Best practices for app testing

So my company has an app that gets all of its data from a mother wordpress site. The issue we keep running into is that every time we want to make an edit to an endpoint (or add a new one) we have to deploy to production which could mess with the current version of the app. We do have staging sites that are cloned from production but we have http auth on them and that keeps the app from functioning. Any advice on what is normally done in this situation?

Edit endpoints on the backend?
Deploy a new version of the backend?

Then you ‘just’ need a set of integration tests that makes sure all the API endpoints and functionality used in the app works as before. This can be done by talking to the API directly (which means you have to maintain an additional set of API tests - but every goo API should have these anyway) or you can automate the app with e.g. Appium to test the workflow in there directly.

Yes that is probably best practice overall (writing tests) but what if my test misses something? I was just wondering if there was a best practice to deploy something pointing at a staging server (that has http auth) so that I can demo it and have my QA people look at it before it is deployed.

Staging servers don’t have to have Basic Auth, they can also filter requests by IP or cookie or just be hidden behind a obscure URI or a changing URI. In general end to end and integration testing should be as similar to production as possible.