Skip to main content
Skip table of contents

Technical details of the Phishing Report Button

Our Phishing Report Button add-in is based on the technologies HTML, CSS, and JavaScript and is not an old COM+ plugin. Due to the web technologies used, the add-in can also be used in OWA (Outlook Web Access) or in the mobile Outlook apps.

The application is fed into the Exchange environment via a manifest file. This contains all configurations for the display, access rights and references to the add-in host. The Microsoft REST API (onPrem Setups), Graph API or EWS (Exchange Web Services) can be used as an interface to the Exchange Server. 

Furthermore, the button first obtains a configuration package from our SoSafe server when starting.

The add-in specifically accesses the following end points:


getCallbackTokenAsync (with isRest flag)

To retrieve the access token



To retrieve the email header



To send the email



To delete the email



To retrieve an attachment




Further information can be found in the official documentation from Microsoft:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.