I was wondering if it's possible how to close / disable new user registration?

I have a Node js web app that is business to business. When I get a new customer, they recieve a clone of the app on it's own VPS (and sudomain). Once they sign up/pay I want to disable registration for that app completely.

Right now I'm not sure how to do that. What my current solution is to just generate their login info myself and have no public sign up page. So I would have to give them a temporary password which works but is not ideal. I'm sure someone familiar with Userbase could potentially abuse this if they knew the app ID? So i'd have to keep them a secret?

Some ideas that might help you think it through further:

• you can make it so that the web app only works client-side for a user with protectedProfile attribute paid set to true. The protectedProfile can only be modified by you, the admin via the Admin API's UpdateUser endpoint.
• you can require users make a payment in order to open a database. Docs here.
• you could probably find a way to schedule a CRON job that deletes all users from an app but one, which is probably the most challenging and hacky of the options here.

I'm sure someone familiar with Userbase could potentially abuse this if they knew the app ID? So i'd have to keep them a secret?

Best you can do is rely on the domain whitelist in the admin panel. Should be able to make a new app for each customer, and whitelist the customer's subdomain. Can try it out.

Thanks for the input. I think I improperly titled the question, as the real issue is not preventing user registration, but sharing a user between Userbase apps.

What I have is a pretty weird use-case because essentially they require 2 accounts. One is the public app, my sales page where everyone signs up. And the other is the "product" app.

I don't think it's actually feasible to request this kind of feature from you guys. Imagine signing up for something only to be registered on 1000 different apps. But if you were to consider it, I think there could be other possible uses such as chaining Userbase apps, or maybe developers selling multiple apps from a single website. I'm probably in the minority though.

What I decided is to include a sign up page on the production app and send them the link. After they register I can delete that page. I still need to test this further but I think with a combination of your suggestions, especially whitelisting the domain, it seems pretty foolproof. Another positive is that it's beneficial for my customer as well since it keeps their billing information separate!