Prepare an API plugin for production
When deploying your plugin for users to begin interacting with it from Microsoft Copilot, follow these production requirements and guidelines.
Important
These features are in Private Preview.
API availability and latency
Your API needs to maintain a high level of availability and low latency, which is monitored in real time. If your API negatively impacts the user experience, we may temporarily disable or even revoke your plugin. See Usage policies for API plugins for Microsoft Copilot.
Traffic identification
Requests to your API from Microsoft Copilot will have the below headers set, to help with processing:
X-Microsoft-AI-ConversationId: <conversationId>where the value of<conversationId>is a string.X-Microsoft-AI-UserLocation: <userLocation>where the value of<userLocation>is a coarse user location in the form of<country>or<country>-<state>. For example,USorUS-WA.X-Microsoft-AI-UserTimeZone: <timezone>where the value of<timezone>is the user's timezone in the form of an ICU timezone ID, per ICU TimeZone Classes. Examples:UTC,US Mountain Standard Time.X-Microsoft-AI-UserLocale: <locale>where the value of<locale>is a user's locale in the form of<primary code>or<primary code>-<subcode>. For example,enoren-US.
Timeouts
Your APIs must be highly available and fast. The maximum round-trip response time for plugin calls to APIs is 20 seconds. If your APIs timeout frequently, your plugin may be temporarily disabled or revoked.
Throttling and rate limiting
If your API is experiencing difficulties responding to queries coming from Microsoft Copilot, you should return a HTTP 429 Too Many Requests response code. Microsoft Copilot can recognize this error code, and any HTTP 500 error code.
When several of these response codes are received in a short period of time, Microsoft Copilot will temporarily disable your plugin. We recommend planning sufficient capacity for your APIs. If your plugin is disabled several times, it can lead to revocation of your plugin. See Usage policies for API plugins for Microsoft Copilot.
Real-time monitoring
After your plugin is enabled in the Microsoft Copilot, your plugin's performance and adherence to the terms of service is monitored in real time. Failure to maintain availability or adhere to the usage policies can lead to your plugins being temporarily disabled or revoked.
Updating your plugin manifest or OpenAPI specification
Any updates to the plugin manifest or API specification files need to be uploaded again by using the process described in Publish an API plugin. If you make updates to files that you host on your website (such as www.contoso.com/.well-known/ai-plugin.json), those changes aren't automatically picked up by Microsoft Copilot.
Secure communications
Your API endpoints must use TLS v1.2 or later, and must use valid public certificates. To configure additional authentication when Microsoft Copilot calls your API, see Restrict access to your API plugin.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for