Setup and Implementation Guide

Get ProtoWall running in front of your prototype in a few minutes. No SDK, no code changes to your app.

1. Create your account

Sign up at protowall.app with your email. Free plan, no credit card. You'll receive a magic link to log in.

ProtoWall login page with email field and Send login link button

2. Create a project

From the dashboard, click "New project" and fill in:

  • Project name - whatever you want to call it
  • Target URL - where your prototype is running (e.g. https://my-prototype.vercel.app)

ProtoWall generates a proxy URL and an origin secret for your project automatically.

Create project form with name, destination URL, and NDA text fields

3. Invite reviewers

Add reviewers by email on the project page. They'll get an email with a direct link to review and sign the NDA. One click from the email, sign the agreement, and they're in. No accounts or passwords needed on their end.

You can also click Preview prototype at the top of the project page to see your proxied prototype yourself, without needing to self-invite.

Project page showing Send invite field, NDA agreement, and invite list

4. Origin secret verification (optional)

By default, ProtoWall proxies authenticated traffic to your app and that's it. For an extra layer of security, you can verify that incoming requests actually came through ProtoWall by checking the origin secret header.

Each project gets a unique secret. Copy it from the project dashboard, set it as an environment variable on your server, and add a quick check:

Origin secret section showing the secret value, Copy and Rotate buttons, and Integration examples link

Express / Node.js

const PROTOWALL_SECRET = process.env.PROTOWALL_SECRET;

app.use((req, res, next) => {
  if (req.headers['x-protowall-secret'] !== PROTOWALL_SECRET)
    return res.status(403).send('Forbidden');
  next();
});

Flask / Python

import os
PROTOWALL_SECRET = os.environ["PROTOWALL_SECRET"]

@app.before_request
def verify_protowall():
    if request.headers.get("X-Protowall-Secret") != PROTOWALL_SECRET:
        abort(403)

FastAPI / Python

import os
PROTOWALL_SECRET = os.environ["PROTOWALL_SECRET"]

@app.middleware("http")
async def verify_secret(request, call_next):
    if request.headers.get("x-protowall-secret") != PROTOWALL_SECRET:
        return JSONResponse(status_code=403, content={"error": "Forbidden"})
    return await call_next(request)

Set PROTOWALL_SECRET as an environment variable on your server with the value from your project dashboard. You can rotate the secret at any time from the dashboard.

Using a coding agent? Point it at the Agent Integration guide and it will detect your framework and add the middleware automatically.

5. Manage access

From the project page you can:

  • Revoke access for any reviewer instantly (sessions are terminated immediately)
  • Update the NDA at any time. Existing reviewers must re-accept before they can access the prototype again
  • Rotate the origin secret if you need to invalidate the old one
  • View the audit log with IP addresses, NDA versions, and expandable signature details
  • Export the audit trail as CSV, or download a per-reviewer PDF evidence package (Pro)
  • View reviewer details — click any reviewer to see their full consent history and forensic data
Project page showing invitee with Accepted status, origin secret, and audit log

Ready to go? Get started free

Questions? Check the FAQ or email hello@protowall.app