How to Share My App with Only Some People
Share your app with specific people by adding an invite-only access system. Generate unique invite links or codes, require users to enter them before signing up, and reject anyone without a valid invitation. Most auth providers like Supabase Auth and Clerk support this pattern with minimal setup.
Why this matters
When you are not ready for a public launch, controlled sharing lets you get feedback from the right people without exposing your app to everyone. This is how most successful builders run private betas and early testing rounds.
What's at stake
Without access controls, anyone who finds your URL can use your app. This means random visitors, bots, and competitors can access your prototype — and you lose control over first impressions.
Step by step.
Choose your access control method
For small groups (under 20), a simple password-protected page works. For larger groups or ongoing access, use invite codes or an email allowlist integrated with your auth system.
Set up an invite system
Generate unique, single-use invite codes. Store valid codes in your database. When a new user tries to sign up, check their invite code before creating the account.
Create an email allowlist (alternative)
Instead of invite codes, maintain a list of approved email addresses. During signup, check if the email is on the allowlist before creating the account. This works well for known groups like beta testers.
Add a waitlist for overflow
For people who want access but are not on your invite list, add a waitlist signup form. Collect their email and notify them when you are ready to expand access.
Communicate access status clearly
Show a clear message when someone without access tries to use your app. Tell them it is invite-only and how they can request access. A frustrating "access denied" page without explanation drives people away permanently.
Control exactly who gets access to your app
- Built-in invite system for controlled sharing
- Waitlist management to queue interested users
- Access analytics showing who signed up and when
Frequently asked questions.
For fewer than 10 people, a shared password (basic HTTP auth or a password gate page) is the fastest approach. For anything larger or longer-term, use invite codes or an email allowlist.
Yes. Both platforms support authentication through Supabase. You can add an invite code check to your signup flow by storing valid codes in a Supabase table and validating them before account creation.
Invite codes are more flexible — you can share them without knowing email addresses. Email allowlists are more secure — only specific people can sign up. For beta testing, invite codes are usually easier to manage.
Make invite codes single-use and time-limited. Once a code is used to create an account, mark it as consumed. This prevents one code from being used by multiple people.