Custom Plugin Development

Custom plugins are embedded web applications that extend the functionality of the Staffbase platform. Start building the solution you have envisioned and streamline content and processes for users.

When developing custom plugins for the Staffbase platform, you have the following choices:

• Development team
  • You can develop plugins with your in-house team or outsource it to our partners or vendors. Staffbase has built a network of technical implementation partners and we are happy to support you to find the right partner or vendor.
• Programming language
  • You can choose the programming language of your choice. We provide you with NodeJS and PHP.

Before you start developing the custom plugin, ensure that your custom plugin meets the requirements for embedded web applications and can also function on mobile devices:

• The X-Frame-Options header is set to allow rendering of custom plugin in an iframe or:
  • If you have configured a Content-Security-Policy with a frame-ancestors directive, for the domain where you host the plugin, the X-Frame Options header is obsolete. To ensure that the rendering is supported on all browsers, configure the CSP frame-ancestors to integrate with Staffbase. Learn more.
• The custom plugin URL uses HTTPS.
  Note: The requirements for the SSL certificate are higher for mobile devices than desktop devices. An A or A+ on this test is usually a good sign that it will work. Test your URL, here.
• Supports the remote deletion and remote log out in compliance with the General Data Protection Policy (GDPR), the law on data protection and privacy.
• Must not rely on cookies to store sessions in browsers.
• If cookies are used in browsers, ensure to flag them as Secure, HttpOnly and SameSite=None

For more details on what is required, check our SDKs. As soon as all the requirements for the custom plugin are met, you are ready to start the development.

Use an SDK to help you easily build a web application that can be embedded into the Staffbase environment:

• Staffbase Plugins SDK for NodeJS
• Staffbase Plugins SDK for PHP

We recommend to use our SDK for NodeJS and the project skeleton generator that comes along with it.

Finally, test and ensure that the web application you developed using the SDK runs on the web server it is hosted.

Before custom plugin authentication constraints can be specified to establish authorized communication between the plugin and the Staffbase server, Staffbase requires the specifications of the plugin to provide the information.

Reach out to support@staffbase.com to receive the datasheet to provide the plugin specifications. Fill out the datasheet with specifications, such as:

Publisher Details

• Publisher Name: The name of the publisher of the custom plugin. This can be either the name of the developer or your organization.
• Publisher Webpage: The webpage you want to add for the custom plugin. This will be displayed as a hyperlink to the publisher name.
• Support Email: The support email to reach out to in case of assistance in the matter of the custom plugin lifecycle.

Custom Plugin Description

• Name: The name of the custom plugin. The maximum character length is 20.
• Synopsis: A short description of the custom plugin.
• Entity Singular: The labels on the interface referring to the custom plugin in singular form. The maximum character length is 20.
  Example: The button Add <name of the custom plugin> to add an instance of the custom plugin.
• Entity Plural: The labels on the interface referring to the custom plugin in plural form. The maximum character length is 20.
  Example: The heading on the interface to list all the instances of the custom plugin.
• Entity Add New: The label on the interface referring to the add a new instance of the custom plugin. The maximum character length is 20.
• Color: The hexadecimal color codes used in the custom plugin.
  Example: #FFFFFF
• Icon: The icon you want to use in the custom plugin. You can select from one of the available Staffbase Icons or opt for custom icons. If you opt for a custom icon, you can add the custom icon in the menu, once the custom plugin is installed.

Custom Plugin Specifications

• Custom Plugin URL: This includes custom plugin URLs for user-facing interface and the Staffbase Studio.
• Custom Plugin Availability: This includes details, such as:
  • available only to logged in users or even to non-logged in users (public area)
  • available to only your organization or available to other Staffbase customers as well

You need to specify authentication parameters in the code of your custom plugin. In order to ensure that the request from the Staffbase server can be authenticated by the host of the custom plugin. The authentication parameters required are:

• Plugin ID: To identify the custom plugin that needs authentication.
• Public Key: To authenticate the communication.

Staffbase provides you with the authentication parameters, after you have submitted your plugin specifications. Add the parameter values to your code snippet. These values are matched to decode the JSON Web Token and authenticate the requests from the Staffbase server.

Example: In the SDK for NodeJS, you can add the values to the following code snippet.

Once the web application is developed, you can integrate it into the Staffbase environment. This involves registration and activation of the plugin to the Staffbase platform. Once you have added the authentication, inform Staffbase to initiate the registration process of the plugin in the Staffbase server and activate the custom plugin for your organization and the admin can install it for the organization from the Plugins page in the Staffbase Studio.