Tutorial: Access Controls

Tutorial: Access Controls

Learning/Tutorials

Secure your content and manage access permissions with robust API token authentication for your Filebase Dedicated IPFS Gateways.

AuthorFilebase Team
CategoryTutorials

The Need for Private IPFS Gateways

The InterPlanetary File System (IPFS) is famous for its public, decentralized nature. However, many enterprise use cases—such as subscription media platforms, internal company knowledge bases, or sensitive data archives—require strict access control.

Filebase Dedicated IPFS Gateways solve this challenge by allowing you to toggle your gateway to Private mode. Once private, your content is no longer publicly accessible via that gateway without explicit authorization, giving you the best of both worlds: the resilience of IPFS and the security of a private CDN.

Generating Secure Access Tokens

Authorization is handled via API tokens, which serve as the keys to your private gateway. These tokens can be generated, updated, or revoked instantly from your Filebase dashboard, giving you granular control over who can view your content.

Step-by-Step Generation

  1. Navigate to the Gateways page in your Filebase Dashboard.
  2. Select the Dedicated Gateway you wish to secure.
  3. Locate the orange Authorization button in the top right corner of the dashboard interface.
  4. In the modal that appears, you can generate a new token, view existing ones, or revoke access for old tokens.

Integrating Authentication

Once you have your API token, there are two primary methods to authenticate requests. The method you choose depends on your specific use case.

Method 1: Query String Parameter

Best for: Quick sharing, testing in browsers, or simple link embedding.

Simply append the filebaseGatewayToken parameter to any IPFS URL. This is the easiest way to test access immediately.

Browser URL
https://gateway.myfilebase.com/ipfs/QmbWqxBEKC...?filebaseGatewayToken=your_token_here

Method 2: Authorization Header

Best for: Production applications, API integrations, and keeping tokens hidden from the URL bar.

Pass the token via the x-filebase-gateway-token HTTP header. This is the recommended approach for programmatic access.

HTTP Header
x-filebase-gateway-token: your_token_here

Security Best Practices

To maintain the highest level of security for your private gateway, consider the following recommendations:

  • Token Rotation: Regularly rotate your API tokens, especially if a team member leaves or a project concludes.
  • Environment Variables: Never hardcode tokens in your frontend source code. Use environment variables (e.g., process.env.GATEWAY_TOKEN) to inject them during build or runtime.
  • Least Privilege: If you have multiple gateways for different projects, use separate tokens for each to isolate access.

Ready to implement?

Dive deeper into the technical specifications in our official documentation.

Read the full documentation →
Last ArticleGuide to CORS Configuration
Next ArticleTutorial: Launch Decentralized Sites with Filebase