Gateway access controls
Dedicated gateways support access controls that limit which CIDs the gateway responds to. Useful for:
- Running a public-facing gateway that only serves your application's content.
- Preventing third parties from using your gateway as a free CDN for arbitrary IPFS content.
Modes
| Mode | Behavior |
|---|---|
| Public | Serves any IPFS CID. |
| Private | Serves only CIDs pinned to your Filebase account. |
| Scope | Public, but restricted to a curated allowlist of CIDs. |
Configure private mode
Set private: true when creating or updating the gateway:
curl -X PUT \
-H "Authorization: Bearer $(echo -n "$KEY:$SECRET" | base64)" \
-H "Content-Type: application/json" \
-d '{ "private": true }' \
https://api.filebase.io/v1/gateways/my-gateway
Now requests for CIDs you haven't pinned return 404.
Configure scope
Add CIDs to the gateway's allowlist via the console under Gateways → [gateway-name] → Scope.
Authentication
For an extra layer, configure HTTP Basic auth on the gateway via the console. Useful for gateways serving a private application's assets.