Our Phishing Report Button add-in is based on the technologies HTML, CSS, and JavaScript and is not an old COM+ plugin. Due to the web technologies used, the add-in can also be used in OWA (Outlook Web Access) or in the mobile Outlook apps.


The application is fed into the Exchange environment via a manifest file. This contains all configurations for the display, access rights and references to the add-in host. The Microsoft REST API or EWS (Exchange Web Services) can be used as an interface to the Exchange Server. 

Furthermore, the button first obtains a configuration package from our SoSafe server when starting.



The add-in specifically accesses the following end points:


API:                                                

getCallbackTokenAsync (with isRest flag) 

To retrieve the access token
GET        
/api/v2.0/me/messages/MESSAGEID      
To retrieve the email header
POST 
/api/v2.0/me/sendmail    
To send the email
DELETE
/api/v2.0/me/messages/MESSAGEID
To delete the email
GET
/api/v2.0/me/messages/MESSAGEID/attachments/ATTACHMENTID
To retrieve an attachment


EWS: 

getCallbackTokenAsync

makeEwsRequestAsync


Further information can be found in the official documentation from Microsoft:


https://docs.microsoft.com/en-us/office/dev/add-ins/