docs
  1. Storefront Hosting
  2. Secure
  3. Http Basic Authentication

HTTP Basic Authentication

Protect your Storefront Application with HTTP Basic Authentication. When enabled, visitors must enter a valid username and password before they can access any route on your storefront.

This is particularly useful for non-production environments - staging, QA, or pre-launch deployments where you want to limit access to authorized users while still serving the application over the internet.

Where to find it

Authentication settings live in Hosting ➜ Settings ➜ Authentication. The configuration is per-environment use the environment selector at the top of the Settings page to switch between environments.

Setting up authentication

  1. Open the Authentication tab.
  2. Click + Set Up Authentication.
  3. Enter the Username and Password that visitors will need to provide. These credentials apply to all routes on the storefront.
  4. Click Save Credentials.

Once saved, all routes on the storefront in the selected environment require these credentials. Visitors see a browser-native authentication prompt when they navigate to any URL.

Changes require redeployment. When you create, update, or remove authentication credentials, the change is saved but won't take effect until your application is redeployed. A banner appears prompting you to redeploy click Deploy and follow the standard deployment flow (see Deployment Actions).

Managing credentials

Once configured, you can:

  • Edit the username or password.
  • Remove the authentication configuration entirely, which re-opens the environment to public access.

Any change requires a redeployment to take effect.