Dansk

English
Español
Español (ES)
Português BR
Português (PT)
简体中文
繁體中文
日本語
한국어
Français
Deutsch
Русский
Türkçe
हिन्दी
Bahasa Indonesia
Tiếng Việt
ไทย
Italiano
Nederlands
Polski
Українська
Čeština
Română
Magyar
Svenska
Norsk
Suomi
Ελληνικά
Bahasa Melayu
Filipino
বাংলা
Català
Hrvatski
Български
Српски
Slovenčina
Slovenščina
Eesti
Latviešu
Lietuvių

Dansk

English
Español
Español (ES)
Português BR
Português (PT)
简体中文
繁體中文
日本語
한국어
Français
Deutsch
Русский
Türkçe
हिन्दी
Bahasa Indonesia
Tiếng Việt
ไทย
Italiano
Nederlands
Polski
Українська
Čeština
Română
Magyar
Svenska
Norsk
Suomi
Ελληνικά
Bahasa Melayu
Filipino
বাংলা
Català
Hrvatski
Български
Српски
Slovenčina
Slovenščina
Eesti
Latviešu
Lietuvių

Appearance

Dedikerede gateways

Nirvana plan users get a private IPFS gateway at a unique subdomain. This gateway only serves files pinned to your account — it won't resolve CIDs from other users or the public IPFS network.

Gateways list page with multiple gateway cards

Din gateway-URL

Your gateway URL is shown in your Gateway page and returned by the /user/profile endpoint:

https://<your-slug>.gw.ipfs.ninja/ipfs/<CID>

Atkomstlage

ModeBehavior
Open (default)Anyone with your gateway URL + CID can access your files. No token needed.
Token requiredRequests must include a gateway token via ?token=gwt_... query param or X-Gateway-Token header.

Granser

  • 50 GB/month gateway bandwidth included with Nirvana
  • When the bandwidth limit is reached, gateway requests return 429 until the next month
  • Storage usage resets on the first of each calendar month
  • Only serves CIDs pinned to your account — requests for other CIDs return 403

TIP

The public gateway at ipfs.ninja/ipfs/ remains available on all plans and serves any CID without authentication.

Gateway-installningar

Configure access controls for your dedicated gateway.

Gateway detail page with access mode, token required, and IP whitelist settings

Update Settings

PUT /gateway-settings

ParameterTypeRequiredDescription
tokenRequiredbooleanNoEnable/disable gateway token requirement.
ipWhiteliststring[]NoArray of IP addresses to allow. Max 100. Empty array removes the whitelist.
allowedOriginsstring[]NoArray of allowed origins for browser requests. Max 100. Must use HTTPS format (e.g. https://myapp.com). Empty array allows all origins.

Exempel

bash
# Enable token-required mode
curl -X PUT https://api.ipfs.ninja/gateway-settings \
  -H "X-Api-Key: bws_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"tokenRequired": true}'

# Set IP whitelist
curl -X PUT https://api.ipfs.ninja/gateway-settings \
  -H "X-Api-Key: bws_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"ipWhitelist": ["203.0.113.1", "198.51.100.0"]}'

# Clear IP whitelist (allow all IPs)
curl -X PUT https://api.ipfs.ninja/gateway-settings \
  -H "X-Api-Key: bws_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"ipWhitelist": []}'

# Restrict to specific origins
curl -X PUT https://api.ipfs.ninja/gateway-settings \
  -H "X-Api-Key: bws_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"allowedOrigins": ["https://myapp.com", "https://staging.myapp.com"]}'

# Remove origin restrictions (allow all origins)
curl -X PUT https://api.ipfs.ninja/gateway-settings \
  -H "X-Api-Key: bws_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"allowedOrigins": []}'

Origin Restrictions

When allowedOrigins is configured, only browser requests from the listed origins are allowed. The gateway checks the Origin and Referer headers on incoming requests.

  • If the list is empty (default), all origins are allowed.
  • If origins are specified, requests with an Origin or Referer header that does not match any entry are rejected with a 403 response.
  • Non-browser requests that do not include an Origin header (such as server-side fetches or curl) pass through without restriction.

This is useful for embedding gateway content in your web application while preventing other sites from hotlinking your files.

Gateway-token

Gateway tokens (gwt_ prefix) are read-only and safe to embed in frontend applications. Unlike API keys, a gateway token can only access files through your dedicated gateway — it cannot upload, delete, or manage your account.

CapabilityAPI Key (bws_)Gateway Token (gwt_)
Upload / delete files✅ Yes❌ No
List / get file metadata✅ Yes❌ No
Read files via gateway❌ No✅ Yes
Safe to embed in frontend❌ No✅ Yes

Create Gateway Token

POST /gateway-tokens

ParameterTypeRequiredDescription
namestringNoLabel for the token (e.g. "Frontend"). Defaults to "Default".

Response 201 Created

json
{
  "token": "gwt_a1b2c3d4e5f6789012345678abcdef01",
  "tokenPrefix": "gwt_a1b2c3d4",
  "tokenName": "Frontend",
  "createdAt": 1711036800000
}

WARNING

The full token is only returned once at creation. Store it securely.

List Gateway Tokens

GET /gateway-tokens

json
[
  {
    "tokenPrefix": "gwt_a1b2c3d4",
    "tokenName": "Frontend",
    "createdAt": 1711036800000
  }
]

Delete Gateway Token

DELETE /gateway-tokens/:prefix

ParameterTypeRequiredDescription
prefixstringYesThe token prefix to delete (e.g. "gwt_a1b2c3d4").

Using a gateway token

When your gateway has token-required mode enabled, pass the token as a query parameter or header:

bash
# Query parameter
curl "https://a1b2c3d4.gw.ipfs.ninja/ipfs/QmXk7VRz...?token=gwt_your_token"

# Or header
curl https://a1b2c3d4.gw.ipfs.ninja/ipfs/QmXk7VRz... \
  -H "X-Gateway-Token: gwt_your_token"

© 2026 IPFS.NINJA