diff --git a/packages/backend/package.json b/packages/backend/package.json
index 06bce6771..987d1fc88 100644
--- a/packages/backend/package.json
+++ b/packages/backend/package.json
@@ -43,6 +43,7 @@
     "ethers": "^5.6.8",
     "knex": "^2.4.0",
     "koa": "^2.13.4",
+    "koa-basic-auth": "^4.0.0",
     "koa-bodyparser": "^4.3.0",
     "koa-static": "^5.0.0",
     "lodash": "^4.17.21",
@@ -55,6 +56,7 @@
   },
   "devDependencies": {
     "@sinonjs/fake-timers": "^9.1.2",
+    "@types/koa-basic-auth": "^2.0.4",
     "@types/object-hash": "^2.2.1",
     "@types/supertest": "^2.0.12",
     "supertest": "^6.2.3",
diff --git a/packages/backend/src/Application.ts b/packages/backend/src/Application.ts
index c30c746a6..22fa78f54 100644
--- a/packages/backend/src/Application.ts
+++ b/packages/backend/src/Application.ts
@@ -634,6 +634,7 @@ export class Application {
       ],
       forceHttps: config.forceHttps,
       handleServerError,
+      basicAuth: config.basicAuth,
     })
 
     // #endregion api
diff --git a/packages/backend/src/api/ApiServer.ts b/packages/backend/src/api/ApiServer.ts
index 1b98abadb..c72de5d85 100644
--- a/packages/backend/src/api/ApiServer.ts
+++ b/packages/backend/src/api/ApiServer.ts
@@ -1,6 +1,7 @@
 import Router from '@koa/router'
 import { Logger } from '@l2beat/backend-tools'
 import Koa, { Context, Middleware } from 'koa'
+import auth from 'koa-basic-auth'
 
 import { createApiLogger } from './ApiLogger'
 import { forceHerokuHttps } from './middleware/forceHttps'
@@ -10,6 +11,7 @@ interface Options {
   middleware?: Middleware[]
   forceHttps: boolean
   handleServerError?: (error: Error, ctx: Context) => void
+  basicAuth?: string
 }
 
 export class ApiServer {
@@ -30,6 +32,18 @@ export class ApiServer {
       this.app.use(middleware)
     }
 
+    if (options.basicAuth) {
+      this.logger.info('Website is using basic auth.')
+      const [name, ...rest] = options.basicAuth.split(':')
+      const pass = rest.join(':')
+      if (!name || !pass) {
+        throw new Error(
+          'Wrong structure of BASIC_AUTH env variable. Use user:pass.'
+        )
+      }
+      this.app.use(auth({ name, pass }))
+    }
+
     const router = new Router()
 
     for (const childRouter of options.routers ?? []) {
diff --git a/packages/backend/src/config/Config.ts b/packages/backend/src/config/Config.ts
index 95b8a4e33..ec2555214 100644
--- a/packages/backend/src/config/Config.ts
+++ b/packages/backend/src/config/Config.ts
@@ -13,5 +13,6 @@ export interface Config<T extends TradingMode = TradingMode> {
   enablePreprocessing: boolean
   freshStart: boolean
   forceHttps: boolean
+  basicAuth?: string
   starkex: StarkexConfig<T>
 }
diff --git a/packages/backend/src/config/environments/config.local.ts b/packages/backend/src/config/environments/config.local.ts
index 33eab8ec7..d728ffce1 100644
--- a/packages/backend/src/config/environments/config.local.ts
+++ b/packages/backend/src/config/environments/config.local.ts
@@ -13,6 +13,7 @@ export function getLocalConfig(env: Env): Config {
     },
     port: env.integer('PORT', 3000),
     databaseConnection: env.string('LOCAL_DB_URL'),
+    basicAuth: env.optionalString('BASIC_AUTH'),
     enableSync: true,
     enablePreprocessing: env.boolean('ENABLE_PREPROCESSING', true),
     freshStart: env.boolean('FRESH_START', false),
diff --git a/yarn.lock b/yarn.lock
index 72a2cda50..538f2b1c0 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -648,6 +648,13 @@
   resolved "https://registry.yarnpkg.com/@types/keygrip/-/keygrip-1.0.2.tgz#513abfd256d7ad0bf1ee1873606317b33b1b2a72"
   integrity sha512-GJhpTepz2udxGexqos8wgaBx4I/zWIDPh/KOGEwAqtuGDkOUJu5eFvwmdBX4AmB8Odsr+9pHCQqiAqDL/yKMKw==
 
+"@types/koa-basic-auth@^2.0.4":
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/@types/koa-basic-auth/-/koa-basic-auth-2.0.4.tgz#d7627f18720778709f884381dd90f70ce5d9b6d8"
+  integrity sha512-PJKvoF5OMGlEEzUnctZDGRQVqV12xB0V4KplDJvHQDX9egh9ADFa456zGXRNnhNr43t3Fe4/VzD6ziM61uM5RQ==
+  dependencies:
+    "@types/koa" "*"
+
 "@types/koa-bodyparser@^4.3.7":
   version "4.3.7"
   resolved "https://registry.yarnpkg.com/@types/koa-bodyparser/-/koa-bodyparser-4.3.7.tgz#3ac41f2dec9d97db7a6f798bbb2e2368be762714"
@@ -1331,6 +1338,13 @@ base@^0.11.1:
     mixin-deep "^1.2.0"
     pascalcase "^0.1.1"
 
+basic-auth@^2.0.0:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/basic-auth/-/basic-auth-2.0.1.tgz#b998279bf47ce38344b4f3cf916d4679bbf51e3a"
+  integrity sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==
+  dependencies:
+    safe-buffer "5.1.2"
+
 bcrypt-pbkdf@^1.0.0:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"
@@ -4267,6 +4281,14 @@ knex@^2.4.0:
     tarn "^3.0.2"
     tildify "2.0.0"
 
+koa-basic-auth@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/koa-basic-auth/-/koa-basic-auth-4.0.0.tgz#7df593771aeb5fe09c6259db206e2e627da64616"
+  integrity sha512-eV1sGVAizDuFWNpY43VF3Z1ND4PotQZB/igxHNrcJXzXw+Flmj8Uv+4hP9LyNXyvqLJz/X5bmXeMu84AAGD9Jw==
+  dependencies:
+    basic-auth "^2.0.0"
+    tsscmp "^1.0.6"
+
 koa-bodyparser@^4.3.0:
   version "4.3.0"
   resolved "https://registry.yarnpkg.com/koa-bodyparser/-/koa-bodyparser-4.3.0.tgz#274c778555ff48fa221ee7f36a9fbdbace22759a"
@@ -5841,16 +5863,16 @@ run-parallel@^1.1.9:
   dependencies:
     queue-microtask "^1.2.2"
 
+safe-buffer@5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1:
+  version "5.1.2"
+  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
+  integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
+
 safe-buffer@5.2.1, safe-buffer@^5.0.1, safe-buffer@^5.1.0, safe-buffer@^5.1.2, safe-buffer@~5.2.0:
   version "5.2.1"
   resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
   integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
 
-safe-buffer@~5.1.0, safe-buffer@~5.1.1:
-  version "5.1.2"
-  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
-  integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
-
 safe-regex@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/safe-regex/-/safe-regex-1.1.0.tgz#40a3669f3b077d1e943d44629e157dd48023bf2e"
@@ -6558,7 +6580,7 @@ tslib@^1.8.1:
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.14.1.tgz#cf2d38bdc34a134bcaf1091c41f6619e2f672d00"
   integrity sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==
 
-tsscmp@1.0.6:
+tsscmp@1.0.6, tsscmp@^1.0.6:
   version "1.0.6"
   resolved "https://registry.yarnpkg.com/tsscmp/-/tsscmp-1.0.6.tgz#85b99583ac3589ec4bfef825b5000aa911d605eb"
   integrity sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==