Restricting Subdomain - janko/rodauth-rails GitHub Wiki

If you want to serve Rodauth endpoints only from a specific subdomain (e.g. app.example.com), in your Rodauth app call r.rodauth only when on that subdomain:

# app/misc/rodauth_app.rb
class RodauthApp < Rodauth::Rails::App
  route do |r|
    if rails_request.subdomain == "app"
      r.rodauth # route rodauth requests for "app.*" subdomain
    end
  end
end

You should also probably make sure not to call any authentication methods on other subdomains, as that might result in redirects to Rodauth routes on the wrong subdomain.