Example prototype that demonstrates ProtoWall origin secret verification.
This is a fake analytics dashboard ("Acme Analytics") designed to be accessed through ProtoWall's reverse proxy. It shows how to verify that incoming requests come through ProtoWall and reject direct access.
ProtoWall sits between your users and your prototype as a reverse proxy. It injects an x-protowall-secret header on every forwarded request. Your app checks this header to ensure no one bypasses ProtoWall.
User → ProtoWall proxy (auth + NDA) → Your prototype (verifies secret)
// server.js
const PROTOWALL_SECRET = process.env.PROTOWALL_SECRET;
app.use((req, res, next) => {
if (PROTOWALL_SECRET && req.headers['x-protowall-secret'] !== PROTOWALL_SECRET) {
return res.status(403).send('Forbidden');
}
next();
});# Install dependencies
npm install
# Run locally (no secret verification)
npm run dev
# Run with secret verification
PROTOWALL_SECRET=pw_proj_your_secret_here npm start- Push this repo to GitHub
- Go to Render → New Web Service → connect the repo
- Or use the
render.yamlblueprint - Set
PROTOWALL_SECRETto your project's origin secret from the ProtoWall dashboard
- Sign up at protowall.app
- Create a project with the Render URL as the destination
- Copy the origin secret and set it as
PROTOWALL_SECRETon this service - Send invites — reviewers authenticate and accept the NDA through ProtoWall, then access this prototype through the proxy
- Node.js + Express
- EJS templates
- No database, no build step
MIT