Custom plugins are embedded web applications that extend the functionality of the Staffbase platform. Start building the solution you have envisioned and streamline content and processes for users.
When developing custom plugins for the Staffbase platform, you have the following choices:
- Development team
- You can develop plugins with your in-house team or outsource it to our partners or vendors. Staffbase has built a network of technical implementation partners and we are happy to support you to find the right partner or vendor.
- Programming language
Before you start developing the custom plugin, ensure that your custom plugin meets the requirements for embedded web applications and can also function on mobile devices:
- X-frame-options header is set to embedded
- Secured by HTTPS, especially on mobile devices, requirements for SSL certificates are high
- Allows iframes
- Supports the remote deletion and remote log out in compliance with the General Data Protection Policy (GDPR), the law on data protection and privacy
- Must not rely on cookies to store sessions in browsers
- If cookies are used in browsers, ensure to flag them as Secure, HttpOnly, and SameSite=None For more details on what is required, check our SDKs. As soon as all the requirements for the custom plugin are met, you are ready to start the development.
Use an SDK to help you easily build a web application that can be embedded into the Staffbase environment:
- Staffbase plugins SDK for PHP
- Staffbase plugins SDK for Java
- Staffbase plugins SDK for NodeJS
Tip: Test and ensure that the web application you developed using the SDK runs on the web server it is hosted.
Before custom plugin authentication constraints can be specified to establish authorized communication between the plugin and the Staffbase server, Staffbase requires the specifications of the plugin to provide the information.
Reach out to firstname.lastname@example.org to receive the datasheet to provide the plugin specifications. Fill out the datasheet with specifications, such as:
- Publisher Details: This includes details, such as name of the publisher, webpage, and contact email address.
- Custom Plugin Description and Design: This includes details, such as:
- Description: The name and short description of the plugin.
- Design: The color, icon, and singular and plural entities used in the plugin.
- Custom Plugin URL: This includes custom plugin URLs for user-facing interface and the Experience Studio.
- Custom Plugin Availability: This includes details, such as:
- available only to logged in users or to even to non-logged in users
- available to only your organization or available to other Staffbase customers as well
- Staffbase Environment: This includes information on which instance of the application you are working on during development of the application. This is only valid if you have different application instances for test and production environments.
You need to specify authentication parameters in the code of your custom plugin. In order to ensure that the request from the Staffbase server can be authenticated by the host of the custom plugin. The authentication parameters required are:
- Plugin ID: To identify the custom plugin that needs authentication.
- Public Key: To authenticate the communication.
Staffbase provides you with the authentication parameters, after you have submitted your plugin specifications. Add the parameter values to your code snippet. These values are matched to decode the JSON Web Token and authenticate the requests from the Staffbase server. Example: In the SDK for NodeJS, you can add the values to the following code snippet.
Note: The jwtToken parameter is generated with each request.
Once the web application is developed, you can integrate it into the Staffbase environment. This involves registration and activation of the plugin to the Staffbase platform. Once you have added the authentication, inform Staffbase to initiate the registration process of the plugin in the Staffbase server and activate the custom plugin for your organization and the admin can install it for the organization from the Plugins page in the Experience Studio.