Share Lightning Out Apps with Unauthenticated Users

To make your Lightning Out app available to users without requiring them to authenticate with Salesforce, add the ltng:allowGuestAccess interface. With this interface, you can build your app with Lightning web components, and deploy it anywhere and to anyone.

If a user is authenticated with the Lightning Out endpoint, you must set the session in $Lightning.use().

You can add a Lightning Out app with the ltng:allowGuestAccess interface to a Visualforce page and to a page hosted outside Salesforce.

  • Using Lightning Web Components for Visualforce, you can add your Lightning Out app to a Visualforce page, and then use that page in Salesforce Tabs + Visualforce sites. Then you can allow public access to that page.
  • Using Lightning Out, you can deploy your app anywhere Lightning Out is supported—which is almost anywhere!

The ltng:allowGuestAccess interface is only usable in orgs that have Digital Experiences enabled, and your Lightning Out app is associated with all site endpoints that you’ve defined in your org.

When you make a Lightning Out app accessible to guest users by adding the ltng:allowGuestAccess interface, it’s available through every Experience Cloud site in your org, whether that site is enabled for public access or not. You can’t prevent it from being accessible via site URLs, and you can’t make it available for some sites but not others.

Be careful about apps you open for guest access. Apps enabled for guest access bypass the object- and field-level security (FLS) you set for your site’s guest user profile. Components don’t automatically enforce CRUD and FLS in an Apex method when you reference or retrieve objects. The framework continues to display records and fields for which users don’t have CRUD access and FLS visibility. A mistake in code used in an app enabled for guest access can open your org’s data to the world.

Add the ltng:allowGuestAccess interface to your Lightning Out app.

You can only add the ltng:allowGuestAccess interface to the Lightning Out app, not to individual components.

Next, add the Lightning Out JavaScript library to your page.

  • With Lightning Web Components for Visualforce, simply add the <apex:includeLightning /> tag anywhere on your page.

  • With Lightning Out, add a <script> tag that references the library directly, using a site endpoint URL.

    For example: https://universalcontainers.force.com/ourstores/lightning/lightning.out.js

Finally, add the JavaScript code to load and activate your Lightning Out app. This code is standard Lightning Out, with the important addition that you must use one of your org’s site URLs for the endpoint. The endpoint URL takes the form https://YOURSITEDOMAIN/SITEURL, as shown by https://universalcontainers.force.com/ourstores/ in this example.

See Also