Answers, developer

What are the OpenAI Apps SDK app submission guidelines?

The OpenAI Apps SDK lets developers build apps that run inside ChatGPT on top of the Model Context Protocol. To go live, an app is submitted to OpenAI and reviewed against published guidelines that cover usefulness, safety and policy compliance, privacy and data handling, and design. OpenAI's developer documentation is the source of truth for the current rules. CorpusIQ connects business tools to ChatGPT through MCP with read-only OAuth and no data storage, built to meet those review expectations.

Related pillar: Model Context Protocol overview

OpenAI publishes the official submission guidelines in its developer documentation. Read the OpenAI Apps SDK docs

Where the official guidelines live

OpenAI publishes the Apps SDK and its submission requirements in its developer documentation. Treat that as canonical, because the rules change as the platform evolves. This page is a practical summary to orient you before you read the official source, not a replacement for it.

What the review looks at

Reviews generally check four things: the app does something genuinely useful and works reliably, it complies with OpenAI's usage policies, it handles user data responsibly with clear scopes and disclosure, and it follows the design and interaction guidelines for apps that render inside ChatGPT. Build for all four from the start rather than retrofitting after a rejection.

How MCP fits in

An Apps SDK app exposes its capability through an MCP server. The server has to implement the transport correctly, including the Accept-header content negotiation that trips up many first submissions when a hand-rolled client or proxy drops one of the required content types. Getting the protocol details right is part of passing review.

Privacy and data-handling expectations

Request the minimum scopes your app needs, disclose what it reads, and avoid storing data you do not have to keep. Read-only access is easier to justify in review than read-write. CorpusIQ uses read-only OAuth on every connector, does not store customer files, and does not use customer data to train any model.

Common reasons a submission gets sent back

Recurring issues include a vague value proposition, over-broad permission scopes, a missing or thin privacy disclosure, an MCP endpoint that fails content negotiation, and responses that are slow or unreliable under load. Tighten each of these before you submit and the review tends to go faster.

Try CorpusIQ on your business

37+ read-only connectors. ChatGPT, Claude, and Perplexity. Solo $29.95 a month. 30-day free trial.