Manhattan City Data API Terms and Bylaws

Technology and Data New York 3 Minutes Read · published February 05, 2026 Flag of New York

This guide explains API access terms for city data used by developers in Manhattan, New York, focusing on acceptable use, data licensing, privacy considerations, and enforcement. Read the official terms before integrating datasets or automating requests; the portal owner and DoITT operate the Open Data program and publish access rules and contact points for reports and compliance DoITT Open Data[1]. Current policy details vary by dataset and API endpoint; where the city does not publish specific penalties or procedures, this guide notes that fact and points to the responsible office.

Access, License, and Use

Developers should confirm the license and terms attached to each dataset before use. Typical requirements include attribution, prohibition on misrepresenting official data, and removal of personally identifiable information when required by law. Rate limits, API tokens, and acceptable use rules may be imposed per endpoint.

  • Register for an app token where required and store credentials securely.
  • Check dataset metadata for license and attribution rules.
  • Do not attempt to bypass rate limits, authentication, or scraping protections.
Always read the dataset-level license and metadata before using APIs.

Security, Privacy, and Data Handling

City data may include sensitive information; developers must follow applicable privacy laws and remove or avoid publishing personally identifiable information when prohibited. Secure API keys, use HTTPS, and follow best practices for data retention and deletion.

  • Maintain access logs and rotate keys on compromise.
  • Sanitize datasets to remove PII where the dataset metadata requires it.
  • Report breaches or unauthorized access to the portal administrator immediately.

Penalties & Enforcement

Enforcement of API terms for NYC Open Data is managed by the portal owner and the City agency identified in the dataset metadata. Specific monetary fines and formal sanction schedules for API misuse are not consistently published on the portal pages; where amounts or escalation rules are absent the official page is cited as not specifying them. Current operational responsibility and contact points are provided below. If you need formal legal interpretation, consult the Law Department or the dataset owner.

  • Fine amounts: not specified on the cited page.
  • Escalation (first/repeat/continuing offences): not specified on the cited page.
  • Non-monetary sanctions: termination of API access, removal of API keys, takedown requests, and possible referral to enforcement or legal proceedings.
  • Enforcer: Department of Information Technology & Telecommunications (DoITT) and the dataset-owning agency; inspection and complaint pathways are listed on the portal and agency pages.
  • Appeals and review: not specified on the cited page; contact the dataset owner or DoITT for review procedures and timelines.
When enforcement actions are proposed, contact the dataset owner promptly to request clarification or remediation.

Applications & Forms

API access typically requires registration for an app token or account on the Open Data portal. If no specific application form is published for a dataset or elevated access, the portal instructions govern registration and requests for increased limits; refer to the portal owner for submission steps.

  • App token registration: follow portal account creation and token request processes.
  • Fees: not specified on the cited page.

Action Steps for Developers

  • Read dataset metadata and the portal terms before using any dataset.
  • Register and secure your API app token; document intended uses in case of review.
  • If you discover sensitive data or a breach, notify the dataset owner and DoITT immediately.
  • If access is revoked, request written reasons and follow the agency’s administrative review process if provided.
Keep written records of correspondence about access and compliance to support appeals.

FAQ

Who publishes the official API terms for city data?
The City of New York publishes Open Data policy and portal terms through DoITT and the Open Data portal; dataset-level terms appear in metadata.
How do I request an app token or higher rate limits?
Create an account on the Open Data portal, register your application for a token, and contact the dataset owner or portal administrator for limit increases.
What penalties apply for misuse?
Monetary fines and escalation rules are not specified on the cited portal pages; enforcement typically includes suspension or termination of access and possible legal referral.

How-To

  1. Locate the dataset on the NYC Open Data portal and review metadata and license terms.
  2. Create an account on the portal and request an app token if required.
  3. Implement API calls respecting rate limits and attribution; log access and errors.
  4. If you need higher limits or encounter data issues, contact the dataset owner and DoITT with details and intended use.

Key Takeaways

  • Always verify dataset metadata and portal terms before integrating city APIs.
  • Protect API keys, follow privacy rules, and report breaches promptly.

Help and Support / Resources

  1. [1] Department of Information Technology & Telecommunications - Open Data program

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data