Restrict access to your app without passwords Starting at $0/mo.

Share with Trusted Audience

Do you want your application to be available only to developers, clients or early adopters? Just specify email addresses of users that should be allowed access. Access tokens are sent to emails entered by visitors and only owners of allowed emails are granted access.

No More Passwords

Access tokens remove the need for site-specific passwords. Forget about creating, securing, distributing and updating passwords. Simply add an email address to grant access, delete the address to revoke access.

Convenient Admin UI

An admin web interface allows to specify fine-grained access control rules based on paths of resources. If you want, some locations can be left open.

Painless Setup

Enable the authorization with three lines of config, there is no need to modify application code. Node.js, Rails and Ruby Rack based applications are supported.

Region Availability

The available application locations for this add-on are shown below, and depend on whether the application is deployed to a Common Runtime region or Private Space. Learn More

  • Common Runtime
  • Private Spaces
Region Available
United States Available
Europe Available
Region Available Installable in Space

Plans & Pricing

    • Users 1
    • Admin web interface
    • Open locations
    • Customizable login page
    • Users 9
    • Admin web interface
    • Open locations
    • Customizable login page
    • Users 100
    • Admin web interface
    • Open locations
    • Customizable login page
Install wwwhisper
heroku addons:create wwwhisper

To provision, copy the snippet into your CLI or use the install button above.

wwwhisper Documentation