Build with Riff

Access

Manage access to your app, including advanced access control

What it is: Access controls who can use your app and individual pages/APIs, with support for authentication requirements and domain whitelisting.

How to access:

  • Toggle page/API authentication: Click the three dots next to any page or API in the Code Editor

Key features:

  • Page-level auth: Require login for specific pages

  • API-level auth: Protect backend endpoints

  • Stack Auth integration: Built-in user authentication

  • Visual indicators: Shield icons show protected pages/APIs

  • Domain whitelisting: Restrict access to specific email domains (advanced)

How to use:

  1. New pages and APIs are protected by default (shield icon visible)

  2. Click the three dots next to a page/API to toggle authentication

  3. Unprotected pages/APIs are accessible to anyone

  4. Protected pages require users to sign in

Authentication pages:

  • /auth/sign-in - User login

  • /auth/sign-up - New user registration

  • /auth/account-settings - User profile management

  • /auth/sign-out - Logout

Tips:

  • Keep admin pages and sensitive APIs protected

  • Public landing pages should have authentication disabled

  • OAuth login (Google, GitHub) must be tested in a new tab, not the iframe preview

  • The shield icon in the sidebar indicates protection status

PreviousSecretsNextCode Editor

Last updated

Was this helpful?