The following application procedures, approval standard and control measures apply to the provision of application programming interface (API) service by securities firms to customers:
- Application procedure
- To apply for API service, the investor shall submit a written application in person with its identification and sign or seal in person at the place of business or may apply to the securities firm by written correspondence or electronic means that is sufficient to identify the applicant as the principal himself/herself/itself and confirm his/her/its indication of intent.
- Where the investor is a juristic person, it and its representative shall sign or seal the application and produce a power of attorney.
- When processing an application of an investor for API service, the securities firm shall have a registered qualified specialist explain to the investor in detail the guidelines and rights and obligations with regard to the use of the API service, including risks that may arise from the use and agreement on the use etc. The investor shall issue a representation stating it has been informed, read and understands fully the relevant information, and shall sign or seal the representation to confirm and shall date and keep the same. Such representation may also be made through the following electronic signature procedure:
- Each point (or paragraph) of the representation must be checked.
- The duration that the investor stays on the page from the time it clicks in the content of the representation and the time it agrees to sign and confirm shall be as appropriate for it to read through the full content of the representation.
- After the investor confirms it will sign electronically, its electronic signature will become effective once a copy of the representation is sent by the securities firm to it by e-mail or texting or through the website etc. and is confirmed by it.
- The representation issued by the investor shall at least state that it understands and will comply with the following fully:
- An order made through the API service may entail relevant risks such as those arising out of network congestion, power failure, network failure, computer program trading error etc.
- Investors placing orders through the API service shall determine the execution of the transactions solely.
- The personal transaction account, network login password and digital certificate (electronic signature) shall be kept properly and may not be delivered to a third person or data company for purposes of unapproved discretionary transactions, to avoid transaction disputes.
- Investors placing orders through the API service shall comply with the relevant agreements with the securities firms and may not use such service illegally.
- Approval standard: The required qualifications for API application will be established by the securities firm solely.
- Control measures
- The securities firm shall be able to distinguish orders transmitted using the API service and adopt a fair sequence of orders placed through the API service and those placed in other manner.
- Specific standards and procedures for handling irregularities in investors' use of the API service shall be established and strictly enforced. Where necessary, an investor's use of such service to place orders may be suspended, and the investor will be requested to place its orders in other manner. When the irregularity is resolved, the investor will be notified that he may resume placing orders through the API service.
- The securities firm shall conduct on-line testing with regard to transmission settings before investors' initial use of the API service to place orders, and shall retain the test records.
- Investors are subject to identity verification as to the online order account number, network login password and digital certificate (electronic signature) prior to using the API service on the Internet.
- The API service offered by securities firms to customers is a service provided by securities firms for the placement of orders through the Internet for electronic transactions and shall conform to the Securities Brokerage Trading Checkpoint Control Items Required for Trading Servers Used by Securities Firms for Trading Through the Internet or Other Electronic Methods. The securities firms shall strictly comply with the relevant securities market regulations and implement the management of communications and information safety and risk management, without compromising the order and efficiency of the stock exchange market.
- The initial order data, order data upon condition trigger, and electronic signature issued by the certification authority, of an investor using the API service, shall be completely retained by the securities firm, and "customer order through API service" on the Internet shall be specified as the form of order in the order record for the purpose of distinction. The periods of retention of the computer files, order records and computer audit logs in connection with the above order data is governed by the Directions for Securities Brokers Preparing Trading Order Records Using the Internet or Other Electronic Means of Trading and Directions for Preservation of Trading Data in Trading Through the Internet or Other Electronic Methods.
- No securities firms offering the API service to customers may violate the prohibition of full authorization in Article 159 of the Securities and Exchange Act.
- Securities firms providing trading data for investors which maintain an account with them shall so provide in accordance with the TWSE Rules Governing the Use of Securities Trading Information.
- Securities firms shall report trading data concerning orders placed through the API service together with Internet and voice data, through a single window system, within the first four business days each month.