Lock Down a Prototype for Review in 5 Minutes

You have a web app running somewhere. Render, Vercel, Railway, your own server. You want specific people to see it, but only after they authenticate — and, if you need it, after they accept an NDA.

Here's how to set that up without touching your app's code.

Create an account

Go to protowall.app and enter your email. You'll get a magic link, no password needed. Click it, accept the platform Terms of Service, and you're in.

Create a project

Click New Project. You need two things:

A name for the project. This is what reviewers will see.

The destination URL where your prototype is running. Something like https://my-app.onrender.com.

Hit Create. ProtoWall generates a subdomain at {slug}.proxy.protowall.app and an origin secret for your project.

Optional: turn on the NDA gate

By default, reviewers click the invite link and land straight in your prototype. If you need legal acceptance before that — investor demos, client previews, anything you'd want a paper trail for — turn on the NDA gate from the project page. There's a default template covering confidentiality, no-recording, and duration. On Pro you can customize the text and keep full version history.

Off by default, one click to turn on, off again whenever you want.

Lock down direct access (optional)

Your prototype is still accessible at its original URL. If you want to make sure all traffic goes through ProtoWall, add a quick middleware that checks for the origin secret header.

In Express:

const PROTOWALL_SECRET = process.env.PROTOWALL_SECRET;

app.use((req, res, next) => {
  if (req.headers['x-protowall-secret'] !== PROTOWALL_SECRET)
    return res.status(403).send('Forbidden');
  next();
});

In FastAPI:

import os
PROTOWALL_SECRET = os.environ["PROTOWALL_SECRET"]

@app.middleware("http")
async def verify_secret(request, call_next):
    if request.headers.get("x-protowall-secret") != PROTOWALL_SECRET:
        return JSONResponse(status_code=403, content={"error": "Forbidden"})
    return await call_next(request)

Copy the origin secret from your project dashboard and set it as an environment variable on your server. Now direct access returns a 403 — the only way in is through ProtoWall.

This step is optional but recommended.

Send invites

On the project page, type in each reviewer's email and click Send. They get a notification.

What reviewers see

They click the link in the invite email and land directly in your prototype. If you've turned the NDA gate on, they see a full-screen agreement first — they type their name, check the box, and they're in. Either way, the whole flow is one click from email to prototype, under a minute. No account creation, no password, no app to install.

See what they did

This is where it stops being just a gate. Once a reviewer has access, ProtoWall logs every page they visit and how long they spend. On Pro, the project page surfaces:

• Per-reviewer engagement — top routes, time on page, daily timeline, session-by-session event log.
• AI session summaries — one-paragraph narrated walkthroughs of each session, on demand.
• Reviewer feedback — signed-identity comments left from inside the prototype, paired with engagement on the reviewer detail page.

You stop guessing whether your demo landed and start seeing exactly which screens each investor lingered on.

Updating the NDA

If the gate is on and you change the NDA text, publishing a new version makes every reviewer re-accept before they can get back in. The old version stays in the history with all its consent records. You don't lose the paper trail.

Revoking access

Click Revoke next to any reviewer on the project page. Their sessions terminate right then, not at the next token refresh. If they try to open the prototype, they're blocked. On Pro you can also set a TTL on each invite (24h / 7d / 30d / never) and a daily cron auto-revokes when the time arrives.

What the free plan includes

One project, five invites, the optional NDA gate, magic-link authentication, access requests, and a seven-day audit trail. No credit card.

Pro is $19/month and gets you five projects, 25 invites per project, reviewer engagement analytics, AI session summaries, the feedback widget, project versions, project previews (parallel per-PR / per-branch URLs), expiring access, custom NDA text, full version history, 90-day audit retention, and PDF evidence packages you can hand to legal counsel.

That's it

Five minutes, no code changes, and your prototype is behind authenticated review with full visibility into what reviewers actually engaged with. NDA optional. Audit trail included.