Unsplash API integration Terms of Service fine print

As a self-hosted site, I assumed that I would be self-hosting images found through the Unsplash integration, but that’s not the case. This behavior apparently due the Unsplash API Terms of Service, which seems to require hotlinking. Here’s the phrasing:

In connection with any Photos that you access via the APIs, you must directly use or embed the related image URLs returned by the API in your Developer Apps (generally referred to as “hotlinking”) in accordance with the API Guidelines.

The API terms are clear that they are collecting photo view data, and that the developer is on the hook for any data privacy implications of that:

You are solely responsible for ensuring that any contractual arrangements required by applicable law are in place, including with API developers, including any relevant data processing and transfer agreement (including where relevant appropriate standard contractual clauses) between you and Unsplash or any other party to which you provide personal data, and that we may freely deny or revoke access to the API if you do not do so. You represent and warrant that you are authorized by the applicable third parties to act on their behalf, and that your collection, storage and onward transfer to Unsplash of the personal data of any such third parties complies with all applicable data privacy laws and regulations.

For self-hosted blogs, the API key in use belongs to the Ghost organization, so it appears they are the legally responsible party, although as site owner you should still be aware you are sharing some visitor data with Unsplash about which photos they use.

You should also be aware that Unsplash may go down, throttle the API or change how it works. For example, they could later serve ads on the photos-- you don’t control what’s displayed, Unsplash does. Unsplash also reserves the right to crawl or monitor developer apps. Here’s the language on that:

Unsplash may at any time change the specifications of or restrict or limit access to the APIs in Unsplash’s sole discretion, without any liability to you. Your right to access and use the APIs is a privilege, which may be revoked by Unsplash at any time, with or without notice. You acknowledge and agree that Unsplash may use any technological means to enforce these API Terms. Notwithstanding anything to the contrary, you hereby grant Unsplash the right to crawl, test, or otherwise monitor your Developer App, and that you will not block, attempt to block, or otherwise interfere with such crawling or monitoring.

If you want to host Unsplash photos yourself instead of having them hotlinked from unsplash.com, there’s a way to that. You have to download the photo from Unsplash.com or possibly through the Ghost integration Then re-upload the photo. The photos themselves are quite liberally licensed for re-use. It’s finding photos through the Unsplash API that gets the API Terms of Service involved. Here’s the full text of the Unsplash API ToS if you want to read it:

2 Likes

For this reason, I do not add Unsplash images using the API; I download locally and then upload to my website.

Not tracking my users is paramount.

I post infrequently and would like my site to break over time because third-parties decided to quit hosting some of my assets.

The Casper them loads content from other third parties as well, like unpkg.com. That site appears to be somewhat informal project run by one person and no business model. These “free” CDNs are all great candidates to disappear or break later if they need to change how they work to monetize.

I plan to look at adapting a theme to remove all externally hosted assets. If I need to improve my site performance later, I can pay for my own CDN which I can be sure will continue to work as long as I pay the bill.

1 Like

Thanks for finding this out and sharing it with us. Good to know! :slightly_smiling_face:

Thanks for the heads up!