SharePoint SharePoint Framework

SharePoint PnP Webcast – Calling external APIs securely from SharePoint Framework

In this PnP Webcast, we concentrate on how to secure traffic from SharePoint Framework solution towards an external API hosted in Azure. Technically similar process does work with other platforms as well, but Azure is typically used as customization platform also for solutions hosted in SharePoint Online. Webcast demo concentrates showing securely calling an Azure function from client-side web part, but you can absolutely also securely call WebAPIs using similar pattern.

It’s important to notice that showed pattern only takes care of the authentication and there’s no consent flow, like typically when Adal.js would be used. This means that traffic from SharePoint Online towards the custom API is secure, but external API cannot directly use the identify of a caller. Typically, in these kinds of scenarios you either use app-only or specific service account. Shown pattern enables for example scenarios where you’d like to integrate SharePoint Online UI to your Line-Of-Business applications by showing information directly in the SharePoint Online UIs. You can call for example WebAPI hosted in Azure, which can then for example use Service Bus to call even back to on-premises for Line-Of-Business application access. 

Presentation covers following topics:

  • adal.js challenges with SharePoint Framework
  • Alternative way to securely call APIs secured with Azure Active Directory
  • SharePoint Framework and backend services – Logical architecture

Webcast demo shows following things:

  • How to securely call Azure function from SharePoint Framework web part
  • How Azure function authentication can be controlled
  • Required configuration for Azure function for enabling a call from SharePoint Online
  • SharePoint Framework client-side web part implementation to call Azure function securely

Webcast presenters: Waldek MastykarzVesa Juvonen 

Presentation used in this web cast is available from

Video at YouTube.

Additional resources

See following resources around the covered topics.

What is SharePoint / Office Dev Patterns & Practices (PnP) web cast series?

SharePoint / Office Dev Patterns and PracticesSharePoint / Office Dev Patterns & Practices (PnP) webcast series covers different patterns, practices and topics around development with Office 365 and SharePoint. Majority of the topics are valid for the Office 365 and SharePoint on-premises. Our objective is to release new around 30 minute long web cast each Monday with few slides and a live demo on the covered topic. All web casts are published at the PnP YouTube channel with additional references on the existing materials.

PnP is community driven open source project where Microsoft and external community members are sharing their learning’s around implementation practices for Office 365 and SharePoint on-premises (add-in model). Active development and contributions happen in our GitHub repositories under dev branch and each month there will be a master merge (monthly release) with more comprehensive testing and communications. Latest activities and future plans are covered in our monthly community calls which are open for anyone from the community. Download invite from

This is work done by the community for the community without any actual full time people. It’s been great to find both internal and external people who are willing to assist and share their learning’s for the benefit of others. This way we can build on the common knowledge of us all. Currently program is facilitated by Microsoft, but already at this point we have multiple community members as part of the Core team and we are looking to extend the Core team with more community members.

If you have any questions, comments or feedback around PnP program or this blog post, please use the Microsoft Tech Community (SharePoint Developer group).

“Sharing is caring”

Vesa Juvonen, Senior Program Manager, SharePoint, Microsoft – 8th of May 2017