Search the SharePoint recycle bin. Restore anything. Delete nothing.

Undelete365 is a web part that makes your site's recycle bin searchable and restorable — and it contains no code path that can permanently delete anything. That isn't a promise; it's a check the build fails without.

v1.21.1 · zero API permissions · runs as the signed-in user

0
API permissions requested — visible in your App Catalog before you approve
3
network endpoints the application code makes — two reads, one restore
1
checker included with every purchase to verify that yourself

The problem

One deleted file. Nine thousand rows. No search box.

SharePoint's built-in recycle bin can't search or filter. It's one long list, sorted by deletion date — so finding the file someone deleted "sometime last month, I think it had budget in the name" means paging through everything deleted since then, by hand.

Undelete365 puts a search box, filters (name, original location, who deleted it, item type, date), and multi-select restore on top of the same bin — nothing more.

How it works

Four steps, one of which is a confirmation dialog

01
Search & filter
By name, original path, item type, who deleted it, and date range — across both bin stages.
02
Select
Tick one item or fifty. Folders restore with their contents.
03 · Confirm — the dialog shows exactly where each item goes
04
Restored
Items go back to their original location. A name conflict fails safely: the item stays in the bin, untouched, with the reason shown.
There is no step five. No purge, no "empty bin," no permanent delete — the buttons don't exist because the code paths don't.

The safety audit

Don't trust us. Check.

Every network call the application code makes lives in one file. Here is the complete list — the same table as the README, "destructive?" column intact.

CallMethodDestructive?
…/_api/site/GetRecycleBinItemsPOSTNo — read only
…/_api/site/RecycleBin?$top=NGETNo — read only
…/_api/site/RecycleBin/RestoreByIdsPOSTNo — reversible

No other endpoint is ever called by the application code. None of SharePoint's recycle-bin removal endpoints (DeleteByIds, EmptyRecycleBin, …) appear anywhere — not in source, not in the compiled bundle, not built from strings.

$ node verify-compiled-package.js extracted/
compiled package — 0 destructive calls
VERIFICATION PASSED

Every purchase includes verify-compiled-package.js — a dependency-free script that checks exactly what you were sent, not what you're asked to trust.

Delegated, not elevated. Users can only see and restore what they could already see and restore by hand in SharePoint's own recycle bin. Second-stage access follows SharePoint's own rule — site collection admins only.
Fully auditable. Every restore lands in the Microsoft 365 audit log under the acting user's own name. The tool adds no separate identity to hide behind.
Scoped to your tenant. Each purchase is built for the specific tenant you bought it for — it won't load if forwarded elsewhere.
Typical recycle-bin utilities
Separate app outside SharePoint — deleted-item metadata is downloaded and indexed elsewhere
Ship bulk "empty recycle bin" operations — real delete powers, tenant-wide
Subscription pricing — pay every year to keep access
Undelete365
Runs in-page as the signed-in user — nothing leaves SharePoint
No delete code path exists — enforced by the build, verifiable by you
€249 once, per tenant — all updates included

Who it's for

M365 & SharePoint admins

Approve it once in the App Catalog knowing exactly what it can and can't do — the permissions screen and the safety check are your evidence, not our word.

MSPs & consultancies

Hand your client's security team the network-call table and the checker script. The justification memo writes itself.

Site owners

Find the file someone deleted last week and put it back — without opening a ticket or paging through the bin by hand.

Get started

Ready on your tenant in about a minute

  1. 1Buy below — checkout is handled by Mollie.
  2. 2Your license package (undelete365.sppkg + the verifier script), built specifically for your tenant, is ready instantly on the confirmation page.
  3. 3Upload it to your tenant App Catalog — or a site collection app catalog to scope it to one site. The upload screen confirms: no API permissions requested.
  4. 4Add the app to a site, then add the web part to any modern page.
Pricing
€249 one-time · per tenant
Every site collection, every user, all updates — paid once. About the price of a single year of a subscription tool.

FAQ

The questions you should be asking

Can this permanently delete anything?

No. The application code contains exactly three network calls — two reads and one restore. None of SharePoint's removal endpoints appear in the source or the compiled bundle, and the included verify-compiled-package.js checks that against what you actually received. Restoring is itself reversible: re-deleting the item puts it back in the bin.

What permissions does it need?

None to configure. It requests zero API permissions and uses the signed-in user's existing SharePoint session. Users can only see and restore what they could already see and restore in SharePoint's own recycle bin UI.

Why is my package specific to my tenant?

Each purchase is built to load its code only for the tenant it was bought for — so it can't be casually forwarded to a different company and just work there. It doesn't change what the app can do or what data it touches, only where its compiled code is allowed to load from.

Why does the second-stage bin require site collection admin?

That's SharePoint's rule, not ours — the second-stage (site collection) bin is admin-only by design. The web part doesn't elevate anyone: non-admins get a 403 from SharePoint, and the tab is simply hidden for them.

What happens on a name conflict when restoring?

The restore for that item fails safely. Nothing is overwritten; the item stays in the recycle bin, untouched, and the list shows you the reason so you can rename or move the conflicting file first.

Does it work on classic sites?

SPFx web parts only run on modern pages. On a classic-only site you can still use it via SharePoint's built-in hosted workbench (/_layouts/15/workbench.aspx) — same permissions model, no extra risk.