Restricted vs Open
When working with IPFS Gateways the behavior usually falls into two categories: Restricted or Open.Restricted Gateway
Restricted means the gateway can only load content that is pinned to that user’s account. This is the default behavior for Pinata’s Dedicated Gateway, as it provides the maximum level of security. Any requests made to a CID outside the user’s account will be unauthorized.This check of whether or not a file is pinned or not using
/data/pinList
in the Pinata API, which means recursive CIDs in folders are considered unauthorized. Instead, use the folder CID in the path of the gateway followed by the file name.Open Gateway
ipfs.io/ipfs/
which is open to everyone, but has heavy rate limiting. For Dedicated Gateways, you achieve this open state by adding Access Controls.
Why Access Controls?
Access Controls
Pinata currently provides three primary methods for opening your gateway securely:Gateway Keys
Adding a Gateway Key restriction means that content served through your gateway will only be served successfully if the key is present with the request. Importantly, content pinned to your account won’t be accessible through your gateway if you’ve implemented a gateway key restriction and fail to include that token in content requests. To create a Gateway Key, click on the button that says “Request Key.”Query Parameter
To use the query parameter method, simply add this to the end of a gateway request url:Header
Another way to use the gateway key is in the request header. The Key Value would look like this:Key | Value |
---|---|
x-pinata-gateway-token | GATEWAY_KEY |
IP Address
You can also restrict your gateway by IP Address. You can add up to 100 different IP addresses (individually). When you add this restriction, only content requested from an IP address that you’ve added will be served through your gateway. To start, click “Set IP Address” on the right side of the menu.Host Origin
With the Host Origin restriction, you can make sure your gateway can only be used on a specific domain (for example, ‘https://app.pinata.cloud’). To get started, click on “Add Host Origin.”Make sure you include the
https://
protocol prefix in the URL and that there are no trailing slashes! To test localhost use the IP Access control with your public facing IP.crossorigin
tag in your img
, video
, audio
, link
, or script
elements. Here is an example with an img element in React:
crossorigin
please read this article here!