Pinata Docs
Getting Started


Please be aware that IPFS is a public network! This means anything uploaded through Pinata will be accessible by anybody on the network.

Your API Keys

When you click "New API Key" you will be prompted to select permissions and the number of uses for the key you generate. Admin privileges, as you might expect, have access to all API endpoints. If you'd like to specify specific endpoints, you can do so by expanding the endpoint's parent route and toggling on the permission.
By default, all keys have unlimited use. However, if you'd like to limit the number of times a key can be used, you can do so by setting the Max Uses field.
By setting a Key Name, you will be able to easily identify the key and its purpose.
Any key can have its access revoked by clicking the Revoke button. Once a key has been revoked, it can no longer be utilized for any purpose.


When you generate your keys, you will see a modal with the Pinata API Key, Pinata API Secret, and the JWT.
Your "Pinata API Key" acts as your public key for our REST API, and your "Pinata Secret API Key" acts as the password for your public key. The JWT is an encoded mix of the two. Be sure to keep your secret key private!
For added customer security, these keys are encrypted on Pinata's side and will only ever be displayed once, so write them down. If you lose these values you'll need to revoke the key and create a new one.

Connecting to the API

The base URL for Pinata requests is:
You have two ways of connecting to the Pinata API:
  • Bearer Authentication
  • Custom Headers
To use the bearer authentication model, you will need the JWT that is generated when creating API keys. This token can be used as an Authorization header for all your API requests in the following format:
"Authorization": "Bearer YOUR_JWT"

Custom Headers

If not using bearer authentication, your API requests will need to include two headers:
pinata_api_key: (put your personal pinata api key here)
pinata_secret_api_key: (put your personal pinata secret api key here)
Once you have your API Keys, you're ready to roll!
Let's try connecting to the Pinata API via the data/testAuthentication endpoint (This endpoint requires an admin key to call).
Want to try out the API without building out all that crazy code surrounding a server? We recommend checking out Postman for easy API experimentation:

JavaScript with Axios example:

At Pinata, when it comes to interacting with an API through JavaScript, we're fans of the axios npm library:
All of our JavaScript examples will use axios, but feel free to use what you feel comfortable with!
const axios = require('axios');
export const testAuthentication = () => {
const url = ``;
return axios
.get(url, {
headers: {
pinata_api_key: 'your pinata api key',
pinata_secret_api_key: 'your pinata secret api key'
.then(function (response) {
//handle your response here
.catch(function (error) {
//handle error here
If you receive a message back from the API that says: "Congratulations! You are communicating with the Pinata API!", then you're authenticated!

We want your feedback!

Have a suggestion? Have a complaint? Confused about something in the documentation? Just want to say hi?
We want to make Pinata the best product available. That involves listening to our users and addressing their needs.
Send us an email at [email protected] and we'll see how we can help.
Last modified 8mo ago