Access SharePoint data with the Cross Domain JavaScript Library and the REST\OData endpoints

SharePoint add-in model is considered as a legacy option for extending SharePoint user interface. Please see SharePoint Framework documentation and the SharePoint Framework samples for the future proven option to extend SharePoint Online. Possible backend services should be using Azure Active Directly based registration and related app models.


Use the SharePoint Cross Domain JavaScript library (CDL) and the SharePoint REST\OData endpoints to access SharePoint data from a remotely hosted web page without the need for OAuth tokens.

Applies to

  • SharePoint Online and on-premise SharePoint 2013 and later


This sample requires the following:

  • A SharePoint 2013 (or later) development environment that is configured for add-in isolation. (A SharePoint Online Developer Site is automatically configured. For an on premise development environment, see Set up an on-premises development environment for SharePoint Add-ins)

  • Visual Studio and the Office Developer Tools for Visual Studio installed on your developer computer

Description of the code

The sample includes an instance of an Announcements list with two sample announcements in it. The list instance is deployed to the add-in web. When the start page loads, JavaScript in the CrossDomainExec.js file, in the remote domain, makes a REST call to SharePoint to get the announcements and displays them on the page.

The page looks similar to the following.

The add-in start page with a table showing the result of searching on the term "SharePoint".

Note: The start page of the add-in, CrossDomainCall.aspx, is a plain HTML file. It has an "aspx" extension because when a remote start page in a provider-hosted add-in is opened by SharePoint, SharePoint sends it a context token in the body of the HTTP request. To do this SharePoint must send a POST request. But the IIS Express that is hosting the remote page when you are debugging will not accept POST requests to a resource with a .html extension.

The sample demonstrates the following:

  • How to use the key classes of the CDL to make calls from a remotely hosted domain to the SharePoint add-in web domain.

  • How to parse the JSON-formatted data returned from the SharePoint and how to display it dynamically.

To use the sample

  1. Open Visual Studio as an administrator.
  2. Open the .sln file.
  3. In Solution Explorer, highlight the SharePoint add-in project and replace the Site URL property with the URL of your SharePoint developer site.
  4. Press F5.
  5. After the add-in installs, the consent page opens. Click Trust It.
  6. The page opens that the JavaScript runs immediately.


For troubleshooting steps, visit the "Troubleshooting the solution" table in the cross-domain library documentation article.

Questions and comments

We'd love to get your feedback on this sample. You can send your questions and suggestions to us in the Issues section of this repository.

Additional resources

Copyright (c) Microsoft. All rights reserved.

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact with any additional questions or comments.