• Pricing
Skip to content


On this page:


Protect your site or a section of your site from public viewing by requiring authentication.

CloudCannon has several authentication options:

  • None - Your site is entirely public.
  • Password - Visitors must enter a password
  • Bearer Token - Authenticate by setting a token header.
  • User Accounts - You can control a set of users who have access to the site, each with their own username and password.
  • SAML - Authenticates access to your site using a SAML / SSO provider.

Logging out

Once a user is authenticated, they can log out at <your-domain>/logout. You can provide a logout button on your authenticated pages with this link.

<a href="/logout">Log out</a>

CloudCannon sets a cookie when the user is authenticated. Use this to show the logout button for authenticated users on public pages, and hide it otherwise.


No sensitive authentication data is exposed through cookies.

The cookie is used to set a class on the body. The CSS will show the logout button with this class.

var isAuthenticated = document.cookie.indexOf("authenticated=true") >= 0;

if (isAuthenticated) {
  document.body.className += " authenticated";
.logout {
  display: none;

.authenticated .logout {
  display: block;
<a href="/logout" class="logout">Log out</a>

Custom Routes

Custom routes allow you to specify the routes you want to be authenticated and keep the rest public. By default, all routes are authenticated.

This feature is ideal for staff or special subscriber sections of your site.

To specify custom authenticated routes for your site:

  1. Create a file named auth-routes.txt in the root folder
  2. Add the routes you want to this file, one on each line.

CloudCannon supports wildcards, allowing you to specify child folders or multiple files.

In the following example, visitors will have to log in to access /internal-news.html and anything inside /staff. Everything else is public.


Custom interfaces

You can create your own custom branded pages for authentication. This is possible for Password and User Account authentication methods.

Each page is different, but the process is the same:

  1. Create the relevant file in the root folder of your site
  2. Add the HTML for the page


On this page:


Don’t miss the latest
CloudCannon news freshly delivered to your inbox
Illustration of woman holding an envilope