SharePoint Add-ins (aka apps) are used to extend SharePoint applications through Client APIs.
Types of SharePoint Add-ins
Based on the type of hosting, the Add-ins are categorized into 2 types.
- SharePoint-Hosted Add-ins contain SharePoint components like Lists, Web Parts, Workflows etc. on a sub web called the "add-in web" (aka app-web). Only client-side code can be used to access SharePoint.
- Provider-Hosted Add-ins contain components that are deployed and hosted outside SharePoint farm. Both, client-side code and server-side code can be used for development.
Packaging Add-ins
- Organization's add-in catalog
It is a dedicated SharePoint site collection in the SharePoint Online subscription or on-premise farm. This method is used when the add-in is custom-made for a particular organization.
- Office Store
The store handles marketing process for you, from discovery to purchase to updates. Microsoft provides a "Seller Dashboard" to help you sell add-ins through Office Store.
Advantages of Add-in Model
- There is no dependency on Server-side code since it executes on Client-side.
- Add-ins communicate with SharePoint using Client side Object Model (CSOM) or Rest services with OAuth being the authentication mode.
- Remarkable usability in Tablets and Mobile devices.
- One step ahead for development in future where cloud hosting could be more preferrable.
- In SharePoint 2016, everything is an Add-in including Lists, Libraries etc.
- SharePoint Add-ins can be developed with any programming language or technology, provided they are hosted outside SharePoint.
- SharePoint Add-ins can be created using PHP, Java, or any other technology capable of communicating with SharePoint via the new REST API and the OAuth protocol.
Types of Configuration
- Full-Page - These Add-ins have an independent UI irrespective of the sites on which they are hosted. A "Back" button should be provided to navigate back to the parent site which triggered the Add-in.
- Add-in Parts - Add-in parts render inside an iFrame from whithin the pages of the parent site. They are also known as Client Parts.
- UI command extension - These Add-ins are used to extend the UI of the parent site. For example, you can create an Add-in to add a new button to the ribbon.
Security Perspective
From a security point of view, one can trust SharePoint 2016 Add-in model to be thouroughly secured.
A definite set of permissions is requested by the SharePoint Add-in when it is installed. The Add-in will be installed only if the current user can grant the requested permissions, otherwise the Add-in will not install.
Development Tools for creating Add-ins
- "Napa" Office 365 Dev tools - This tool is purely client side and ideal for creating SP hosted Add-ins. It comes with Office 365 subscription.
- Visual Studio - For developing Add-ins using Microsoft.NET and Microsoft Visual Studio 2015, you will need the Office Developer Tools for Visual Studio 2015.
Note - You will also need to install the following tools and libraries if working on a machine outside the SharePoint 2016 environment.
- SharePoint client components
- Windows Identity Foundation SDK
- Workflow Tools SDK and Workflow Client SDK
- Windows Identity Foundation SDK and Windows Identity Foundation extensions
Programming model for SharePoint
There are three ways that an Add-in can communicate with SharePoint.
- .NET / Silverlight API
- JavaScript API
- REST API