Calling canister on main network needs no authentication

I deployed my canisters to the main network. I could access those canisters through the Nodejs client without using any key(Principle id). Is there a way to restrict access to the canister?

You can check the caller’s principal in your public methods using msg.caller, as described here:


public shared(msg) func hello() {
    if (msg.caller == allowedPrincipal) {

A few more examples are linked here too:


Thanks for the reply @Ori. But when we are testing canisters locally we have to fetch the identity from the root key. right? otherwise, we cannot access the canister on the local node.
Why is that?
Why is that not applying for the main network?