When installing SharePoint Framework solutions, SharePoint shows you the URLs of external scripts used by the solution. But it doesn't show all of them, so be careful what solutions you allow to run unrestricted in your tenant.
Communicating with SharePoint Online using an app-only access token is invaluable when building non-interactive applications. Here is how you can get an Azure AD app-only access token in .NET Core. SharePoint Online authentication protocols When building solutions for SharePoint, before you are allowed to communicate with SharePoint your application must