There is no doubt that live testing is much preferred before pushing to the Production environment, however, there are times when a new feature or changes on Integration/ Staging environment is preferred to be kept private or secret from the public network; for this, HTTP authentication would be a solution.

What is HTTP Basic Authentication?

The basic flow of any HTTP Basic Authentication is as follows:

  1. A client requests access to any page from the store.
  2. The web server returns a dialog box that requests username and password.
  3. The client submits the username and password to the server.
  4. The server authenticates the user,if successful, returns the requested page.

Magento Cloud provides a very simple web interface for enabling HTTP authentication; just click on the environment and go to Configure EnvironmentSettings; then click Edit on HTTP access control.

The interface will look like the following:

By using the above interface the administrator can set any amount of usernames and passwords, and/or restrict or allow by IP address.

After finishing setting up the administrator must switch HTTP access control to ON in order to apply the changes, this will display a login dialog if the client has not been authenticated yet.

This will add an extra security layer to those teams that require to live test under a certain degree of discretion, being also secured since Magento Cloud utilizes SSL as default for all communication.