Usage policies for API plugins for Microsoft Copilot
Developers of API plugins for Microsoft Copilot must follow these usage policies, which include technical, quality, safety, privacy, and content guidelines.
Important
These features are in Private Preview.
1. General terms
1.1 These terms apply to your development and distribution of any plugins that are compatible with the Microsoft Copilot experience. By developing and distributing one or more plugins, you agree to these terms. If you do not agree to these terms, you may not develop or distribute any plugins.
1.2 These terms may be updated from time to time without notice. Updates will be effective immediately. If you do not agree to any updates to these terms, you must remove any plugins that you have made available prior to the change. The continued availability of your plugin indicates your acceptance of any changed terms.
1.3 If your plugin fails to meet any of the requirements in these terms, or if you violate or we reasonably suspect that you may have violated any of these terms, we have the right to remove or block your plugin from the Microsoft Copilot experience at any time, with or without notice to you. We may suspend your plugin from being made available through Microsoft Copilot at any time in the event of an actual or potential security or privacy issue or another legal or regulatory reason.
2. Plugin use cases
Your plugins must not violate any Microsoft guidelines around prohibited or allowed use cases.
2.1 Prohibited use cases
Plugins may not be built or used for the following uses or incorporating the following content (this is not an exhaustive list, and it may be updated at any time):
2.1.1 Any content listed in the Disallowed content list in the Microsoft Advertising Network Policies.
2.1.2 Uses that could affect an individual's:
2.1.2.1 Legal status (such as marital, immigration, citizenship, role as a guardian).
2.1.2.2 Legal rights (such use in connection with criminal justice, courtroom proceedings, or policing).
2.1.2.3 Access to credit, education, employment, healthcare, housing, insurance, and social welfare benefits, services, or opportunities, or the terms on which they are provided.
2.1.3 Uses that could cause physical or psychological harm.
2.1.4 Uses that could constitute a threat to one or more individuals' basic human rights.
2.1.5 Illegal activities, scams, pyramid schemes, and so on.
2.1.6 Language that is or encourages harassment, hate speech or violence.
2.1.7 Malware.
2.1.8 Political campaigning, lobbying or other election-related content.
2.1.9 Gambling.
2.1.10 Investment advice.
2.1.11 Legal advice.
2.1.12 Health diagnostics, assessments or treatments.
2.1.13 Content encouraging the use or creation of weapons, bombs, or other dangerous materials.
2.1.14 Content related to dieting, pseudopharmaceuticals, suicide, self-harm or other activities that may be harmful to a user's physical or mental health.
2.2 Adherence to Microsoft standards and principles
In addition to these terms, the plugins and your development activities must adhere to all Responsible AI principles and practices detailed in the Microsoft AI/Responsible AI - Principles and approach website and the terms and conditions in Copilot AI Experiences Terms.
3. Technical guidelines
This section lists some technical guidelines to be followed. This is a representative list, and is not an exhaustive list.
3.1 API communication standards
All communications with the plugin (such as fetching the ai-plugin.json file, fetching the OpenAPI spec, or making API calls) must be transmitted over secure, encrypted channels such as TLS1.2 or later. Use strong encryption protocols and secure cipher suites.
3.2 Plugin availability
Ensure that your APIs have acceptable latency and uptime. The minimum bar is that your API must not have a latency of more than 2 seconds, and must be available at least 99.9% of the time. API response times directly impact Microsoft Copilot response times, and we want to be responsive to the end user.
Rate limits - Consider implementing rate limiting on the API endpoints you expose. Microsoft Copilot will respect 429 response codes and dynamically back off from sending requests to your plugin.
3.3 Domain guidelines
Your plugin and plugin artifacts must all be served from the same verified domain or its subdomain.
3.3.1 Avoid redirects
Avoid using redirects for hosting the API spec and any API endpoints, as it is not guaranteed that redirects will always be followed. No cross-domain redirects or 302s are allowed.
3.3.2 Domain URLs
The manifest, the API spec, and the actual APIs must be served off the same domain or subdomain as the root domain.
3.3.3 Contact info
The second-level domain of the email address must be the same as the second-level domain of the root domain.
4. Product and quality guidelines
Your plugin must be compliant with all of the Product and Quality guidelines of Microsoft.
4.1 Distinct function/value and accurate representation
Your plugin and the associated metadata must accurately and clearly reflect the functionality, features, and source.
4.1.1 Plugins must have a specific value proposition
Plugins must have a clearly defined value proposition, with specific functionality. A plugin must not attempt to be a "catch-all" Copilot or a competing plugin store.
Each plugin cannot expose more than five methods (API services).
4.1.2 Metadata quality
Your plugin manifest must contain accurate and complete metadata, in line with the following guidelines.
4.1.2.1 Name
name_for_modelmust be a string of not more than 50 characters. No spaces are allowed; only letters and numbers are allowed.name_for_humanis the publicly displayed name on Microsoft Copilot and all other user-facing surfaces. It must not be more than 20 characters.
4.1.2.2 Description
Your plugin description must be accurate, useful, and in line with the following guidelines.
4.1.2.2.1 Basic validation
description_for_human is a string not longer than 100 characters. It appears in all user-facing surfaces on Microsoft Copilot and storefronts.
description_for_model is a string which the model reads to understand how to use the plugin.
4.1.2.2.2 Detailed guidelines on writing descriptions
Follow these guidelines to write useful and accurate descriptions which will help the end user get the most out of your plugin.
The description of your plugin (description to model, description to humans) must match its functionality.
Don't mention Open AI or ChatGPT or Bing in the description.
Your descriptions and responses must not attempt to control the mood, personality, behavior or exact responses of Microsoft Copilot. Microsoft Copilot is designed to write appropriate responses to end users. Do not add any new instructions as part of your plugin description.
Your descriptions must not encourage Microsoft Copilot to use the plugin when the user hasn't asked for your plugin's particular category of service.
4.1.2.3 Authentication
We recommend that your plugin APIs are behind authentication to protect your services. To understand the various options, see Restrict access to your API plugin.
4.1.2.4 Link to API spec
Your API spec must be hosted in the same root domain as your manifest, and must be a valid JSON or YAML file.
4.1.2.5 Contact email
Provide a valid contact email which customers can use to reach out to if they encounter any problems. This must be in the same root domain as your manifest file and API spec.
4.1.2.6 Terms of use URL
In legal_info_url, include a link to the terms of use, terms of service, or end user license for your plugin. The terms are directly between you and the end user.
4.1.2.7 Logo URL
Enter a valid URL used to fetch your plugin logo. Your plugin logo must be an image only of 512x512 pixels. GIFs are not allowed. This is the logo that's displayed on all storefronts and end-user surfaces on Microsoft Copilot.
4.1.2.8 Privacy policy URL
Include a link to your privacy policy. Your privacy policy must describe your usage of any data that's collected by or processed through the plugin.
4.2 Plugin quality
The plugin must create net-positive end-user value by enabling Microsoft Copilot experiences to give higher-quality (accurate, relevant, engaging, detailed and clear) responses to end users, and perform useful actions.
4.2.1 Structured data in API responses
Plugin API responses must return structured data instead of natural language responses whenever possible. Microsoft Copilot will provide its own natural language response using the returned data.
4.2.2 Accuracy of API responses
Plugin API responses must return accurate data in response to the input parameters.
4.2.3 Error messages
Error messages must be descriptive so that Microsoft Copilot can handle the right experience for the end user.
4.2.4 End user value
The end user value that's accrued when the plugin is used should be more than if the plugin is not used.
4.3 Compliance with laws
You are responsible for ensuring that your plugin complies with all applicable laws, rules and regulations in any region in which your plugin is available, including, without limitation, any laws related to privacy, data security, employment, housing, lending or credit, and so on.
4.4 Other product policies
This section lists other policies which your plugin must comply with.
4.4.1 No in-app purchases
Your plugin may not allow users to make any payments directly. The plugin may direct users to pages on which they can make a separate purchase, but no purchases may be initiated through the plugin.
4.4.2 No fraudulent content
Your plugin cannot allow users to engage in activity that is fraudulent, false, or misleading. Do not attempt to create or share content that could mislead or deceive others, including, for example, creation of disinformation, content enabling fraud, or deceptive impersonation.
4.4.3 No ads
You may not surface advertising content through your plugin.
4.4.4 No targeting of minors
Your plugin cannot be targeted toward children or users under the age of majority.
5. Safety guidelines
This section lists some guidelines to be followed to keep end users safe. This is a representative list, and is not an exhaustive list.
5.1 Prompting
Do not attempt to modify the Copilot prompt outside your functionality.
Don't include irrelevant, unnecessary, or deceptive terms or instructions in the plugin manifest, endpoint descriptions, or plugin response messages. This includes instructions to avoid using other plugins, or instructions that attempt to steer or set model behavior.
5.2 Human-in-the-loop
Design the user experience to encourage users to examine and edit any AI-generated content before accepting and using it, especially for any actions that are not easily reversible. Do not trigger irreversible actions without explicit human confirmation.
5.3 Transparency
The plugin manifest must have a clearly stated description that matches the functionality of the API exposed to the model.
Plugins that distribute personal communications or content generated by Microsoft Copilot (such as emails, messages, or other content) must indicate that the content was AI-generated. You must comply with all applicable laws, rules and regulations when sending any messages generated through your plugin, including those related to spam, text messaging restrictions, or phishing.
Don't use plugins to automate or create the appearance of conversations with real people, whether by simulating a human-like response or by replying with pre-programmed messages.
5.4 General
Don't use plugins to circumvent or interfere with safety systems, including that of the Microsoft Copilot.
6. Content policies
This section focuses on policies that apply to any content that is generated by the plugin, or is present in any submitted plugin artifacts (such as the manifest or the API spec).
6.1 Adherence to Microsoft and Bing content policies
Do not create content that violates the Bing content policies, listed in Copilot AI Experiences Terms.
Ensure that content generated by your plugin is grounded in factual truth, or cannot be mistaken for factual statements.
Do not trigger behaviors which could cause the user to be confused as to whether they are interacting with an AI system or a human. For example, plugins that send communications must clearly indicate that the content was AI-generated.
6.2 Content including names, logos, original and third-party
All content generated by your plugin APIs, and in your plugin metadata (the manifest and the API spec) must be either originally created by you or appropriately licensed from a third-party rights holder and must be used only as permitted by the rights holder or as otherwise permitted by law.
6.3 Offensive content, profanity, and inappropriate content
Your plugin API response and associated metadata (the manifest and the API spec) must not contain potentially sensitive or offensive content. Content may be considered sensitive or offensive in certain countries or regions because of local laws or cultural norms. In addition, your plugin and associated metadata must not contain content that advocates discrimination, hatred, or violence based on considerations of race, ethnicity, national origin, language, gender, age, disability, religion, sexual orientation, status as a veteran, or membership in any other social group.
Your plugin must not generate, and your plugin artifacts must not contain, excessive or gratuitous profanity.
Your plugin must not contain or display content that a reasonable person considers obscene.
See also
- AI Plugin Agreement
- Plugin manifest fields in Overview of API plugins for Microsoft Copilot (Private Preview).
Comentários
Em breve: Ao longo de 2024, eliminaremos os problemas do GitHub como o mecanismo de comentários para conteúdo e o substituiremos por um novo sistema de comentários. Para obter mais informações, consulte https://aka.ms/ContentUserFeedback.
Enviar e exibir comentários de