Dashboard

System overview & features

A live look at the SP Notify platform — the replacement for retired SharePoint alerts, with capabilities, architecture highlights, and the full API surface.

3
Notification channels
5m
Scheduler interval
10
API endpoints
4
Alert lifecycle phases
Architecture highlights

How SP Notify works

Phase 1
Alert creation & webhook registration

Users configure alerts from within the SharePoint list toolbar via the SPFx ListViewCommandSet extension. The backend persists the subscription and auto-registers a SharePoint webhook.

  • SPFx acquires a Bearer token via AadHttpClient transparently
  • Payload includes AlertType, ChangeType, DeliveryMethod, and LastChangedToken
  • Backend upserts AlertInfo and calls WebhookService.RegisterWebhookAsync() if needed
  • Returns 201 Created with the full persisted IAlertInfo
SPFx Extension My Notifications POST /create Azure Functions HTTP Endpoint SQL · AlertInfo WebHooks SharePoint Webhook sub.
Phase 2
Change detection via webhooks

When a SharePoint list item changes, SharePoint posts a SpNotificationPayload to the backend within seconds. The backend stores a TriggerEvent and returns 200 OK immediately.

  • clientState = "AlertID-{id}" links the webhook to a specific alert
  • Fire-and-forget write to [DS.SP.Notify.TriggerEvent]
  • SharePoint requires a sub-second acknowledgment — no processing happens here
  • On first delivery, SubscriptionID is confirmed on the AlertInfo record
SharePoint Item changed POST /webhook Webhook Recv validate clientState store TriggerEvent SQL · TriggerEvent (queued) 200 OK
Phase 3
Scheduled notification processing

Every 5 minutes, SchedulerNotification processes all unread TriggerEvents per tenant. The ChangeManager diffs SharePoint via CSOM and dispatches notifications to the correct channel.

  • Events deduplicated by list GUID before processing
  • CSOM fetches changes since LastChangedToken as a delta cursor
  • AlertType + ChangeType filters applied after CSOM diff
  • SPNotifyLog written and LastChangedToken advanced after each delivery
Scheduler every 5 min ChangeManager CSOM diff Email Teams SMS
Architecture
Multi-tenant isolation

One backend serves unlimited SharePoint tenants. Each tenant has its own Entra registration, credentials, and database rows. Isolation is enforced at every layer — no data can leak between tenants.

  • SPTenantID header identifies tenant on every HTTP request
  • TokenValidatorCache maintains per-tenant OIDC signing keys
  • All SQL queries include a TenantID predicate — no cross-tenant queries exist
  • Scheduler iterates tenants independently with separate ChangeManager instances
Tenant A Entra App Tenant B Entra App Tenant C Entra App Azure Functions + SQL (isolated rows)
Security
Authentication & token flow

All API calls are secured with Azure AD Bearer tokens. The SPFx extension acquires tokens transparently via SharePoint's token brokering — no manual OAuth flows required in frontend code.

  • AadHttpClient handles token acquisition and renewal automatically
  • Every backend function validates the token independently — no API gateway
  • SPTenantID header required alongside the token for multi-tenant OIDC resolution
  • TokenValidatorCache caches signing keys per tenant to avoid repeated fetches
SPFx / User token request Azure AD JWT SPFx sends JWT Bearer + SPTenantID Backend Validate + respond
1 / 5
Full feature set

Everything SP Notify does

Alert config

Alert configuration & management

🔔

Custom alert titles & targets

Each alert has a user-defined title and an explicit list of recipients (SendAlertsTo).

📋

AlertType filtering

Notify on All changes, Added items only, Updated items only, or Removed items only.

👤

ChangeType authorship filtering

Filter by who made the change — anyone, someone else, or someone else who changed items created or last modified by you.

👁

View-scoped alerts

Restrict notifications to items visible in a specific SharePoint list view using FilterViewId.

📅

Expiration dates

Alerts can be given an ExpirationDate after which they stop triggering, and toggled active/inactive at any time.

Delivery

Delivery channels & scheduling

📧

Email via Microsoft Graph

HTML-formatted emails sent via POST /v1.0/users/{sender}/sendMail. Recipient names resolved via Graph.

💬

SMS via HTTP provider

Provider-agnostic SMS delivery. Optionally appends the changed item URL with the SendUrlInSms flag.

🟣

Microsoft Teams Adaptive Cards

Posted to a specific team + channel via Bot Connector. Team and channel selected by the user at alert creation.

Immediate notifications

Processed within the next scheduler cycle (≤5 minutes). No batching delay for immediate-mode alerts.

📆

Daily & weekly digests

Aggregate changes over a day or week into a single summary notification with configured SummaryDay and SummaryTime.

Infrastructure

Backend & infrastructure

🔗

SharePoint webhook subscription management

The backend auto-registers and tracks SharePoint webhook subscriptions per list via WebhookService.RegisterWebhookAsync().

🔄

CSOM change token delta cursor

Uses SharePoint's LastChangedToken as a persistent cursor to retrieve only new changes since the last notification run.

🗄

Azure SQL persistence

All alert subscriptions, trigger events, webhook entries, and delivery logs stored in Azure SQL with tenant-scoped queries.

Timer-triggered scheduler

SchedulerNotification runs as an Azure Functions timer trigger every 5 minutes, processing all tenants in sequence.

🧹

TriggerEvent deduplication & cleanup

Multiple rapid changes to the same list are deduplicated by list GUID before processing. Events are deleted after successful dispatch.

Security

Security & multi-tenancy

🔐

Azure AD / Entra JWT validation

Every HTTP function validates the Bearer token against the tenant's OIDC signing keys. No centralised API gateway required.

🏢

Unlimited tenant support

One backend deployment, unlimited tenants. Each tenant has isolated credentials, DB rows, and scheduler context via TenantConfiguration.

TokenValidatorCache

Per-tenant OIDC metadata and signing keys cached in memory to avoid repeated round-trips to Azure AD on every request.

🎫

OBO & certificate-based MSAL tokens

Backend acquires On-Behalf-Of tokens for webhook registration and certificate-based client credentials for scheduler CSOM calls.

🔑

Transparent SPFx token brokering

AadHttpClient handles all token acquisition through SharePoint's brokering — no manual OAuth flows or redirects in frontend code.

API surface

REST API quick reference

All endpoints — Bearer token + SPTenantID header required

Full docs →
POST/api/alertmngr/create201
POST/api/alertmngr/update200
POST/api/alertmngr/delete204
GET/api/alerts4list/{listGuid}200
GET/api/alerts/{id}200
GET/api/alertlog/{alertId}200
POST/api/configmngr/create201
POST/api/configmngr/update200
POST/api/configmngr/delete204
GET/api/configmngr/tenant/{tenantId}200