Microsoft Graph API Terms of Use

Last revised in May 2018

Thank you for developing with Microsoft!

By accessing or using the Microsoft Graph API, including within a software application, website, tool, or product you create or a service you offer (your “Application”), you are agreeing to these terms and to comply with any accompanying documentation that applies to your use of the Graph API (“API Terms”) with Microsoft Corporation (“Microsoft”, “we”, “us”, or “our”). You represent and warrant to us that you have the authority to accept these API Terms on behalf of yourself, a company, and/or other entity, as applicable. We may change, amend or terminate these API Terms at any time. Your use of the Graph API after any change or amendment means you agree to the new API Terms. If you do not agree to the new API Terms or if we terminate these API Terms, you must stop using the Graph API.

1. Defined Terms

a) “Customer(s)” means the licensee of a Microsoft service or application (“Microsoft Offering”) and if the licensee is an organization, includes their administrators and end users.

b) “Graph API” means (i) any form of machine accessible application programming interface that Microsoft makes publicly available and designates as the “Microsoft Graph API”, or is directly accessible through the Microsoft Graph API, which provides access to a Microsoft Offering, including all associated tools, elements, components and executables therein, (ii) any Microsoft sample code that enables interactions with a Microsoft Offering, and (iii) documentation that Microsoft makes available to help enable your access to the Graph API.

2. Scope and Application Registration

a) These API Terms govern your use of the Graph API, unless you have entered another agreement with Microsoft that expressly supersedes these API Terms and governs your use of the Graph API.

b) In order to use the Graph API, you must register your Application with Microsoft. Your registration must be accurate and kept up-to-date by you at all times. Once you have successfully registered an Application, you will be given access credentials for your Application. “Access Credentials” means the necessary security keys, secrets, tokens, and other credentials to access the Graph API. The Access Credentials enable us to associate your Application with your use of the Graph API. All activities that occur using your Access Credentials are your responsibility. Access Credentials are non-transferable and non-assignable. Keep them secret. Do not try to circumvent them.

3. Graph API License and Guidelines

a) Graph API License

Subject to your compliance with all of the API Terms, Microsoft grants you a limited, non-exclusive, non-assignable, non-transferable, revocable license to use the Graph API to develop, test, and support your Application, and allow Customers to use your integration of the Graph API within your Application. You may use the Graph API only as expressly permitted in these API Terms. Violation of these API Terms may result in the suspension or termination of your use of the Graph API.

b) Graph API Guidelines

You may NOT:

  1. Use the Graph API in a way that could impair, harm or damage Microsoft, the Graph API, any Microsoft Offering, or anyone’s use of the Graph API or any Microsoft Offering;
  2. Use the Graph API to disrupt, interfere with, or attempt to gain unauthorized access to services, servers, devices, or networks connected to or which can be accessed via the Graph API;
  3. Use the Graph API, or any information accessed or obtained using the Graph API, for the purpose of migrating Customers away from a Microsoft Offering, except in connection with use of the Graph API by your Application or unless expressly permitted by Microsoft;
  4. Scrape, build databases or otherwise create copies of any data accessed or obtained using the Graph API, except as necessary to enable an intended usage scenario for your Application;
  5. Request from the Graph API more than the minimum amount of data, or more than the minimum permissions to the types of data, that your Application needs for Customers to use the intended functionality of your Application;
  6. Use an unreasonable amount of bandwidth, or adversely impact the stability of the Graph API or the behavior of other apps using the Graph API;
  7. Attempt to circumvent the limitations Microsoft sets on your use of the Graph API. Microsoft sets and enforces limits on your use of the Graph API (e.g., limiting the number of API requests that you may make or the number of user you may serve), in its sole discretion;
  8. Use Graph API in any manner that works around any technical limitations of the Graph API or of the accessed Microsoft Offering, or reverse engineer, decompile or disassemble the Graph API, except and only to the extent that applicable law expressly permits, despite this limitation;
  9. Use the Graph API, or any data obtained using the Graph API, to conduct performance testing of a Microsoft Offering unless expressly permitted by Microsoft;
  10. Use the Graph API, or any data obtained using the Graph API, to identify, exploit or publicly disclose any potential security vulnerabilities;
  11. Request or make available any data obtained using the Graph API outside any permissions expressly granted by Customers in connection with using your Application;
  12. Use any data accessed or obtained using the Graph API for advertising or marketing purposes other than in connection with your Application;
  13. Make your Application available for use in a manner that circumvents the need for users to obtain a valid license to the Microsoft application or service that is accessed through the Graph API;
  14. Redistribute or resell, or sublicense access to, the Graph API, any data obtained using the Graph API, or any other Microsoft Offering accessed through the Graph API; or
  15. Misrepresent expressly, by omission, or implication, the need for users to obtain a valid license to the Microsoft application or service that is accessed through the Graph API;
  16. Falsify or alter any unique referral identifier in, or assigned to an Application, or otherwise obscure or alter the source of queries coming from an Application to hide a violation of this agreement; or
  17. Use the Graph API or allow any user to use the Application in a way that violates applicable law, including:
    1. Illegal activities, such as child pornography, gambling, piracy, violating copyright, trademark or other intellectual property laws.
    2. Intending to exploit minors in any way.
    3. Accessing or authorizing anyone to access the Graph API from an embargoed country as prohibited by the U.S. government.
    4. Threatening, stalking, defaming, defrauding, degrading, victimizing or intimidating anyone for any reason.
    5. Violating applicable privacy laws and regulations.

c) Accessing the Microsoft Intune Service through the Microsoft Graph API

When your Application or services access the Graph API for Intune using a Post command as documented at developer.microsoft.com/en-us/graph/docs you must include:

  1. In your Application and services’ license terms, a statement that certain functionalities are enabled by accessing Microsoft Intune® through the Microsoft Graph API and use of your Application and accompanying services does not remove the need for users to have a valid license for their use of the Microsoft Intune® service.
  2. In your Application and services’ marketing material and product documentation that references functionality enabled by your Application or service’s access to Microsoft Intune® through the Microsoft Graph API:
    • The attribution “Microsoft Intune® App Protection Policies” displayed in a manner consistent with the Microsoft Trademark & Brand Guidelines, and
    • A statement that use of your Application and services does not remove the need for users to maintain a valid license for their use of the Microsoft Intune® service.
  3. In your Application’s user interface or console that displays commands for functionality enabled by the Graph API for Intune, include the attribution “Microsoft Intune® App Protection Policies” in a conspicuous place on the console or UI. The attribution must be in a manner consistent with the Microsoft Trademark & Brand Guidelines.

4. Security

You warrant that your Application has been developed to operate with the Graph API content in a secure manner. Your network, operating system and the software of your servers, databases, and computer systems (collectively, “Systems”) must be properly configured to securely operate your Application and store content collected through your Application (including the Graph API content). Your Application must use reasonable security measures to protect the private data of your users.

We may use technology to detect, prevent or limit the impact of any issues caused by your Application (before or instead of suspension of your access). This may include, for example, filtering to stop spam or limiting your access to the Graph API.

You must have a process to respond to any vulnerabilities in your Application, and in the case of any vulnerabilities related to your Application’s connection to the Graph API discovered by you or reported to you by a third party, you agree that you will provide vulnerability details to the Microsoft Security Response Center (secure@microsoft.com).

In the event of a data breach by you resulting from any aspect of the Graph API involving your Application or any data collected through your Application, you will promptly contact the Microsoft Security Response Center (secure@microsoft.com) and provide details of the data breach. You agree to refrain from making public statements (e.g. press, blogs, social media, bulletin boards, etc.) without prior written and express permission from Microsoft in each instance as it relates to the Graph API.

5. Your compliance with Privacy and Data Protection Laws

You must comply with all laws and regulations applicable to your use of the data accessed through Graph API, including without limitation laws related to privacy, biometric data, data protection, and confidentiality of communications. Your use of the Graph API is conditioned upon implementing and maintaining appropriate protections and measures for your service and Application, and that includes your responsibility to the data obtained through the use of the Graph APIs. For the data you obtained through the Graph API, you must:

a) obtain all necessary consents before processing data and obtain additional consent if the processing changes,

b) In the event you’re storing data locally, ensure that data is kept up to date and implement corrections, restrictions to data, or the deletion of data as reflected in the data obtained through your use of the Graph API,

c) implement proper retention and deletion policies, including deleting all data when your user abandons your Application, uninstalls your Application, closes its account with you, or abandons the account, and,

d) maintain and comply with a written statement available to Customers and users that describes your privacy practices regarding data and information you collect and use, and that statement must be as protective as the Microsoft Privacy Statement.

Nothing in the Agreement shall be construed as creating a joint controller or processor-subprocessor relationship between you and Microsoft.

6. Changes to the Graph API and API Terms

WE MAY CHANGE OR DISCONTINUE THE AVAILABILITY OF SOME OR ALL OF THE GRAPH API AT ANY TIME FOR ANY REASON WITH OR WITHOUT NOTICE. Such changes may include, without limitation, removing or limiting access to specific API(s), requiring fees or setting and enforcing limits on your use of additions to the Graph API. We may also impose limits on certain features and services or restrict your access to some or all of the Graph API. We may release subsequent versions of the Graph API and require that you use those subsequent versions, at your sole cost and expense.

Any version of the Graph API designated as “preview”, “pre-release” or “beta” (“Preview API”), may not work in the same way as a final version. We may change or not release a final or commercial version of a Preview API in our sole discretion.

WE MAY MODIFY THESE API TERMS AT ANY TIME, WITH OR WITHOUT PRIOR NOTICE TO YOU. YOUR CONTINUED USE OF THE GRAPH API FOLLOWING THE RELEASE OF A SUBSEQUENT VERSION OF THESE API TERMS WILL BE DEEMED YOUR ACCEPTANCE OF ANY MODIFICATIONS TO THESE API TERMS.

7. Feedback

If you give feedback about the Graph API to Microsoft, you give to Microsoft, without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You will not give feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because Microsoft includes your feedback in them. These rights survive these API Terms.

8. Confidentiality

You may be given access to certain non-public information, software, and specifications relating to the Graph API (“Confidential Information”), which is confidential and proprietary to Microsoft. You may use Confidential Information only as necessary in exercising your rights granted under these API Terms. You may not disclose any Confidential Information to any third party without Microsoft’s prior written consent. You agree that you will protect any Confidential Information from unauthorized use, access, or disclosure in the same manner that you would use to protect your own confidential and proprietary information.

9. Disclaimer of Warranties, Limitation of Liability and Indemnity

a) Disclaimer of Warranties

WE MAKE NO WARRANTIES, EXPRESS OR IMPLIED, GUARANTEES OR CONDITIONS WITH RESPECT TO YOUR USE OF THE GRAPH API. YOU UNDERSTAND THAT USE OF THE GRAPH API IS AT YOUR OWN RISK AND THAT WE PROVIDE THE GRAPH API ON AN “AS IS” BASIS “WITH ALL FAULTS” AND "AS AVAILABLE." TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAW, WE EXCLUDE ANY IMPLIED WARRANTIES, INCLUDING FOR MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, AND NON-INFRINGEMENT. YOU MAY HAVE CERTAIN RIGHTS UNDER YOUR LOCAL LAW. NOTHING IN THESE API TERMS ARE INTENDED TO AFFECT THOSE RIGHTS, IF THEY ARE APPLICABLE. WE DO NOT GUARANTEE THE GRAPH API WILL FUNCTION WITHOUT INTERRUPTION OR ERRORS IN FUNCTIONING. IN PARTICULAR, THE OPERATION OF THE GRAPH API MAY BE INTERRUPTED DUE TO MAINTENANCE, UPDATES, OR SYSTEM OR NETWORK FAILURES. WE DISCLAIM ALL LIABILITY FOR DAMAGES CAUSED BY ANY SUCH INTERRUPTION, ERRORS IN FUNCTIONING, OR THAT DATA LOSS WILL NOT OCCUR.

b) Limitation of Liability

IF YOU HAVE ANY BASIS FOR RECOVERING DAMAGES (INCLUDING BREACH OF THESE API TERMS), YOU AGREE THAT YOUR EXCLUSIVE REMEDY IS TO RECOVER, FROM MICROSOFT OR ANY AFFILIATES, RESELLERS, DISTRIBUTORS, SUPPLIERS (AND RESPECTIVE EMPLOYEES, SHAREHOLDERS, OR DIRECTORS) AND VENDORS, ONLY DIRECT DAMAGES UP TO USD $5.00 COLLECTIVELY. YOU CAN'T RECOVER ANY OTHER DAMAGES OR LOSSES, INCLUDING, WITHOUT LIMITATION, DIRECT, CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT, INCIDENTAL, OR PUNITIVE. These limitations and exclusions apply even if this remedy doesn't fully compensate you for any losses or fails of its essential purpose or if we knew or should have known about the possibility of the damages. To the maximum extent permitted by law, these limitations and exclusions apply to any claims related to these API Terms or your use of the Graph API.

c) Indemnification

You will defend, hold harmless, and indemnify Microsoft from any claim or action brought by a third party, including all damages, liabilities, costs and expenses, and reasonable attorney fees, to the extent resulting from, alleged to have resulted from, or in connection with your breach of the obligations herein or infringement of Microsoft’s or third party’s intellectual property.

d) No Injunctive Relief

In no event shall you seek or be entitled to rescission, injunctive or other equitable relief, or to enjoin or restrain the operation of the Graph API, content or other material used or displayed through the current Microsoft Graph website or successor site.

10. Termination

a) We may suspend or immediately terminate these API Terms, any rights granted herein, and/or your license to the Graph API, in our sole discretion at any time, for any reason. You may terminate these API Terms at any time by ceasing your access to the Graph API.

b) Upon termination, all licenses granted herein immediately expire and you must cease use of the Graph API. You must also comply with Customer’s instruction to return or delete any data accessed or obtained through the Graph API, unless expressly permitted by Microsoft or prohibited by law. Neither party will be liable to the other for any damages resulting solely from termination of these API Terms.

11. General Terms

a) Applicable Law

  1. United States. If you reside in the United States, Washington state law governs the interpretation of these API Terms and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.

  2. Outside the United States. If you reside in any other country, the laws of that country apply.

b) Support. Because the Graph API is provided “as is,” we may not provide support services for them. You are solely responsible for the quality of your Application and providing support for your Application.

c) Assignment and Delegation. You may not assign or delegate any rights or obligations under these API Terms, including in connection with a change of control. Any purported assignment and delegation shall be ineffective. We may freely assign or delegate all rights and obligations under these API Terms, fully or partially without notice to you.

d) Reservation of Rights. All rights not expressly granted herein are reserved by Microsoft. You acknowledge that all intellectual property rights within the Graph API remain the property of Microsoft and nothing within these API Terms will act to transfer any of these intellectual property rights to you.

e) Microsoft and you are independent contractors. Nothing in this Agreement shall be construed as creating an employer-employee relationship, processor-subprocessor relationship, a partnership, or a joint venture between the parties.

f) No Waiver. Either party’s failure to act with respect to a breach of these API Terms does not waive either party’s right to act with respect to that breach or subsequent similar or other breaches.

g) Survival. Sections of these API Terms that, by their terms, require performance after the termination or expiration of these API Terms will survive.

h) Modifications. We may modify these API Terms at any time with or without individual notice to you. Any modifications will be effective upon your continued use of the Graph API.

i) Entire Agreement. These API Terms and any documents incorporated into these API Terms by reference, constitute the entire agreement between you and us regarding the Graph API and supersede all prior agreements and understandings, whether written or oral, or whether established by custom, practice, policy or precedent, with respect to the subject matter of these API Terms. If any provision of these API Terms is found to be illegal, void, or unenforceable, the unenforceable provision will be modified so as to render it enforceable to the maximum extent possible.