Basic HTTP Authentication

Basic HTTP Authentication is a great and easy way to add a username/password gate to your deployments and make sure that only authorized personal can access them.

There are current two ways to define Basic Auth credentials in Squash.

Squash Interface

When Basic Auth is defined through the Squash interface your deployments will only start after the credentials are successfully checked within Squash. This provides an additional layer of protection against bots or any automated requests against Squash URLs.

You can define Basic HTTP Authentication on a repository level. These credentials will become available for all deployments on all repositories.

Go to Settings -> Repositories:


And then click on the “Basic Auth” accordion:

Add as many credentials as you need. The Description field is optional and it’s a handy field to keep notes on any reasoning for those credentials, for instance “Requested by ACME client”.

Squash Interface: URL exclusions

When Basic Auth is enabled through the Squash interface you may also define URL for which you don’t want Basic Auth to apply, such URLs will be open to the public. This is handy for use cases where you want to open endpoints to receive requests from external systems or webhooks.

To define Basic Auth exclusions go to the deployment settings page and click “Settings”:


Then make sure “Enable Basic Auth” is checked. This will display a new “Basic Auth Exceptions” area below. Add as many URLs as you like.

Adding the root (“/”) URL is forbidden as it would essentially open the entire URL schema to the public.


Defining within your application code

You may also define Basic Authentication within your own application code for greater flexibility. For this use case we recommend not defining any Basic Auth credentials in the Squash interface, for the repos where you have the credentials defined in the code.