Call a React Component with TypeScript and Zod: A Step-by-Step, Production-Ready Pattern

The fastest way to call a component in React is to render it via JSX and pass strictly typed props. This article shows how to call a component in React with TypeScript and Zod so you get compile-time and runtime safety, clear state management, and production-ready patterns.

The Problem

Developers often "call" (render) a component without strict typing or validation, leading to runtime bugs, unclear state, and hard-to-test UI.

Prerequisites

Node.js 20+, pnpm or npm, React 19, TypeScript 5+, Zod 3+, a modern browser. Ensure tsconfig has strict: true.

The Solution (Step-by-Step)

Step 1: Bootstrap a minimal TypeScript + React app

// package.json (excerpt) - ensures React 19 and strict TS
{
  "name": "react-call-component-ts",
  "private": true,
  "type": "module",
  "scripts": {
    "dev": "vite",
    "build": "tsc -b && vite build",
    "preview": "vite preview"
  },
  "dependencies": {
    "react": "^19.0.0",
    "react-dom": "^19.0.0",
    "zod": "^3.22.0"
  },
  "devDependencies": {
    "typescript": "^5.6.0",
    "vite": "^5.0.0",
    "@types/react": "^18.3.0",
    "@types/react-dom": "^18.3.0"
  }
}

// tsconfig.json - strict mode enabled for maximum safety
{
  "compilerOptions": {
    "target": "ES2022",
    "lib": ["ES2022", "DOM"],
    "jsx": "react-jsx",
    "module": "ESNext",
    "moduleResolution": "Bundler",
    "strict": true,
    "noFallthroughCasesInSwitch": true,
    "noUncheckedIndexedAccess": true,
    "skipLibCheck": true
  },
  "include": ["src"]
}

Step 2: Create a strictly typed child component with runtime validation

// src/components/Greeting.tsx
import React, { memo } from "react";
import { z } from "zod";

// 1) Define compile-time props shape via TypeScript
export type GreetingProps = {
  name: string;                 // Required user name
  mode: "friendly" | "formal";  // Discriminated literal union for behavior
};

// 2) Define runtime schema using Zod for additional safety in production
const greetingPropsSchema = z.object({
  name: z.string().min(1, "name is required"),
  mode: z.union([z.literal("friendly"), z.literal("formal")])
});

// 3) React.memo to avoid unnecessary re-renders when props are stable
export const Greeting = memo(function Greeting(props: GreetingProps) {
  // Validate props at runtime to fail fast in dev and log issues in prod
  const result = greetingPropsSchema.safeParse(props);
  if (!result.success) {
    // Render a small fallback and log schema errors for debugging
    console.error("Greeting props invalid:", result.error.format());
    return Invalid greeting config;
  }

  // Safe, parsed props
  const { name, mode } = result.data;

  // Render based on discriminated union value
  if (mode === "friendly") {
    return 
Hi, {name}! Welcome back.
;
  }
  return 
Hello, {name}. It is good to see you.
;
});

Explanation: We "call" a component in React by placing it in JSX like <Greeting name="Sam" mode="friendly" />. The TypeScript type enforces correct usage at compile time; Zod enforces it at runtime.

Step 3: Manage parent state with discriminated unions and render the child

// src/App.tsx
import React, { useEffect, useState } from "react";
import { Greeting } from "./components/Greeting";

// Discriminated union for page state: guarantees exhaustive checks
type PageState =
  | { kind: "loading" }
  | { kind: "ready"; userName: string }
  | { kind: "error"; message: string };

export function App() {
  const [state, setState] = useState({ kind: "loading" });

  // Simulate fetching the current user, then set ready state
  useEffect(() => {
    const timer = setTimeout(() => {
      // In a real app, replace with a fetch call and proper error handling
      setState({ kind: "ready", userName: "Sam" });
    }, 300);
    return () => clearTimeout(timer);
  }, []);

  // Render different UI based on discriminated union state
  if (state.kind === "loading") {
    return 
Loading…
;
  }
  if (state.kind === "error") {
    return 
Error: {state.message}
;
  }

  // Key line: this is how you "call" (render) the component with props
  return (
    

      
Dashboard
      

      {/* Rendering a list of components safely */}
      {(["Ada", "Linus", "Grace"] as const).map((n) => (
        
      ))}
    
  );
}

Step 4: Mount the app

// src/main.tsx
import React from "react";
import { createRoot } from "react-dom/client";
import { App } from "./App";

const container = document.getElementById("root");
if (!container) throw new Error("Root container missing");

createRoot(container).render(
  // StrictMode helps surface potential issues
  
    
  
);

Best Practices & Security

Pro-Tip: Use React.memo for presentational components to avoid unnecessary re-renders.

Pro-Tip: Use discriminated unions for UI state to guarantee exhaustive handling and safer refactors.

Pro-Tip: Validate at runtime with Zod for boundary inputs (API responses, query params, environment-driven config).

Pro-Tip: Prefer useCallback and stable prop shapes when passing callbacks to memoized children.

Pro-Tip: Keep components pure; avoid hidden side effects inside render logic.

Security note (front-end): Do not embed secrets in the client. If you integrate with Azure or any backend, call a secured API instead of accessing resources directly from the browser.

Security note (Azure backend integration): Use Managed Identity and DefaultAzureCredential in the server/API, not the frontend. Grant the server's managed identity least-privilege RBAC roles only. Example: for Azure Storage reads, assign Storage Blob Data Reader to the API identity at the specific container scope.

Security note (data flow): Validate user input and API responses at the edge (API) with Zod or similar, then keep the front-end strictly typed.

Summary

• You call a component in React by rendering it in JSX with strictly typed, validated props.

• Discriminated unions make UI state predictable, and React.memo boosts performance.

• For real backends, keep secrets server-side, use Managed Identity with least-privilege RBAC, and validate at the edge.

Testing Quickstart

Test a component render with React Testing Library

// src/components/Greeting.test.tsx
import React from "react";
import { render, screen } from "@testing-library/react";
import "@testing-library/jest-dom";
import { Greeting } from "./Greeting";

test("renders friendly greeting", () => {
  render(<Greeting name="Sam" mode="friendly" />);
  expect(screen.getByText(/Hi, Sam!/)).toBeInTheDocument();
});

test("renders formal greeting", () => {
  render(<Greeting name="Ada" mode="formal" />);
  expect(screen.getByText(/Hello, Ada\./)).toBeInTheDocument();
});

This test verifies the component is "called" with valid props and renders deterministic output. For invalid props, assert that the fallback appears and console error is triggered.

Dataverse CRUD with a .NET 8 Console App using Managed Identity, DI, and Polly

Dataverse CRUD with a .NET 8 console app: this guide shows how to build a production-ready C# application that performs create, read, update, and delete operations against Microsoft Dataverse using Dependency Injection, DefaultAzureCredential, resilient retries (Polly), and clean configuration. You get copy-pasteable code, least-privilege security guidance, and optional Azure Container Apps + Key Vault deployment via azd/Bicep.

The Problem

You need a reliable way to run Dataverse CRUD from a console app without hardcoded secrets, avoiding static helpers, and ensuring the code is cloud-ready and testable. Many examples skip DI, retries, and security, leading to brittle apps.

Prerequisites

.NET 8 SDK, Azure CLI v2.58+, Azure Developer CLI (azd) v1.9+, Power Platform tooling access to create an Application User in Dataverse mapped to your app's Service Principal or Managed Identity, A Dataverse environment URL (e.g., https://yourorg.crm.dynamics.com)

The Solution (Step-by-Step)

1) Project setup and configuration

Create a new console app and add packages.

// Bash: create project and add packages
 dotnet new console -n DataverseCrud.Console --framework net8.0
 cd DataverseCrud.Console
 dotnet add package Microsoft.PowerPlatform.Dataverse.Client --version 1.1.27
 dotnet add package Azure.Identity --version 1.11.3
 dotnet add package Polly.Extensions.Http --version 3.0.0
 dotnet add package Microsoft.Extensions.Http.Polly --version 8.0.1

Add appsettings.json for configuration (no secrets).

{
  "Dataverse": {
    "OrganizationUrl": "https://yourorg.crm.dynamics.com",
    "ApiVersion": "v9.2", 
    "DefaultTableLogicalName": "account"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning"
    }
  }
}

Pro-Tip: Keep ApiVersion configurable so you can upgrade Dataverse API without code changes.

2) Implement the Generic Host with DI, typed options, and retry policies

Program.cs uses file-scoped namespaces, DI, and structured logging via Microsoft.Extensions.Logging. Polly adds resilient retries for transient failures.

using System.Net.Http.Headers;
using Azure.Core;
using Azure.Identity;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Polly;
using Polly.Extensions.Http;
using Microsoft.PowerPlatform.Dataverse.Client;

namespace DataverseCrud.ConsoleApp;

// Options record for strongly-typed config
public sealed record DataverseOptions(string OrganizationUrl, string ApiVersion, string DefaultTableLogicalName);

// Abstraction for testability
public interface IDataverseRepository
{
    // CRUD signatures using basic types for clarity
    Task<Guid> CreateAsync(string tableLogicalName, IDictionary<string, object> attributes, CancellationToken ct);
    Task<Dictionary<string, object>?> RetrieveAsync(string tableLogicalName, Guid id, string columnsCsv, CancellationToken ct);
    Task UpdateAsync(string tableLogicalName, Guid id, IDictionary<string, object> attributes, CancellationToken ct);
    Task DeleteAsync(string tableLogicalName, Guid id, CancellationToken ct);
}

// Concrete repository using ServiceClient
public sealed class DataverseRepository(IOptions<DataverseOptions> options, ILogger<DataverseRepository> logger, ServiceClient serviceClient) : IDataverseRepository
{
    private readonly DataverseOptions _opt = options.Value;
    private readonly ILogger<DataverseRepository> _logger = logger;
    private readonly ServiceClient _client = serviceClient;

    // Create a row in Dataverse
    public async Task<Guid> CreateAsync(string tableLogicalName, IDictionary<string, object> attributes, CancellationToken ct)
    {
        // Convert to Entity representation
        var entity = new Microsoft.Xrm.Sdk.Entity(tableLogicalName);
        foreach (var kvp in attributes)
            entity.Attributes[kvp.Key] = kvp.Value;

        var id = await _client.CreateAsync(entity, ct).ConfigureAwait(false);
        _logger.LogInformation("Created {Table} record with Id {Id}", tableLogicalName, id);
        return id;
    }

    // Retrieve a row with selected columns
    public async Task<Dictionary<string, object>?> RetrieveAsync(string tableLogicalName, Guid id, string columnsCsv, CancellationToken ct)
    {
        var columns = new Microsoft.Xrm.Sdk.Query.ColumnSet(columnsCsv.Split(',', StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries));
        var entity = await _client.RetrieveAsync(tableLogicalName, id, columns, ct).ConfigureAwait(false);
        if (entity == null)
        {
            _logger.LogWarning("Entity not found: {Table}/{Id}", tableLogicalName, id);
            return null;
        }
        return entity.Attributes.ToDictionary(k => k.Key, v => v.Value);
    }

    // Update specific attributes
    public async Task UpdateAsync(string tableLogicalName, Guid id, IDictionary<string, object> attributes, CancellationToken ct)
    {
        var entity = new Microsoft.Xrm.Sdk.Entity(tableLogicalName) { Id = id };
        foreach (var kvp in attributes)
            entity.Attributes[kvp.Key] = kvp.Value;

        await _client.UpdateAsync(entity, ct).ConfigureAwait(false);
        _logger.LogInformation("Updated {Table} record {Id}", tableLogicalName, id);
    }

    // Delete a row
    public async Task DeleteAsync(string tableLogicalName, Guid id, CancellationToken ct)
    {
        await _client.DeleteAsync(tableLogicalName, id, ct).ConfigureAwait(false);
        _logger.LogInformation("Deleted {Table} record {Id}", tableLogicalName, id);
    }
}

public class Program
{
    public static async Task Main(string[] args)
    {
        using var host = Host.CreateApplicationBuilder(args);

        // Bind options from configuration
        host.Services.AddOptions<DataverseOptions>()
            .Bind(host.Configuration.GetSection("Dataverse"))
            .ValidateDataAnnotations()
            .Validate(opt => !string.IsNullOrWhiteSpace(opt.OrganizationUrl) && !string.IsNullOrWhiteSpace(opt.ApiVersion));

        host.Services.AddLogging(builder =>
        {
            builder.AddSimpleConsole(o =>
            {
                o.TimestampFormat = "yyyy-MM-dd HH:mm:ss ";
                o.SingleLine = true;
            });
        });

        // Configure resilient HTTP with Polly for Dataverse traffic
        host.Services.AddHttpClient("dataverse")
            .SetHandlerLifetime(TimeSpan.FromMinutes(5))
            .AddPolicyHandler(GetRetryPolicy());

        // Register ServiceClient using DefaultAzureCredential (prefers Managed Identity in Azure)
        host.Services.AddSingleton(sp =>
        {
            var opts = sp.GetRequiredService<IOptions<DataverseOptions>>().Value;
            var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions
            {
                // In production on Azure Container Apps/VMs, Managed Identity will be used.
                // Locally, DeveloperCredential/VisualStudioCredential will be used.
                ExcludeManagedIdentityCredential = false
            });

            var svc = new ServiceClient(new Uri(opts.OrganizationUrl), credential, useUniqueInstance: true, useWebApi: true);
            // Configure ServiceClient API version if supported/necessary by environment
            svc.SdkVersion = opts.ApiVersion; // Documented: keep version configurable
            return svc;
        });

        host.Services.AddSingleton<IDataverseRepository, DataverseRepository>();

        var app = host.Build();

        // Execute a CRUD flow
        var logger = app.Services.GetRequiredService<ILogger<Program>>();
        var repo = app.Services.GetRequiredService<IDataverseRepository>();
        var cfg = app.Services.GetRequiredService<IOptions<DataverseOptions>>().Value;

        using var cts = new CancellationTokenSource(TimeSpan.FromMinutes(2));

        try
        {
            // 1) Create
            var accountId = await repo.CreateAsync(cfg.DefaultTableLogicalName, new Dictionary<string, object>
            {
                ["name"] = "Contoso (Console App)",
                ["telephone1"] = "+1-425-555-0100"
            }, cts.Token);

            // 2) Retrieve
            var data = await repo.RetrieveAsync(cfg.DefaultTableLogicalName, accountId, "name,telephone1", cts.Token);
            logger.LogInformation("Retrieved: {Data}", string.Join("; ", data!.Select(kv => $"{kv.Key}={kv.Value}")));

            // 3) Update
            await repo.UpdateAsync(cfg.DefaultTableLogicalName, accountId, new Dictionary<string, object>
            {
                ["telephone1"] = "+1-425-555-0101"
            }, cts.Token);

            // 4) Delete
            await repo.DeleteAsync(cfg.DefaultTableLogicalName, accountId, cts.Token);

            logger.LogInformation("CRUD flow completed successfully.");
        }
        catch (Exception ex)
        {
            logger.LogError(ex, "Failure during CRUD flow");
            Environment.ExitCode = 1;
        }

        await app.StopAsync();
    }

    // Exponential backoff for transient HTTP 5xx/429 responses
    private static IAsyncPolicy<HttpResponseMessage> GetRetryPolicy() =>
        HttpPolicyExtensions
            .HandleTransientHttpError()
            .OrResult(r => (int)r.StatusCode == 429)
            .WaitAndRetryAsync(5, retryAttempt => TimeSpan.FromSeconds(Math.Pow(2, retryAttempt)));
}

Pro-Tip: Add structured properties to logs (e.g., table, id) for easier querying in Application Insights.

3) Dataverse authentication without secrets

The ServiceClient uses DefaultAzureCredential, which in Azure will use Managed Identity. In local development, it falls back to developer credentials. You must create an Application User in Dataverse mapped to the Service Principal or Managed Identity and assign the least-privilege Dataverse security role needed for CRUD on targeted tables.

Pro-Tip: Scope Dataverse privileges to only the tables and operations your app requires.

4) Optional: Run in Azure Container Apps with Managed Identity (IaC via azd/Bicep)

If you want to run this console app on a schedule or on-demand in Azure, deploy to Azure Container Apps with a System-Assigned Managed Identity. Use Key Vault to hold non-secret config like OrganizationUrl and ApiVersion for central governance.

// azure.yaml for azd (simplified)
name: dataverse-crud
metadata:
  template: dataverse-crud
services:
  app:
    project: ./
    language: dotnet
    host: containerapp
    docker:
      path: ./Dockerfile
      context: ./

// main.bicep (simplified): Container App + Key Vault + MI and RBAC
param location string = resourceGroup().location
param appName string = 'dataverse-crud-app'
param kvName string = 'dvcrud-kv-${uniqueString(resourceGroup().id)}'

resource kv 'Microsoft.KeyVault/vaults@2023-07-01' = {
  name: kvName
  location: location
  properties: {
    tenantId: subscription().tenantId
    sku: { family: 'A', name: 'standard' }
    accessPolicies: [] // Use RBAC rather than access policies
    enableRbacAuthorization: true
  }
}

resource caEnv 'Microsoft.App/managedEnvironments@2023-05-01' = {
  name: 'dvcrud-env'
  location: location
}

resource app 'Microsoft.App/containerApps@2023-05-01' = {
  name: appName
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    managedEnvironmentId: caEnv.id
    template: {
      containers: [
        {
          name: 'app'
          image: 'ghcr.io/yourrepo/dataverse-crud:latest'
          env: [
            // Pull configuration from Key Vault via secrets or set as plain env if non-secret
            { name: 'Dataverse__OrganizationUrl', value: 'https://yourorg.crm.dynamics.com' },
            { name: 'Dataverse__ApiVersion', value: 'v9.2' },
            { name: 'Dataverse__DefaultTableLogicalName', value: 'account' }
          ]
        }
      ]
    }
  }
}

// Grant the Container App's Managed Identity access to Key Vault secrets if used for configuration
resource kvAccess 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
  name: guid(kv.id, 'kv-secrets-user', app.name)
  scope: kv
  properties: {
    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6') // Key Vault Secrets User
    principalId: app.identity.principalId
    principalType: 'ServicePrincipal'
  }
}

Azure RBAC roles used here: Key Vault Secrets User on the vault to read secrets if you store any configuration as secrets. The Container App requires no additional Azure RBAC to call Dataverse; it authenticates via its Managed Identity to Entra ID, and Dataverse access is governed by the Application User and Dataverse security role assignments.

Pro-Tip: Prefer System-Assigned Managed Identity for lifecycle simplicity unless you need identity reuse across apps, in which case use a User-Assigned Managed Identity.

5) Testing and mocking

Abstract your repository behind IDataverseRepository to unit test business logic without hitting Dataverse. For integration tests, use a test environment with a restricted Dataverse security role.

// Example unit test using a fake repository
public sealed class FakeRepo : IDataverseRepository
{
    public List<string> Calls { get; } = new();
    public Task<Guid> CreateAsync(string t, IDictionary<string, object> a, CancellationToken ct) { Calls.Add("create"); return Task.FromResult(Guid.NewGuid()); }
    public Task<Dictionary<string, object>?> RetrieveAsync(string t, Guid id, string cols, CancellationToken ct) { Calls.Add("retrieve"); return Task.FromResult<Dictionary<string, object>?>(new()); }
    public Task UpdateAsync(string t, Guid id, IDictionary<string, object> a, CancellationToken ct) { Calls.Add("update"); return Task.CompletedTask; }
    public Task DeleteAsync(string t, Guid id, CancellationToken ct) { Calls.Add("delete"); return Task.CompletedTask; }
}

Pro-Tip: Use dependency injection to pass a fake or mock implementation into services that depend on IDataverseRepository.

Best Practices & Security

Authentication and secrets: Use DefaultAzureCredential. Do not embed client secrets or connection strings. In Azure, rely on Managed Identity. Locally, authenticate via developer credentials.

Dataverse permissions: Assign a least-privilege Dataverse security role to the Application User (e.g., CRUD on specific tables only). Avoid granting environment-wide privileges.

Azure RBAC: If using Key Vault, grant only the Key Vault Secrets User role to the app’s Managed Identity. Do not grant Owner or Contributor without justification.

Resilience: The Polly retry policy handles 5xx/429 responses with exponential backoff; tune retry counts/timeouts per SLOs.

Observability: Use Microsoft.Extensions.Logging with structured state for IDs and table names. Forward logs to Application Insights via the built-in provider when running in Azure.

Configuration hygiene: Keep OrganizationUrl, ApiVersion, and default table logical names in configuration. Validate options at startup.

Token reuse: DefaultAzureCredential and underlying token providers cache tokens. Avoid recreating credentials per request; register ServiceClient as a singleton as shown.

Pro-Tip: For read-only operations at scale, prefer the Web API with select columns and server-side paging; avoid retrieving full records when not needed.

Summary

• You built a .NET 8 console app that performs Dataverse CRUD using DI, DefaultAzureCredential, and Polly retries.

• Security is hardened with Managed Identity, least-privilege Dataverse roles, and optional Azure RBAC for Key Vault.

• The solution is production-ready, testable, and configurable, with an optional path to deploy on Azure Container Apps via azd/Bicep.

Next step: map your Managed Identity or app registration to a Dataverse Application User, assign a minimal security role, and run the CRUD flow against your target tables.