disclosure Language
"Securities in your account are held by [Broker Name], a registered broker-dealer and member of FINRA and SIPC. [Your Platform] is a technology platform that provides access to your brokerage account but does not provide investment advice or hold customer funds. SIPC protection covers up to $500,000 in securities."
IP & Trademark Restrictions
Can I use the broker's name and logo in my marketing? What are the restrictions?
Trademark Usage Rules
| Usage | Typically Allowed | Requires Approval | Prohibited |
|---|---|---|---|
| Broker Name | Factual reference | Marketing materials | Implies endorsement |
| Broker Logo | Regulatory disclosures | Website footer | Primary branding |
| "Powered By" | With guidelines | Specific language | Without permission |
| Co-Branding | No | Negotiated partnerships | Without agreement |
| Domain Names | No | No | Using broker trademark |
💡 Approval Requirements
Most brokers require pre-approval of any marketing materials using their name or logo. This means a 5-10 day review process for every landing page, ad, or blog post. Build this delay into your marketing timeline.
SLA & Uptime Guarantees
What happens when the API goes down? This is where I find out if the broker stands behind their service.
SLA Components
- Uptime percentage: 99.9% (8.7 hours downtime/year) vs. 99.99% (52 minutes/year)
- Measurement period: Monthly, quarterly, or annual?
- Exclusions: Scheduled maintenance, DDoS attacks, force majeure
- Remedies: Service credits vs. refunds vs. nothing
- Credit calculation: Percentage of monthly fees based on downtime tier
- Claim process: Must submit claim within 30 days or forfeit credits
SLA Comparison
| Uptime | Downtime/Month | Typical Credit | Rating |
|---|---|---|---|
| 99.99% | 4.3 minutes | 25% monthly fee | Excellent |
| 99.9% | 43.2 minutes | 10% monthly fee | Good |
| 99.5% | 3.6 hours | 5% monthly fee | Fair |
| 99% | 7.2 hours | No credit | Poor |
| No SLA | Unlimited | None | Unacceptable |
⚠ Service Credits Aren't Damages
Most SLAs explicitly state that service credits are your "sole and exclusive remedy" for downtime. Even if the API is down during market hours and your users lose money, you only get a 10% credit on a $500/month feeānot compensation for actual damages. This is why the liability limitation section is so critical.
Broker API Comparison Matrix
Based on my analysis of current API agreements, here's how major brokers compare across key TOS provisions:
| Provision | Alpaca | Interactive Brokers | Tradier | DriveWealth |
|---|---|---|---|---|
| Termination Notice (Without Cause) | 30 days | 90 days | 30 days | 60 days |
| Liability Cap | Fees paid (12 mo) | $100 or fees paid | Fees paid (6 mo) | Fees paid (12 mo) |
| Indemnification Scope | Broad | Very broad | Moderate | Broad |
| Data Ownership | Platform owns | Shared | Platform owns | Broker owns |
| Rate Limits (Free Tier) | 200 req/min | 50 req/sec | 60 req/min | 120 req/min |
| SLA Uptime | 99.9% | No published SLA | 99.5% | 99.9% |
| SLA Credits | 10% per tier | None | 5% per incident | 10% per tier |
| Marketing Use of Name | Pre-approval required | Restricted | Pre-approval required | Pre-approval required |
| Customer Marketing by Broker | Prohibited | Allowed | Opt-out available | Allowed |
| Fee Changes Notice | 30 days | 60 days | 30 days | 45 days |
| TOS Modification Notice | 15 days | 30 days | 15 days | 30 days |
| Arbitration Required | Yes | Yes | No | Yes |
| Governing Law | California | Connecticut | Delaware | New Jersey |
💡 Comparison Notes
This comparison is based on standard API agreements as of December 2025. Enterprise customers often negotiate custom terms. Always review the specific agreement provided to you, as brokers may update terms or offer different provisions based on volume and relationship.
Red Flag Provisions
These provisions should trigger immediate pushback or reconsideration of the broker relationship:
🚨 Deal-Breaker Terms
- Unlimited indemnification with no cap: Opens you to catastrophic liability
- Immediate termination without cause or notice: Your business can be destroyed overnight
- Broker ownership of customer relationships: You're building their business, not yours
- No liability for API downtime during trading hours: They have no skin in the game for reliability
- Unilateral TOS changes effective immediately: They can change the rules mid-game
- Broker can compete using your data/insights: You're funding your competitor
- No data portability or export rights: You're locked in forever
- Assignment rights to unknown third parties: Broker can sell to competitor
- Waiver of consequential damages for gross negligence: No accountability for recklessness
- Survival of indemnification obligations beyond 5 years: Unlimited tail risk
Negotiation Strategy
Most broker API agreements are presented as "non-negotiable," but everything is negotiable if you have leverage. Here's my approach:
When You Have Leverage
- Large user base: If you're bringing 10,000+ potential accounts, brokers will negotiate
- High-value users: Customers with large account balances generate more revenue for brokers
- Active traders: High trading volume = high commissions for brokers
- Strategic relationship: If you fill a niche the broker wants to enter, you have leverage
- Multi-broker RFP: Playing brokers against each other in a formal RFP process
Priority Negotiation Points
- Termination notice period: Push for 180 days minimum, ideally 12 months
- Liability cap floor: Negotiate minimum cap (e.g., $100K or 24 months fees, whichever is greater)
- Indemnification cap: Cap indemnity at same level as liability cap
- Customer ownership: Explicitly state you own the customer relationship and data
- SLA with teeth: Real service credits (25-50% of monthly fees) for material downtime
- Data portability: Right to export all customer data in standard format
- Fee caps: Limit annual fee increases to CPI or 10%, whichever is less
- Survival period: Cap indemnification survival at 2-3 years post-termination
✅ Document Everything
Any negotiated changes must be in writing, preferably in an amendment to the standard agreement. Side letters and email confirmations are better than nothing but can be disputed. Never rely on verbal promises from a broker account manager.
TOS Review Checklist
Use this checklist for every broker API agreement review:
-
Termination Rights:
☐ Notice period for termination without cause is 90+ days
☐ Right to cure breaches before termination
☐ Transition assistance if broker terminates relationship -
Liability & Indemnification:
☐ Liability cap is adequate for potential damages
☐ Indemnification scope is reasonable and capped
☐ Broker liability for their own negligence/misconduct
☐ My insurance policy covers indemnification obligations -
Data & Ownership:
☐ I own customer relationships and data
☐ Data portability rights are documented
☐ Broker cannot market directly to my customers
☐ Clear data retention/deletion terms upon termination -
Service Levels:
☐ SLA includes minimum uptime percentage
☐ Service credits or refunds for SLA breaches
☐ Exclusions are reasonable (not overly broad)
☐ Separate SLAs for trading hours vs. off-hours -
Technical & Operational:
☐ Rate limits are documented and adequate for my scale
☐ Process for requesting higher limits is clear
☐ API versioning and deprecation policy is fair (6+ months notice)
☐ Testing environment is provided -
Compliance & Regulatory:
☐ Division of compliance responsibilities is clear
☐ I understand pass-through regulatory obligations
☐ Required customer disclosures are documented
☐ Process for regulatory exams is outlined -
Commercial Terms:
☐ Fee structure is clear and predictable
☐ Fee increase limitations are documented
☐ Volume discounts or revenue share is negotiated
☐ Payment terms are acceptable (net 30, not prepaid) -
IP & Marketing:
☐ Trademark usage guidelines are clear
☐ Approval process timeline is documented
☐ Co-marketing opportunities are outlined
☐ My platform IP is protected
When to Hire an Attorney
Broker API agreements are complex contracts with significant liability exposure. Here's when I absolutely need legal review:
- Enterprise agreements: Any custom agreement or negotiated terms
- High transaction volume: If I expect to process $10M+ in trades annually
- Large user base: Platforms with 1,000+ users
- Unlimited indemnification: Any agreement with uncapped indemnity obligations
- Institutional customers: If serving professional traders or institutions
- Multi-broker integration: Need consistent terms across multiple brokers
💡 Legal Review Costs
Expect to pay $2,000 - $5,000 for an attorney to review and provide feedback on a standard broker API agreement. Negotiating custom terms will add another $3,000 - $10,000. This is cheap insurance compared to the potential liability these agreements create.
Ongoing TOS Monitoring
My obligations don't end after signing. I need to monitor for changes and compliance:
- TOS change notifications: Set up alerts for modification notices
- Quarterly compliance reviews: Ensure I'm meeting all obligations
- SLA tracking: Log all API downtime to claim service credits
- Rate limit monitoring: Track usage to avoid overages or throttling
- Insurance renewal: Confirm continued coverage for indemnification
- Fee validation: Audit monthly invoices against agreed fee schedule
- Data export: Regular backups in case of termination
✅ Annual Agreement Review
Set a calendar reminder to review the broker API agreement annually. Check for: (1) TOS updates you may have missed, (2) whether your business has changed in ways that affect obligations, (3) new negotiation opportunities based on growth, (4) competitive alternatives that have emerged.