Is it possible to make SharePoint lists accessible cross domain using REST API?

Question

Is it possible to make SharePoint 2013 resources accessible via internet using REST API? Say I want to do CURD with a list from outside of SharePoint. How we can manage credentials for this situation? I've seen some sites (yammer) uses SSO by redirecting users to their company website and get credentials from there. Can we use the same approach with REST API for credentials? If yes, please explain how? (Just the credentials part)

Answer 1

Assuming you have SharePoint on-premise and not 365.

Making a client-side only solution is easy if you use apps (SharePoint hosted), but you would have to deploy the app to SharePoint to be able to do cross-domain request.
Microsoft introduced two main solutions for querying cross-domain, SP.RequestExecutor.js for JSOM and /_api/SP.AppContextSite for REST, but as far as I know both of these require that you have an app hosted in a SharePoint environment. Here you don't need to think about authentication, as long as the app deploys that is handled for you.
If you have a stand-alone web site and you want client-side only communication with SharePoint I'm afraid that OOTB this is not possible. I can think of some solutions, as you can enable cross-domain, get access token for OAuth (might be 365 only) server-side or make your own service on SharePoint which supports CORS or JSONP - but this would be far from OOTB.

If you instead do the communication server-side everything will be much easier. I suggest you try making a Provider-hosted app, you will find this option in Visual Studio when creating apps for SharePoint. Then you set up High trust (S2S) which will let your app use CSOM to communiate with your on-premise SharePoint, authenticated as a user.