I have a separate website running, and I would like paid users on this separate site to have access to private pages that have embedded unity projects. This would be a massive amount of users of varying ages, so it needs to be embedded and easy to access. However, I don't want someone to be able to distribute the URL for free, but setting a project to private wouldn't allow them to view the project (unless they also had an itch account... which is not acceptable for business purposes). What is a way that I can prevent others from viewing through the URL, or distributing the URL? What other security issues need to be dealt with?

Edit: Actually the best solution would probably be to restrict which URL it can be viewed from. What's the best way to do that?

The nature of URLs is that they aren't secure since anyone can share them. If you'd like to restrict access to a particular person or set of people then you'll need to have some sort of authentication layer, which would be an itch.io account in our case.

You can also try using  a password protected page URL, but I'm not sure that's going to give you the security you're looking for. Set the page display mode to restricted, then add a password to the page. You can then link to the page with the password directly in the URL like this:

example.itch.io/mypage?password=MYPASSWORD

As it turns out, I have figured that the best method may be to have the project read the URL and go to a different scene, depending on whether or not it's embedded on the right website. This is more of a Unity issue, however.