Create the project
Assuming you have a development environment set up, the next step is to create your add-in. See steps from Microsoft’s documentation:
Configure the project
To configure your project navigate to the AppManifest.xml file that is generated when you create the project. Visual Studio gives you a nice GUI to modify the properties of your application. The list below includes some of the important adjustable properties of your add-in.
- Start page
Note: Be sure to read the considerations on this page before configuring your application’s permissions.
Start coding… or not?
Generated files of importance:
- /Pages/Default.aspx – Default aspx page of your add-in web. Imports the files listed below.
- /Content/App.css – CSS styling for your app goes here.
Press F5 to execute (this temporarily installs your add-in to your development site). If you’re a front end web development guru you should be able to hit the ground running at this point. Brush up on SharePoint’s Client Side Object Model (CSOM) as well as the REST API capabilities and keep the considerations listed below in mind.
Use the SharePoint REST API or Client Side Object Model (CSOM) for data fetching and modification in context.
In a SharePoint Hosted app there are resources available from both the host web (where the app is installed) and the app web (the sub web where your code executes). These resources are limited to the access rights of the user running the application. Resources outside of this site scope (i.e. cross domain) are unavailable unless the following is true:
- You must be using the cross domain library
- The app must be tenant scoped
- The user running the app must have tenant level permissions
In most use cases, the last bullet point above is unrealistic unless your user is a tenant-level admin.
Both the application and the user need adequate access to perform an action.
Keep this in mind while developing your SharePoint Hosted application. If the app has Full Control permission to the site but the user running the app only has Contribute access then the application will only be able to perform actions at the Contributor level.