The Advertising Promise
In the world of software development, low-code and no-code platforms promise a revolution. They enable even those without in-depth programming knowledge to develop, operate and maintain apps. But what does it look like in practice? We put Microsoft's Power Apps to the test and gathered our experience in a real-life project to explore the possibilities and limitations of this technology.
What are Power Apps?
Power Apps is a service from Microsoft that offers users the opportunity to create apps with a web-based user interface editor and operate them as Software-as-a-Service within Azure.
These apps can read and write data from various sources with the help of so-called connectors. Microsoft, particularly, recommends the use of Dataverse, a fully managed relational database that can serve as a database for apps.
Using Power Automate, programme logic can be created graphically in the form of cloud flows and executed and used by an app.
Power Apps offer two different types of app creation: canvas apps, which are very flexible but require manual configuration of each UI element, and model-driven apps, which focus on the data model and provide automated CRUD operations and user interfaces for this data model.
The Project
Our goal was to automate the onboarding process for teams on an API management platform. The aim was to develop a solution that would require as little program code as possible and could be maintained by the relevant departments.
Our Experience
The creation of canvas apps proves to be too complex for non-technical teams and requires almost as much expertise as using a fully-fledged UI framework. For developers, who already have experience with traditional development tools, a full code approach often offers more flexibility and productivity. Therefore, we would not recommend canvas apps in most cases.
Model-driven apps, on the other hand, are well suited for simple UI prototypes or for displaying data in tabular form. They are not the first choice for more complex applications, externally provided user interfaces or sophisticated validation. The business rules options for validating new entries in the Dataverse table were not sufficient. The synchronised start of a validation logic in the form of a cloud flow was also not possible without the use of JavaScript code.
Data management using Dataverse has worked well and frees us from many of the challenges of operating our own database. There are practical 'out of the box' functions, such as row-level security and auditing. This means that you can determine exactly who has access to which data and, if necessary, easily trace who changed what and when.
One unsolved problem is the implementation of an effective migration and backup concept. We were unable to find any recommendations, particularly with regard to the implementation of schema migrations, including data customisation. If such features are of key importance, Power Apps do not appear to be suitable.
The automation of programme logic with cloud flows can facilitate a variety of tasks, especially through the extensive selection of connectors that enable a flexible combination of services in the Microsoft ecosystem. However, there are some important aspects to consider:
1. Simplicity: despite the user-friendly, graphical modelling, there is still plenty of scope for syntax errors, as most connectors use text fields for entering program expressions.
2. Complexity: creation and maintenance can quickly become confusing and difficult to maintain. The level of abstraction of most actions is comparable to that of programme code, which means that even simple logic can quickly lead to extensive graphical representations. This is particularly important when implementing error handling and transaction management.
3. Performance: it may not be the optimal solution for time-critical tasks. Execution times can vary depending on the complexity of the flows and the utilisation of the Microsoft servers, which can lead to delays even with small flows.
4. Security: although Power Automate facilitates data exchange and the execution of actions in various services, security aspects must always be kept in mind. This is particularly important when handling sensitive data or implementing access controls. For users, without an IT background in particular, this can be a challenge and pose a high security risk.
5. Vulnerability to code injection: the use of user input as direct input for connector functions without sufficient validation or sanitisation can lead to security vulnerabilities. Attackers could exploit this to gain unauthorised access to systems, manipulate data or perform other malicious actions. The designers of the flows in the specialist departments are often unable to recognise this risk, and the platform does not provide sufficient tools for input validation or context-specific escaping of inputs. This poses a significant security risk, especially when flows are used in critical business processes. It is therefore crucial that developers and security experts are involved in the process of creating and reviewing flows to minimise such security risks.
Power Apps have some interesting features in the area of testing and deployment, but they also have their limits. It is remarkable that a new build and the deployment process can be carried out with just one click and is surprisingly fast - a new deployment is live within around 10 seconds. There is a basic staging concept, but the functionality is limited. Instead of a continuous deployment pipeline, the process is based on the import and export of projects, also known as solutions.
The platform offers the option of testing cloud flows automatically and also enables UI tests of the app using Selenium. However, it should be noted that such processes can be a challenge for the specialist departments and usually require support from developers.
For observability, Power Apps offer integration with Azure Application Insights and the provision of telemetry data for this purpose. This makes it possible to set up centralised logging, tracing and monitoring for the apps with little effort.
Our Conclusion
Low-code and no-code platforms such as Power Apps definitely have their place in software development and can offer significant advantages in certain scenarios. However, they are not suitable for every project. It is important to understand the limitations and risks of these technologies before deciding to use them.
Power Apps offer advantages, mainly for simple scenarios with structured data and simple operations. However, for more complex requirements, high quality demands or specific validation needs, there are limits.
Our experiences in this project have given us valuable insights and now help us to better evaluate when and how the use of Power Apps can make sense.
