API Security Addendum

In addition to any other terms and conditions applicable to the purchase or use of Invicti services, this API Security Addendum (the "Addendum”) shall apply to the provisioning and use of API Security Services and/or if the entity purchasing or licensed to use the Invicti Solution (“the Client”) acquires a Subscription to any API Security Services, as identified on an applicable Order Form or partner ordering document.

This Addendum shall be incorporated into, and form an integral part of: (i) the Subscription Services Agreement (https://www.invicti.com/legal/ssa)or other negotiated agreement between Customer and Invicti (the “SSA”),or (ii) the End User License Agreement (https://invicti.com/legal/EULA), as amended, between End User and Invicti, whichever applies to the Client’s access to the Invicti Solution and related Support (the applicable framework agreement being referred to as the “Underlying Agreement”). If there is a conflict between this Addendum and the terms of the Underlying Agreement, this Addendum shall prevail with respect to its subject matter. Capitalized terms used herein but not otherwise defined shall have the meaning ascribed to them in the Underlying Agreement, and references to “Customer” or End User” shall apply to the Client as the context requires.

1. DEFINITIONS.

“API” means application programming interface, that is to say a defined set of protocols and tools that enable software applications to communicate and interact with each other.

“API Security Services” means services provided by Invicti to Client relating to the use of the API Security Software, including the identification of Client API endpoints, analysis of Client API structures, and generation of a Client API inventory, in accordance with the provisions of this Addendum and the Documentation.

“API Security Software” means the Invicti proprietary software provided in executable code form through which the API Security Services will be provided, and any and all modified, updated, or enhanced versions thereof that Invicti may provide to Client or its Users.

“Client API” means APIs which are known to and in active use by the Client.

2. API SECURITY SOFTWARE.

2.1. License Grant. Subject to Client’s compliance with the terms and conditions of the Underlying Agreement, including payment of all applicable fees, Invicti hereby grants to Client for its internal business purposes a limited, non-sublicensable, non-exclusive, non-transferable, worldwide license, solely during the Subscription Term to:

(A) either:

(i) install, execute and use, or permit Users to install, execute and use, in object code form only, the API Security Software on Client-provided infrastructure; or

(ii) access and use the API Security Software via the Cloud Service or cloud-delivered Invicti Solution; and

(B) reproduce and use a reasonable number of copies of the Documentation for use with the Invicti Solution.

3. SUPPLEMENTARY CLIENT RESPONSIBILITIES.

3.1. API Permissions. Client represents and warrants to Invicti that: (i) Client has provided all required notices, has obtained and will maintain all required licenses, permissions, and consents for any APIs; (ii) Client will comply with any applicable terms of service governing the use of any APIs. Client grants Invicti a perpetual, transferable, worldwide, fully paid, royalty free right and license to use Content relating to any Client APIs in accordance with the rights and obligations set out in the Underyling Agreement.

3.2. Client represents and warrants that all information provided to Invicti for the purpose of API Security Services is accurate, complete, and up-to-date. The Client acknowledges that the effectiveness of the API Security Services is contingent upon the accuracy and completeness of the information provided.

3.3. Information; Audits. Client will keep and maintain commercially reasonable written records and accounts regarding Client’s use and distribution of the API Security Software and compliance with the Underlying Agreement. Invicti shall have the right, upon ten days’ written notice to Client, to conduct an inspection and audit of all relevant facilities and records of Client. Such audit shall be conducted during regular business hours at Client’s offices and in such a manner so as not to interfere with Client’s normal business activities. In no event shall audits be conducted hereunder more frequently than once every six months. The audit shall be conducted at Invicti’s expense; provided, however, that if the audit reveals that Client has failed to comply with any material term of the Underlying Agreement, Client shall pay all reasonable costs and expenses incurred by Invicti in conducting the audit.

4. ADDITIONAL RESTRICTIONS. Except as expressly set forth in the Underlying Agreement, and to the maximum extent permitted by applicable law, Client will not (and will not allow any third party to): (i) distribute, resell or make the API Security Software available to any third party; (ii) engage in any conduct which in the opinion of Invicti is prejudicial to business or to the marketing of the API Security Software generally; (vii) make or give any promises, warranties, guarantees, or representations concerning the API Security Software other than those contained in the Underlying Agreement; or (viii) use the API Security Software in any Development Environment it does not own. Client’s failure to comply with any sub-section within this section, will constitute a material breach of the Underlying Agreement incapable of remedy and entitle Invicti to immediately terminate the Underlying Agreement without notice in addition to any other remedy available at law or equity.

5. ADDITIONAL INVICTI OBLIGATIONS. Invicti agrees to: (i) provide Client, without charge, online access to Documentation, Support, and any other information or assistance reasonably required in connection with the API Security Services; and (ii) provide Client with such additional web-based sales training as reasonably requested by Client and agreed by Invicti in writing.

6. SURVIVAL. In addition to the provisions of the Underlying Agreement surviving its termination, the following provisions of this Addendum shall survive termination of the Underlying Agreement: 3.3 and 4.

Last modified 09 June 2026.