API exposure in order to allow add*

Hi,

There’s something I don’t get.

By default we have in the config:

"API": "/ip4/127.0.0.1/tcp/5001",

And on https://docs.ipfs.io/guides/examples/config/ it is advised not to change it:

You should ensure that this address is not dialable from outside of your machine, or other potentially malicious parties may be able to send commands to your ipfs daemon.

  1. How exactly are we supposed to use the parts of the API useful to upload content from our dApps ? Like all the add* methods on https://github.com/ipfs/js-ipfs-http-client#files ? Is there a way to expose only a subset of the API ?
  2. How does Infura do? They seem to expose only a part of the API (can’t add the link because I’m a new user here, sorry)

Thanks :slight_smile:

You can expose parts of the API with Nginx or any other reverse proxy sitting in front of the IPFS API.

Also, since you can run js-ipfs directly in the browser, you can probably use it to add content to the network.

Also, IPFS Cluster has an API which supports basic authentication (permissioned endpoints coming up soon as well). Cluster might be interesting even with a single peer because of some API features, like attaching names to pins, or any custom metadata.

Thank you very much Hector!