Public Access
Public Acces let you share specific parts of your Noloco app with the world — no login required. Whether you're showcasing a course catalog, event listings, or a product directory, you stay in control
What is Public Access?
Public Access allow parts of your Noloco app to be accessed without a user logging in. You decide:
Which tables are visible
Which records and fields can be viewed
Which pages are public, private, or shared
This means you can create rich, read-only public content while still keeping sensitive or interactive features behind login.
Public Access is available on the Business and Enterprise plan.
How to Enable Public Access
You can configure public access in any app — new or existing — in just a few steps:
Open your app settings and select Public Access, or use this link: https://portals.noloco.io/~/_/settings/public-access
Click Setup to begin configuration (your app won’t go live yet).
Expand the table list to choose which tables should be available publicly.
Toggle public access on for selected tables.
Use the Permissions Panel to define exactly which fields and records are public. Learn more about permissions
In the Views Tab, choose which views are publicly visible. Learn more about visibility rules
Set your navbar pages to be Public, Shared (conditionally visible), or Private.
When ready, toggle the main switch to enable public access.
Click Review & Publish to finalize and make your app publicly accessible. Learn more about publishing
🔒 By default, everything is private. You have full control
Best Practices for Safe & Effective Public Access Apps
Expose only necessary fields. Don’t make entire tables visible unless needed.
Use a dedicated permission rule for public users. This avoids overlap with logged-in users.
Create public-specific views. These can simplify layouts and avoid confusion.
Default to read-only access. Only allow updates or submissions when absolutely required.
Security & Limitations
Public data is fully accessible without login, but you control what’s exposed.
Use field- and record-level permissions to ensure data safety.
Public views refresh less frequently than authenticated ones, which helps manage load.
Personalization (e.g. user-specific content) requires login and won’t work in public view.
Existing apps can be partially opened up — keep secure sections fully private.
Frequently Asked Questions about Public Access
Troubleshooting Public Access Issues
Advanced Public Access Scenarios
Creating Separate Public Apps for Different User Types
To create separate public apps for trade vs client users:
Duplicate Your App: Create multiple Noloco apps connected to the same data source
Different Permission Rules: Set up distinct permission rules in each app
Separate Branding: Customize each app's appearance for different audiences
Different Data Views: Show different tables/fields in each app
Unique URLs: Each app gets its own public URL for different user groups
Testing Public Access Thoroughly
Incognito Browsing: Always test in incognito/private browser windows
Multiple Browsers: Test across different browsers and devices
Clear Cache: Clear browser cache between tests
Test All Flows: Test not just viewing, but form submission, navigation, etc.
Different Data States: Test with different data scenarios (empty tables, full tables, etc.)
Security Best Practices for Public Access
Minimum Necessary Access: Only expose fields and tables that absolutely need to be public
Regular Audits: Periodically review what's exposed to public users
Monitor Usage: Keep an eye on public access logs for unexpected usage patterns
Backup Strategy: Ensure you can quickly disable public access if needed
Data Validation: Implement strong validation on any publicly submitted forms
Last updated
Was this helpful?