Modern App Development - Low Code

Low-code platforms enable you to build, test, and deploy enterprise apps faster than traditional hand-coding. These platforms are well suited for building opportunistic apps in collaboration with business stakeholders, building data reporting and analysis apps, extending SaaS apps, and modernizing legacy apps.

A low-code platform frees you to focus on solving your business problem instead of confronting the complexities of traditional development. These complexities include data visualization, data collection, data analytics, security, accessibility, performance, and globalization. A low-code platform significantly alleviates these complexities and dramatically reduces the amount of code you maintain.

Oracle Application Express (APEX) is a low-code platform that provides you with high-level components, such as forms, charts, and UI widgets. APEX also provides common design patterns through an intuitive graphical development environment. Apps developed using APEX can access local data via SQL and integrate with external services using REST APIs. Additionally, you can publish the functionality you develop in APEX as REST APIs for external consumption.

Design Principles

When implementing a low-code pattern, use the following Modern App Development design principles:
  • Use fully managed services to eliminate complexity in app development, runtimes and data management

    Use a fully-managed service, such as Oracle APEX on Oracle Autonomous Database, to simplify deployment and operation of your scalable, secure, and performant low-code app. In addition, the capabilities of Oracle Autonomous Database, such as Oracle Data Guard, ensure that your low-code app can be made available 24/7/365.

  • Automate build, test, and deployment

    Use the OCI Resource Manager to automate the provisioning of Oracle Autonomous Databases and APEX environments. Use Oracle SQL Developer Command Line (SQLcl) with Liquibase to automate the deployment of changes to your data model.

  • Keep the app tier stateless

    Oracle APEX apps are stateless because all their state is persisted in the database. This approach provides strong transactional guarantees and makes it easy for your apps to fail over and be backed up so that they can recover from failure easily.

  • Use multi-model databases with full featured support across all your data

    Your app can use data in a variety of formats, such as tabular (relational), unstructured, XML, JSON, spatial, and graph. Integrated text search, fuzzy matching, analytics, and machine learning facilitate advanced apps. With Oracle APEX on Oracle Autonomous Database, you can use transactions to guarantee consistency and isolation for all data formats. You can also protect sensitive data by using the security features of Oracle Data Safe, such as access control and data masking.

  • Eliminate single point of failure though automated data replication and failure recovery

    APEX on Oracle Autonomous Database is deployed using a highly-available architecture. You can further increase the availability of your apps by using Autonomous Data Guard to enable seamless failover.

  • Implement a defense-in-depth approach to secure the app lifecycle

    Use OCI Identity and Access Management (IAM) to control access to your APEX apps. Assign an authorization scheme to your APEX app (and its components) to enforce access control based on user role or privilege. Use the built-in declarative capabilities of APEX to handle Session State Protection (SSP) and item-level encryption to protect your apps and data. Use bind variables in SQL queries to prevent against SQL injection. Configure app-appropriate timeouts to ensure that inactive sessions are automatically terminated. Run the built-in APEX Advisor to detect potential security concerns, such as unprotected pages, items, and buttons. Use declarative escaping and programmatic escaping APIs to guard against cross-site scripting (XSS).


This architecture is recommended for low-code app development and deployment. It uses Oracle APEX on Oracle Autonomous Database, which comes prepackaged with Oracle REST Data Services; you can publish REST APIs to interact with the data in your database.

Description of low-code-arch.png follows
Description of the illustration low-code-arch.png

The architecture leverages gateways and load balancers to isolate the Autonomous Database in a separate private subnet. A NAT gateway is used to consume external REST APIs securely.

Non-Recommended Architectures

Low-code platforms should be the pattern of choice for building visual apps centered around structured data. Citizen and LOB developers can leverage such platforms effectively, reduce complexity, and increase agility. Using traditional app development in these scenarios exposes you to numerous complexities including security, accessibility, efficient data access, performance, and globalization.

Example Use Cases

Examples of low-code development include:
  • Opportunistic Apps

    When a new business opportunity emerges, often a new application needs to be built quickly. Organizations have a huge backlog of apps that are required to meet changing business needs and remain competitive. This backlog can be poorly defined, and business priorities might change rapidly, so the apps must be fast to build and easy to update as required. Such apps can be easily built and maintained using APEX.

  • Data Reporting and Analysis

    Obtaining a complete, accurate picture across an organization, or even within a department, is often challenging. Data is held in numerous systems, existing reports are limited and don't always provide the detail needed to make informed business decisions. It’s hard to limit who can see what and avoid data breaches and running canned reports can take hours. Using APEX and its extensive reporting and data visualization capabilities makes developing appropriate dashboards for various user communities far simpler.

  • SaaS and EBS Extensions

    ERP systems provide extensive functionality but they don't always provide the specific reports that you need or might be missing functionality that’s specific to your industry or your organization. You might also have common business processes that take too many steps to complete, making them inefficient. In such cases, building an extension using APEX can deliver the appropriate information or greatly improve productivity and user experience.

  • Legacy App Modernization

    Oracle Forms apps often provide an out-of-date client/server user experience. These legacy apps often have usability and accessibility issues, have difficulties working with various browsers, and aren’t mobile friendly. Oracle APEX is the clear platform of choice for easily transitioning Oracle Forms apps to modern web apps. The same stored procedures and PL/SQL packages work natively in APEX, making it a breeze to develop.

  • Spreadsheet Replacement

    Almost every organization uses spreadsheets to disseminate and report on data. Why? Because spreadsheets are so easy to create. Anyone can put together a spreadsheet when they have the data. After they are created, spreadsheets are often sent it out to colleagues to help update, which inevitably leads to numerous copies with different data and flawed business processes. A far better solution is to have a single source of data stored in a fully secured database with a browser-based app that everyone can use to maintain the data.


  • Authors: Sajan Parihar, Shakeeb Rahman, Marc Sewtz
  • Contributors: Todd Bottger, Matthias Brantner, James Emerson, Bernard Horan, Harshad Kasture, Parvez Syed Mohamed, Joshua Stanley

Change Log

This log lists significant changes: