Access SharePoint from mobile and native device apps

Learn how to access SharePoint from mobile apps and other native device apps, and from external web applications. SharePoint Add-ins, farm solutions, and "no code" sandboxed solutions are all run from within SharePoint, but apps on other platforms can also access SharePoint client APIs.


To test and debug on any platform, you need a developer account on Office 365. More info: Set up a development environment for SharePoint Add-ins on Office 365 or Create a developer site on an existing Office 365 subscription.

Non-Microsoft mobile and native device apps

Non-Microsoft device apps, including mobile apps, use SharePoint REST/OData APIs for CRUD operations on SharePoint data.

For more information about how to create mobile apps for any platform, see Build mobile apps for other platforms using SharePoint.

Windows Phone apps that access SharePoint

Windows Phone apps can use one of the following:

  • The .NET SharePoint client-side object model (CSOM) version specifically for Windows Phone devices.

  • The SharePoint REST/OData APIs.

These mobile apps can take advantage of the support in SharePoint for the Microsoft Push Notification service and a new geolocation field type.

For more about creating Windows Phone apps that access SharePoint, see Build Windows Phone apps that access SharePoint.

Web applications that don't start from SharePoint

Web applications that don't start from SharePoint are not strictly "SharePoint Add-ins," although they're sometimes counted as SharePoint Add-ins in MSDN and other docs. These apps include, among others, ones that run from the Office 365 app launcher and Office Add-ins, as well as any web applications that are run directly from a browser.

You can build these apps on the ASP.NET platform or a non-Microsoft stack. If you build your web application on a non-Microsoft stack, it does CRUD operations with the REST/OData APIs, just as a non-Microsoft device app. If you build it on ASP.NET it can use the SharePoint CSOM or the REST/OData APIs.

These apps gain authorized access to SharePoint data by using access tokens that are issued by the Azure Control Service (ACS) in compliance with the OAuth Authentication Code flow. For more, see Authorization Code OAuth flow for SharePoint Add-ins.


Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the hostname (which is not impacted by this retirement). For more information, see Impact of Azure Access Control retirement for SharePoint Add-ins.