Our Phishing Reporter Button Add-In is based on the technologies HTML, CSS, and JavaScript and is not an old COM+ plugin. Due to the web technologies used, the Add-In can also be used in OWA (Outlook Web Access) or in the mobile Outlook Apps.


The application is fed into the Exchange environment via a manifest file. This contains all configurations for the display, access rights and references to the Add-In host. The Microsoft REST API or EWS (Exchange Web Services) can be used as an interface to the Exchange Server. 

Furthermore, the button first obtains a configuration package from our SoSafe server when starting.



The add-in specifically accesses the following end points:


API:                                                

getCallbackTokenAsync (with isRest flag) 

To retrieve the access token
GET        
/api/v2.0/me/messages/MESSAGEID      
To retrieve the mail header
POST 
/api/v2.0/me/sendmail    
To send the e-mail
DELETE
/api/v2.0/me/messages/MESSAGEID
To delete the e-mail
GET
/api/v2.0/me/messages/MESSAGEID/attachments/ATTACHMENTID
To retrieve an attachment


EWS: 

getCallbackTokenAsync

makeEwsRequestAsync


Further information can be found in the official documentation from Microsoft:


https://docs.microsoft.com/en-us/office/dev/add-ins/