Best approach for handling SharePoint document uploads and environment switching (sandbox → production) in Code Apps?

[lorenzotrcnl]

Hi, I’m working on a Custom Code App (client-side) and I’d like to ask for guidance on the best current approach for a specific real-world scenario.

---

Use case

In my app, users need to:

• upload and manage files
• store those files in a SharePoint document library

I also need to support:

• a sandbox environment
• a production environment

So the requirement is:

• in sandbox → files go to a sandbox SharePoint document library
• in production → files go to a production SharePoint document library

And ideally:

• after deploying the solution via Power Platform Pipelines, the app should automatically point to the correct SharePoint environment (no manual changes)

---

Current approach I’m considering

One idea I had was:

• use SharePoint REST APIs
• authenticate using client credentials (client_id + client_secret)
• handle file uploads directly from the app

---

Questions

1. Is this approach (client credentials + SharePoint REST from a client-side Code App) actually viable/recommended?
   I’m concerned about how to securely manage the client_secret in a client-side app.

2. What is the recommended pattern today for this use case?
   Specifically:

   • handling file uploads to SharePoint
   • keeping environments (sandbox vs production) properly separated
   • ensuring correct endpoints after deployment

3. How should environment-specific configuration be handled?

   • Should I use environment variables inside the solution for SharePoint URLs?
   • Do Code Apps support this pattern reliably across environments?

4. Is a backend/proxy layer required in practice?
   (e.g. an API that handles authentication and calls SharePoint on behalf of the client)

---

Any guidance, examples, or recommended patterns would be really helpful. Thanks!