IPFS api in the browser

I’m developing a web app that will save the data to ipfs.

To make the resolving and fetching of files faster I want to use https://github.com/ipfs/js-ipfs-api that will connect to my local node.

But is it save that the browser will connect to the ipfs node directly?
If I’m adding files with ipfs.files.add and view that with ipfs.files.cat. I store the hashes in Ethereum smart contracts.

As I understand from the api, the files cannot be deleted using the ipfs api. I hope I’m right :slight_smile:
But I think malicious users can do a kind of dos attack on my ipfs server by adding unnecessary files through the api? As I see it now, using IPFS in the browser isn’t too much safe.

Any judgement from IPFS experts :sweat_smile:?

Anyone knows examples of IPFS web apps?


Maybe you can search bout ipfs search / orbit.


1 Like

Thanks, I’m getting a look

any resolution to this?

Not that I know of.

I’ve found a solution to restrict the API port (5001) of my ipfs node so only my server can use it, so all IPFS communication is going through the server.

The pros of that approach is that the node IPFS can communicate and synchronise with the swarm cause 4001 port is open.

It’s dangerous that ipfs-api can be visited by outside. Add a mediator in your ipfs server, which will call ipfs-api to communicate with ipfs daemon. Your web app will connect to this mediator, and then translate the api to ipfs-api.


This makes sense. You may want to develop an API middleware that routes to the 5001 internally & serve CRUD operations. You may want to add a firewall inbound rule to stop connections to 5001 from the outside. Limit to VPS & App CORS domain only.

Irrelevant note: Also, file security can be done by reverse proxy encryption if that makes you feel safe.

So what about introducing permissions?

If looking into IPFS as a file system, using Linux permssion model looks natural. That means every rwx permissions, and commands will have just execute. We also need to introduce the concept of groups, but that might be done latter.

I also think that providing permissions similar to the Linux model will create a beautiful symmetry.