API Licence Agreement (Malaysia)
API LICENCE AGREEMENT
Contracts Act 1950 (Malaysia) | Copyright Act 1987 | Personal Data Protection Act 2010
THIS API LICENCE AGREEMENT is entered into on [Agreement Date]
BETWEEN:
(1) [Licensor Name], of [Licensor Address] (hereinafter referred to as the "Licensor"); AND
(2) [Licensee Name], of [Licensee Address] (hereinafter referred to as the "Licensee").
The Licensor and the Licensee are hereinafter collectively referred to as "the Parties".
BACKGROUND
The Licensor is the owner of the [API Name] (the "API"), including all associated documentation, specifications, and software, which constitutes a literary work protected under the Copyright Act 1987 of Malaysia.
The Licensor wishes to grant the Licensee access to the API on the terms and conditions of this Agreement.
1. GRANT OF LICENCE
1.1 Subject to the terms of this Agreement, the Licensor grants the Licensee a [Exclusivity], non-transferable licence to access and use the API solely for the following purpose: [Permitted Purpose] (the "Permitted Purpose").
1.2 The Licensee's use of the API is subject to a rate limit of [Rate Limit]. The Licensor may suspend or throttle the Licensee's API access without notice if this limit is exceeded.
1.3 Sub-licensing: [Sub-Licensing].
1.4 No rights are granted other than those expressly stated in this Agreement. The Licensee shall not: (a) reverse engineer, decompile, or disassemble the API, except to the extent expressly permitted under Section 36A of the Copyright Act 1987; (b) use the API to build a product that competes with the Licensor's products or services; (c) resell or distribute access to the API to third parties; or (d) exceed the Permitted Purpose.
2. INTELLECTUAL PROPERTY
2.1 The Licensor retains all intellectual property rights in the API, its documentation, source code, data schemas, and all related materials, protected under the Copyright Act 1987 and other applicable intellectual property laws of Malaysia.
2.2 The Licensee owns all intellectual property in applications and products independently developed by the Licensee using the API, provided that no Licensor code or documentation has been incorporated into the Licensee's work. Where any Licensor code or documentation is incorporated, ownership of that incorporated element remains with the Licensor.
2.3 The Licensee shall not remove or obscure any copyright or proprietary notices in the API or documentation.
3. API KEYS AND SECURITY
3.1 The Licensor shall issue the Licensee with API credentials (API keys, tokens, or certificates) to access the API. The Licensee is responsible for maintaining the confidentiality and security of all API credentials.
3.2 The Licensee shall not share API credentials with third parties and shall immediately notify the Licensor if credentials are compromised or misused. The Licensor may revoke and reissue credentials at any time for security reasons.
3.3 The Licensee shall implement appropriate technical security measures for data transmitted to and from the API, including encryption in transit using TLS 1.2 or higher.
4. API AVAILABILITY AND CHANGES
4.1 The Licensor shall use reasonable efforts to maintain the availability of the API but does not guarantee uninterrupted access. The Licensor may conduct scheduled maintenance and shall provide at least 48 hours' advance notice.
4.2 The Licensor shall provide at least [Deprecation Notice] written notice before retiring or making a breaking change to any API version currently used by the Licensee. During the notice period, the Licensor shall maintain the existing API version to allow the Licensee to migrate.
4.3 API documentation is available at [API Documentation URL]. The Licensor may update the documentation and notify the Licensee of material changes.
5. FEES AND PAYMENT
5.1 Licence fee structure: [Fee Structure]. Fee amount: [Fee Amount].
5.2 All invoices are payable within thirty (30) days of invoice date. Overdue amounts attract interest at 1.5% per month. The Licensor may suspend API access if payment is overdue by more than fourteen (14) days.
5.3 All fees are exclusive of Service Tax (SST) under the Service Tax Act 2018 where applicable. SST shall be charged in addition at the prevailing rate.
6. DATA PROTECTION
6.1 Where the Licensee's use of the API involves the processing of personal data, both Parties shall comply with the Personal Data Protection Act 2010 (PDPA 2010).
6.2 The Licensee shall only access and process personal data through the API for the Permitted Purpose and shall implement appropriate security measures under the PDPA 2010 Security Principle.
6.3 The Licensee shall not transfer personal data obtained through the API outside Malaysia without the prior written consent of the Licensor and compliance with PDPA 2010 Transfer Restriction provisions (Section 129).
7. TERM AND TERMINATION
7.1 This Agreement commences on [Agreement Date] and continues for [Licence Term], unless earlier terminated.
7.2 Either Party may terminate this Agreement by giving [Notice Period] written notice to the other Party.
7.3 The Licensor may terminate immediately if: (a) the Licensee breaches any provision of this Agreement relating to intellectual property or permitted use; (b) the Licensee fails to pay any outstanding fee within fourteen (14) days of receiving written notice; or (c) the Licensee becomes insolvent.
7.4 Upon termination, the Licensee shall immediately cease all use of the API, delete all cached API responses containing the Licensor's data, and certify compliance in writing.
8. GENERAL PROVISIONS
8.1 This Agreement is governed by the laws of Malaysia and the Parties submit to the jurisdiction of the courts of [Governing Jurisdiction].
8.2 The Licensor's total liability to the Licensee shall not exceed the total fees paid by the Licensee in the three (3) months preceding the claim. Neither Party shall be liable for indirect or consequential losses.
8.3 Both Parties shall treat this Agreement and all technical information relating to the API as confidential, consistent with the obligations in this Agreement.
8.4 This Agreement constitutes the entire agreement between the Parties regarding the API licence and supersedes all prior discussions and representations.
Licensor
________________
Signature
Licensee
________________
Signature
What Is a API Licence Agreement (Malaysia)?
An API Licence Agreement in Malaysia sets out the scope, fees, and conditions on which the licensor permits the licensee to use the rights.
Under Malaysian law, an API and its underlying documentation, code, and specifications are protected by copyright under the Copyright Act 1987. Section 3 of the Copyright Act 1987 defines a 'literary work' to include computer programs, and the API's source code and documentation qualify as literary works protected from unauthorised reproduction, adaptation, or communication to the public without the copyright owner's consent. An API Licence Agreement is the mechanism by which the copyright owner grants conditional permission to a third party to use the API within the agreed parameters.
The Contracts Act 1950 governs the formation and enforceability of the API Licence Agreement. A valid agreement requires offer, acceptance, consideration, and the capacity of the parties under Section 10 of the Contracts Act 1950. For companies registered with SSM under the Companies Act 2016, execution under Section 66 of the Companies Act 2016 is required. In Malaysia, software licence agreements — including API licences — do not require registration with any government body as a condition of validity.
Where the API processes or supports the processing of personal data — for example, an API that allows a third-party application to access user profiles or transaction data — both the licensor and licensee must comply with the Personal Data Protection Act 2010 (PDPA 2010). The licensee, as a third-party processor accessing data through the API, must confirm its processing complies with the purposes for which the data subject consented, and the agreement must specify each party's PDPA 2010 obligations.
For fintech APIs — particularly those enabling payment initiation, account information access, or open banking services — Bank Negara Malaysia's guidelines on open banking and the Financial Services Act 2013 (FSA 2013) impose additional requirements. BNM's Open API Implementation Group has developed standards for open banking APIs in Malaysia, and API licence agreements for financial services must address BNM regulatory requirements alongside the standard commercial terms.
The legal framework governing the API Licence Agreement (Malaysia) in Malaysia draws on several key statutes and regulatory bodies. Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Parties executing a API Licence Agreement (Malaysia) in Malaysia should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Companies Act 2016 (Act 777) sets the foundational requirements.
When Do You Need a API Licence Agreement (Malaysia)?
An API Licence Agreement in Malaysia is needed whenever a business grants a third party the right to access its API to build applications, integrations, or services.
An API Licence Agreement is required when a payment gateway provider in Malaysia — such as a licensed payment system operator under the Financial Services Act 2013 — grants merchants and developers access to its payment processing API. Without a written licence agreement, the payment gateway has no contractual basis to restrict the merchant's use of the API, to terminate access for misuse, or to limit its liability for API failures.
An API Licence Agreement is needed when a logistics company grants e-commerce platforms access to its parcel tracking and delivery scheduling API. The agreement must address the permitted number of API calls (rate limits), the uptime guarantee, and the consequences of the logistics company changing or deprecating the API.
An API Licence Agreement is required when a Malaysian company makes its data — for example, property transaction data, commodity prices, or financial market data — available to third-party developers through an API. The agreement must specify what data the licensee may access, how the data may be used, and whether the licensee may republish or redistribute the data, which is relevant to the Copyright Act 1987.
An API Licence Agreement is needed when a government agency or statutory body — such as the Department of Statistics Malaysia (DOSM), MyEG Services Berhad, or JPJ — provides an API allowing private sector companies to access government data or submit regulatory filings electronically. Such agreements are subject to the Government Contracts Act 1949 and must address data security in accordance with the National Cyber Security Agency (NACSA) requirements.
An API Licence Agreement is required when a Malaysian SaaS platform grants its enterprise customers the ability to integrate with the platform through an API. The agreement, which may be incorporated into the broader SaaS agreement, must address API versioning, deprecation notice periods, and the developer's obligations to update integrations when the API changes.
What to Include in Your API Licence Agreement (Malaysia)
A complete API Licence Agreement in Malaysia must include the following essential elements.
Identification of Parties: The agreement must state the full legal names, SSM registration numbers (under the Companies Act 2016), and addresses of the API licensor and the licensee. For individuals, NRIC numbers and addresses should be provided.
Grant of Licence: The agreement must precisely define the scope of the licence — whether it is non-exclusive (allowing the licensor to grant the same rights to multiple licensees), exclusive (granted to only one licensee), or sole. The territorial scope, the permitted use cases, and whether sub-licensing is permitted must be stated. The licence should clearly exclude rights not expressly granted.
Intellectual Property Ownership: The agreement must confirm that the API, its documentation, source code, data schemas, and all related intellectual property remain the exclusive property of the licensor, protected under the Copyright Act 1987. The licensee's access to the API does not transfer any intellectual property rights. Any modifications, extensions, or derivative works created by the licensee using the API may create joint ownership issues under the Copyright Act 1987, and the agreement should address ownership of such works.
API Access and Technical Conditions: The agreement must specify the method of access (API keys, OAuth tokens, or other authentication mechanisms), the rate limits (maximum API calls per minute, hour, or day), the supported API versions, and the process for issuing, rotating, and revoking API credentials. Obligations regarding the secure storage of API keys should be imposed on the licensee.
Permitted and Prohibited Uses: The agreement must expressly define what the licensee may and may not do with the API — including prohibited uses such as reverse engineering, circumventing access controls, using the API to build competing products, or reselling API access to third parties. Reverse engineering is additionally prohibited under Section 36A of the Copyright Act 1987.
Service Levels and Support: The agreement should specify the API's availability commitment (uptime SLA), the response time for API calls, the maintenance window schedule, and the advance notice period for deprecating API versions. Developers rely on API stability for their own product releases, and reasonable deprecation notice periods (typically 90 days) protect the licensee's investment.
Fees and Payment: The agreement must state whether the licence is free (common for public APIs with usage limits) or fee-based, and specify the fee structure — fixed monthly fee, per-API-call pricing, or tiered pricing in Malaysian Ringgit (MYR). The invoicing frequency, payment due date, and consequences of non-payment (including API key suspension) should be specified.
Data Protection: The agreement must address each party's obligations under the Personal Data Protection Act 2010 (PDPA 2010) where the API involves personal data, specifying which party is the data user and which is the data processor, and requiring appropriate technical security measures.
Termination: The agreement must specify the notice period for termination at will (typically 30 days), grounds for immediate termination (API misuse, breach of IP restrictions, non-payment), and the licensee's obligations upon termination — including deletion of cached data and discontinuation of API calls. The forms-legal.com API Licence Agreement (Malaysia) template covers the mandatory elements under Companies Act 2016 (Act 777).
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). API Licence Agreement (Malaysia) (Malaysia) [Legal document template]. Forms Legal. https://forms-legal.com/malaysia/business/intellectual-property/api-licence-agreement-malaysia
"API Licence Agreement (Malaysia) (Malaysia)." Forms Legal, 2026, https://forms-legal.com/malaysia/business/intellectual-property/api-licence-agreement-malaysia.
@misc{formslegal-api-licence-agreement-malaysia,
author = {{Forms Legal}},
title = {API Licence Agreement (Malaysia) (Malaysia)},
year = {2026},
howpublished = {\url{https://forms-legal.com/malaysia/business/intellectual-property/api-licence-agreement-malaysia}},
note = {Free legal document template. Based on Companies Act 2016 (Act 777)}
}Frequently Asked Questions
An API Licence Agreement is legally enforceable in Malaysia under the Contracts Act 1950, provided it meets the requirements of a valid contract — offer, acceptance, consideration, and the capacity of the parties under Section 10. For click-wrap or browse-wrap API agreements (where the licensee accepts terms by clicking a button or by using the API), Malaysian courts are likely to follow the approach of other common law jurisdictions in upholding such agreements provided the terms were reasonably brought to the licensee's attention. The API and its documentation are protected as literary works under the Copyright Act 1987, Section 3, and the licensor may seek injunctive relief from the High Court of Malaya under Order 29 of the Rules of Court 2012 and damages for copyright infringement under Section 36 of the Copyright Act 1987 if the licensee exceeds the scope of the licence.
The intellectual property ownership of works created using an API in Malaysia depends on the nature of the creation and the terms of the API Licence Agreement. The API itself — including its source code, documentation, and data schemas — remains owned by the licensor and protected by the Copyright Act 1987. Works created by the licensee using the API — for example, an application built on top of the API — are generally owned by the licensee as the author, provided the licensee independently created the work without directly copying the licensor's code. However, if the licensee's application incorporates portions of the licensor's API code or documentation, joint ownership issues may arise under Section 10 of the Copyright Act 1987 (joint authorship). The API Licence Agreement should expressly address ownership of derivative works and integrations to avoid ambiguity.
If an API provider in Malaysia changes or deprecates its API, the consequences depend on what the API Licence Agreement provides. A well-drafted API Licence Agreement specifies a minimum deprecation notice period — typically 90 to 180 days — before a major API version is retired. During this period, the provider must maintain the existing version to allow licensees time to migrate to the new version. If the provider deprecates the API without adequate notice, the licensee may have a claim for breach of contract under the Contracts Act 1950, claiming damages for the development costs incurred in building an integration that is rendered non-functional. In practice, where the API is free to access, the courts may limit the licensee's damages to the direct costs of migrating to the new API. The agreement should also address whether the provider guarantees backward compatibility within a major API version.
Where an API in Malaysia facilitates the transfer or processing of personal data — such as customer profiles, transaction records, or health data — both the API licensor and the licensee must comply with the Personal Data Protection Act 2010 (PDPA 2010). The entity that collects and controls the personal data is the 'data user' under PDPA 2010 and bears primary compliance responsibility, including obtaining the data subject's consent and implementing the Security Principle. The API licensee, as a third-party processor accessing personal data through the API, must process the data only for the purposes specified in the API Licence Agreement and must implement security measures consistent with the data user's PDPA 2010 obligations. The agreement must specify: which party is the data user; the permitted processing purposes; security requirements for data in transit (such as TLS encryption) and at rest; the process for notifying the data user of a security breach; and the licensee's obligation to delete personal data upon termination of the agreement.
An API licence in Malaysia can only be transferred or sub-licensed if the API Licence Agreement expressly permits such transfer or sub-licensing. Under the Contracts Act 1950, contractual rights may generally be assigned and obligations may be novated with the consent of all parties. However, an intellectual property licence granted under the Copyright Act 1987 is personal to the licensee unless the agreement expressly authorises assignment or sub-licensing. A licensee who purports to assign or sub-license an API licence without authority commits a breach of contract and may also infringe the licensor's copyright under Section 36 of the Copyright Act 1987. In corporate restructuring scenarios — mergers, acquisitions, or group reorganisations — the API Licence Agreement should address whether the licence passes automatically to the acquiring entity or requires the licensor's prior written consent. Most API licences for commercial APIs require the licensor's consent to assignment.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Software Licence Agreement (Malaysia)
A Software Licence Agreement for Malaysia that grants a licensee the right to use software under defined terms, governed by the Copyright Act 1987, the Computer Crimes Act 1997, and the Contracts Act 1950. Covers licence scope, fees, restrictions, IP ownership, and dispute resolution under Malaysian law.
SaaS Agreement (Malaysia)
A Software as a Service (SaaS) Agreement for Malaysia governing subscription access to cloud-hosted software. Covers subscription fees, uptime SLA, data ownership, PDPA 2010 compliance, acceptable use, and termination under the Contracts Act 1950 and Electronic Commerce Act 2006.
IT Services Agreement (Malaysia)
An IT Services Agreement for Malaysia that governs the ongoing provision of information technology services — including managed IT, helpdesk, infrastructure management, and support — between an IT service provider and a client. Compliant with the Contracts Act 1950, Computer Crimes Act 1997, and PDPA 2010.