Our Phishing Report Button add-in is based on the technologies HTML, CSS, and JavaScript and is not an old COM+ plugin. Due to the web technologies used, the add-in can also be used in OWA (Outlook on the Web) or in the mobile Outlook apps.
The application is fed into the Exchange environment via a manifest file. This contains all configurations for the display, access rights and references to the add-in host. The Microsoft REST API (onPrem Setups), Graph API or EWS (Exchange Web Services) can be used as an interface to the Exchange Server.
Furthermore, the button first obtains a configuration package from our SoSafe server when starting.
-
Host of the add-in: https://reporter.sosafe.de
-
API-URL-SoSafe: https://api.sosafe.de/v1
The add-in specifically accesses the following end points:
API:
|
getCallbackTokenAsync (with isRest flag) |
|
To retrieve the access token |
|
GET |
/api/v2.0/me/messages/MESSAGEID |
To retrieve the email header |
|
POST |
/api/v2.0/me/sendmail |
To send the email |
|
DELETE |
/api/v2.0/me/messages/MESSAGEID |
To delete the email |
|
GET |
/api/v2.0/me/messages/MESSAGEID/attachments/ATTACHMENTID |
To retrieve an attachment |
EWS:
getCallbackTokenAsync
makeEwsRequestAsync
Further information can be found in the official documentation from Microsoft:
https://docs.microsoft.com/en-us/office/dev/add-ins/