🚀Power Tower

When developing canvas applications in Power Apps, we often need to pass external information to the application. This could be a record identifier, a customer code, a user name, or even a token. The easiest way to do this is by using parameters in the URL.

🇪🇸 Leer en español

This post aims to explain:

• How URL parameters work in Power Apps
• What limitations they have in terms of security or aesthetics
• How you can encode and decode parameters using Power Automate
• And how to apply this in a real-world scenario

What are URL parameters in Power Apps?

Power Apps allows you to receive values directly from the app’s access URL. For example, if you publish your app with a URL like this:

https://apps.powerapps.com/play/e/(...)&invoice_id=234

You can access this value (234) within the app by:

Param("invoice_id")

This allows, for example, navigating directly to a screen that displays the data for that invoice.

What is the problem?

Although this functionality is very useful, it has a disadvantage: the value of the parameter is completely exposed in the URL.

This can be problematic for:

• Security (displaying sensitive identifiers)
• Privacy (e.g., personal data)
• Aesthetics (URLs that are not clean or professional)
• Possible manual manipulation of the parameter

The solution: Encoding the value with base64

A simple way to hide the actual value is to encode it using base64. This is not an advanced security technique, but it serves as a layer of hiding that prevents critical data from being displayed directly.

In this approach we will do the following:

1. A first flow encodes the value to be passed as a parameter
2. The Power Apps app reads that encoded value from the URL
3. A second flow is invoked that decodes the base64 value and returns the original data to Power Apps

Step-by-step solution

Step 1: Encode the value

We create a Power Automate flow that receives the original value and returns its base64-encoded version

In the flow:

1. We add a manual trigger that has the original value as a parameter
2. We use the “Compose” action with the expression:

base64(outputs('Original'))

3. We return the value as a response

This approach will return the string “MjM0” for invoice ID “234.”

This Power Automate flow will be the one we call to generate the application URL.

Step 2: Link with encoded parameter

Once encoded, you can generate a URL like this:

https://apps.powerapps.com/play/e/(...)&invoice_id=MjM0

Instead of passing invoice_id=234, we now pass invoice_id=MjM0.

Step 3: Read parameter from Power Apps

Within the application, we will read the “invoice_id” parameter using:

Set(InvoiceParameter,Param("invoice_id"))

This value contains “MjM0” for our example, which is useless on its own, so we will have to decode it in the next step:

Step 4: Decode the parameter in Power Automate

We create a second Power Automate flow, which receives the encoded string and returns its original version.

In the flow:

1. We add a manual trigger that has the encoded value as a parameter.
2. We use the “Compose” action with the expression:

base64ToString(outputs('Original'))

3. We return the value with a “Respond to Power Apps” action.

Finally, from Power Apps, we will call the Power Automate flow as follows:

Set(InvoiceParameter,Param("invoice_id"))
;
Set(InvoiceId; DecoderFlow.Run(InvoiceParameter))

This way, we have already saved the actual invoice value in the InvoiceId variable.

Final result

At the end of the process:

• The user accesses the app with a URL that does not directly expose the data
• PowerApps receives the encoded value and calls a flow to decode it
• The invoice_id is obtained and used within the app as if it had been passed in clear text

Where to apply it?

This pattern is very useful in:

• Direct navigation from automated emails.
• Apps shared between users with partial visibility
• Integrations with external systems that can only pass parameters via URL
• Any other situation where you don’t want to expose internal IDs or logical values

Conclusion

Working with URL parameters in Power Apps is powerful, but like everything else, it can be improved. This small pattern based on base64 and Power Automate allows you to better protect your application and maintain a more professional experience.