Dashboard — SP Notify

Notification channels

Scheduler interval

API endpoints

Alert lifecycle phases

Architecture highlights

How SP Notify works

Phase 1

Alert creation & webhook registration

Users configure alerts from within the SharePoint list toolbar via the SPFx ListViewCommandSet extension. The backend persists the subscription and auto-registers a SharePoint webhook.

SPFx acquires a Bearer token via AadHttpClient transparently
Payload includes AlertType, ChangeType, DeliveryMethod, and LastChangedToken
Backend upserts AlertInfo and calls WebhookService.RegisterWebhookAsync() if needed
Returns 201 Created with the full persisted IAlertInfo

Phase 2

Change detection via webhooks

When a SharePoint list item changes, SharePoint posts a SpNotificationPayload to the backend within seconds. The backend stores a TriggerEvent and returns 200 OK immediately.

clientState = "AlertID-{id}" links the webhook to a specific alert
Fire-and-forget write to [DS.SP.Notify.TriggerEvent]
SharePoint requires a sub-second acknowledgment — no processing happens here
On first delivery, SubscriptionID is confirmed on the AlertInfo record

Phase 3

Scheduled notification processing

Every 5 minutes, SchedulerNotification processes all unread TriggerEvents per tenant. The ChangeManager diffs SharePoint via CSOM and dispatches notifications to the correct channel.

Events deduplicated by list GUID before processing
CSOM fetches changes since LastChangedToken as a delta cursor
AlertType + ChangeType filters applied after CSOM diff
SPNotifyLog written and LastChangedToken advanced after each delivery

Architecture

Multi-tenant isolation

One backend serves unlimited SharePoint tenants. Each tenant has its own Entra registration, credentials, and database rows. Isolation is enforced at every layer — no data can leak between tenants.

SPTenantID header identifies tenant on every HTTP request
TokenValidatorCache maintains per-tenant OIDC signing keys
All SQL queries include a TenantID predicate — no cross-tenant queries exist
Scheduler iterates tenants independently with separate ChangeManager instances

Security

Authentication & token flow

All API calls are secured with Azure AD Bearer tokens. The SPFx extension acquires tokens transparently via SharePoint's token brokering — no manual OAuth flows required in frontend code.

AadHttpClient handles token acquisition and renewal automatically
Every backend function validates the token independently — no API gateway
SPTenantID header required alongside the token for multi-tenant OIDC resolution
TokenValidatorCache caches signing keys per tenant to avoid repeated fetches

Full feature set

Everything SP Notify does

Alert config

Alert configuration & management

🔔

Custom alert titles & targets

Each alert has a user-defined title and an explicit list of recipients (SendAlertsTo).

📋

AlertType filtering

Notify on All changes, Added items only, Updated items only, or Removed items only.

👤

ChangeType authorship filtering

Filter by who made the change — anyone, someone else, or someone else who changed items created or last modified by you.

👁

View-scoped alerts

Restrict notifications to items visible in a specific SharePoint list view using FilterViewId.

📅

Expiration dates

Alerts can be given an ExpirationDate after which they stop triggering, and toggled active/inactive at any time.

Delivery

Delivery channels & scheduling

📧

Email via Microsoft Graph

HTML-formatted emails sent via POST /v1.0/users/{sender}/sendMail. Recipient names resolved via Graph.

💬

SMS via HTTP provider

Provider-agnostic SMS delivery. Optionally appends the changed item URL with the SendUrlInSms flag.

🟣

Microsoft Teams Adaptive Cards

Posted to a specific team + channel via Bot Connector. Team and channel selected by the user at alert creation.

🟢

WhatsApp via Business API

Instant messages delivered to the recipient's WhatsApp account via the WhatsApp Business API. No corporate client required.

⚡

Immediate notifications

Processed within the next scheduler cycle (≤5 minutes). No batching delay for immediate-mode alerts.

📆

Daily & weekly digests

Aggregate changes over a day or week into a single summary notification with configured SummaryDay and SummaryTime.

Infrastructure

Backend & infrastructure

🔗

SharePoint webhook subscription management

The backend auto-registers and tracks SharePoint webhook subscriptions per list via WebhookService.RegisterWebhookAsync().

🔄

CSOM change token delta cursor

Uses SharePoint's LastChangedToken as a persistent cursor to retrieve only new changes since the last notification run.

🗄

Azure SQL persistence

All alert subscriptions, trigger events, webhook entries, and delivery logs stored in Azure SQL with tenant-scoped queries.

⏰

Timer-triggered scheduler

SchedulerNotification runs as an Azure Functions timer trigger every 5 minutes, processing all tenants in sequence.

🧹

TriggerEvent deduplication & cleanup

Multiple rapid changes to the same list are deduplicated by list GUID before processing. Events are deleted after successful dispatch.

Security

Security & multi-tenancy

🔐

Azure AD / Entra JWT validation

Every HTTP function validates the Bearer token against the tenant's OIDC signing keys. No centralised API gateway required.

🏢

Unlimited tenant support

One backend deployment, unlimited tenants. Each tenant has isolated credentials, DB rows, and scheduler context via TenantConfiguration.

⚡

TokenValidatorCache

Per-tenant OIDC metadata and signing keys cached in memory to avoid repeated round-trips to Azure AD on every request.

🎫

OBO & certificate-based MSAL tokens

Backend acquires On-Behalf-Of tokens for webhook registration and certificate-based client credentials for scheduler CSOM calls.

🔑

Transparent SPFx token brokering

AadHttpClient handles all token acquisition through SharePoint's brokering — no manual OAuth flows or redirects in frontend code.

API surface

REST API quick reference

All endpoints — Bearer token + SPTenantID header required

Full docs →

POST/api/alertmngr/create201

POST/api/alertmngr/update200

POST/api/alertmngr/delete204

GET/api/alerts4list/{listGuid}200

GET/api/alerts/{id}200

GET/api/alertlog/{alertId}200

POST/api/configmngr/create201

POST/api/configmngr/update200

POST/api/configmngr/delete204

GET/api/configmngr/tenant/{tenantId}200

System overview & features