Custom Plugin Development

Getting Started With Custom Plugins

Custom plugins are embedded web applications that extend the functionality of the Staffbase platform. Start building the solution you have envisioned and streamline content and processes for users.

When developing custom plugins for the Staffbase platform, you have the following choices:

  • Development team
    • You can develop plugins with your in-house team or outsource it to our partners or vendors. Staffbase has built a network of technical implementation partners and we are happy to support you to find the right partner or vendor.
  • Programming language
    • You can choose the programming language of your choice. We provide you with SDKs for NodeJS, PHP, Java and JavaScript.


Before you start developing the custom plugin, ensure that your custom plugin meets the requirements for embedded web applications and can also function on mobile devices:

  • X-frame-options header is set to embedded
  • Secured by HTTPS, especially on mobile devices, requirements for SSL certificates are high
  • Allows iframes
  • Supports the remote deletion and remote log out in compliance with the General Data Protection Policy (GDPR), the law on data protection and privacy
  • Must not rely on cookies to store sessions in browsers
  • If cookies are used in browsers, ensure to flag them as Secure, HttpOnly, and SameSite=None

For more details on what is required, check our SDKs. As soon as all the requirements for the custom plugin are met, you are ready to start the development.

Staffbase SDKs

Use an SDK to help you easily build a web application that can be embedded into the Staffbase environment:

Tip: Test and ensure that the web application you developed using the SDK runs on the web server it is hosted.

Provide Staffbase With Custom Plugin Specifications

Before custom plugin authentication constraints can be specified to establish authorized communication between the plugin and the Staffbase server, Staffbase requires the specifications of the plugin to provide the information.

Reach out to to receive the datasheet to provide the plugin specifications. Fill out the datasheet with specifications, such as:

  • Publisher Details: This includes details, such as name of the publisher, webpage, and contact email address.
  • Custom Plugin Description and Design: This includes details, such as:
    • Description: The name and short description of the plugin.
    • Design: The color, icon, and singular and plural entities used in the plugin.
  • Custom Plugin URL: This includes custom plugin URLs for user-facing interface and the Experience Studio.
  • Custom Plugin Availability: This includes details, such as:
    • available only to logged in users or to even to non-logged in users
    • available to only your organization or available to other Staffbase customers as well
  • Staffbase Environment: This includes information on which instance of the application you are working on during development of the application. This is only valid if you have different application instances for test and production environments.

Specify the Authentication Parameters for Your Custom Plugin

You need to specify authentication parameters in the code of your custom plugin. In order to ensure that the request from the Staffbase server can be authenticated by the host of the custom plugin. The authentication parameters required are:

  • Plugin ID: To identify the custom plugin that needs authentication.
  • Public Key: To authenticate the communication.

Staffbase provides you with the authentication parameters, after you have submitted your plugin specifications. Add the parameter values to your code snippet. These values are matched to decode the JSON Web Token and authenticate the requests from the Staffbase server.

Example: In the SDK for NodeJS, you can add the values to the following code snippet.

Custom Plugin Steps

Note: The jwtToken parameter is generated with each request.

Deploy Your Custom Plugin on the Staffbase Platform

Once the web application is developed, you can integrate it into the Staffbase environment. This involves registration and activation of the plugin to the Staffbase platform. Once you have added the authentication, inform Staffbase to initiate the registration process of the plugin in the Staffbase server and activate the custom plugin for your organization and the admin can install it for the organization from the Plugins page in the Experience Studio.