Back to blog
What Are IPFS Gateway Access Controls?
In the realm of decentralized file systems, Pinata's Dedicated Gateways are a critical component, enabling the retrieval and serving of IPFS (InterPlanetary File System) content both swiftly and reliably. However, an unrestricted gateway could pose security risks. Recognizing this, Pinata introduced Gateway Access Controls, designed to ensure your gateway is used exclusively by your platform.
IPFS has an open architecture that allows any content to be loaded through any gateway, creating potential risks of unauthorized access and abuse. Gateway Access Controls are Pinata’s solution to fortify gateways against unintended access, allowing users to securely share content.
The Necessity of Access Controls
Understanding the significance of access controls is crucial, particularly for those aiming to share or host unique or open-source content. Although implementing these controls is optional, they are indispensable for accessing IPFS content from the wider network or tightening security beyond the default settings.
By default, Dedicated Gateways operate with minimal restrictions, serving content exclusively pinned to your account. However, to ensure enhanced and selective accessibility, along with security for diverse content across the network, incorporating these controls is vital. This allows users to efficiently regulate content access while ensuring operations continue smoothly and without interruption.
Types of Access Controls
To begin, ensure you have a Dedicated Gateway, then navigate to the Access Controls page.
Access Tokens
Implementing an access token restriction implies that content through your gateway will only be served if the request accompanies the access token.
Notably, if this restriction is applied, content pinned to your account won't be served through your gateway without the accompanying token in requests, like so:
https://GATEWAY_NAME.mypinata.cloud/ipfs/CID_STRING?pinataGatewayToken=ACCESS_TOKEN
IP Address Restrictions
IP Address restrictions allow the addition of up to 100 distinct IP addresses individually. Once this restriction is set, only content requested from a listed IP address will be served through your gateway.
Host Origin Restrictions
Host Origin restrictions ensure your gateway can only be used on a specific domain, like app.pinata.cloud. These controls can be jointly configured to operate as an "OR" operator. For instance, having both Host Origins and Access Tokens set enables the use of either for content to pass through.
When rendering content on the client side using host origins, a <crossorigin>
tag must be included in your <img>
, <video>
, <audio>
, <link>
, or <script>
elements. Here is an example in HTML:
<img
src="https://pinata-media.mypinata.cloud/ipfs/CID"
crossorigin='anonymous'
alt="pinnie"
/>
Conclusion
IPFS Gateway Access Controls act as meticulous gatekeepers, empowering users to securely and selectively navigate the expansive IPFS network. These controls are not merely safeguards but also enablers, facilitating developers in bringing their visions to life seamlessly. They maintain a harmonious blend of openness and restriction in the versatile and evolving domain of the decentralized web.
Sign Up for Pinata and unlock the true potential of decentralized technology, securing your creations while exploring the boundless opportunities the decentralized web has to offer!
Happy Pinning! ✨