IPFS Authentication Error 403 - Forbidden

philvms · August 10, 2022, 1:39pm

Been using the unauthenticated api until just recently just fine. Now the change to authenticated requested required me to authorize it. I input the details and now I am getting a 403 - Forbidden Error. No change to my API calls aside from adding the Authentication header

Flaveeu · August 10, 2022, 2:22pm

hi @philvms and welcome to Infura community.

We removed today the support for non-authenticated IPFS API requests and public non-authenticated IPFS gateway, please subscribe for updates here: Infura Status - Removal of IPFS un-authenticated API and non-authenticated Public IPFS gateway

black · August 10, 2022, 2:47pm

Hi, here is my code ;
const projectId = “28…eR”;
const projectSecret = “4c…9”;
const auth = "Basic " + Buffer.from(projectId + “:” + projectSecret).toString(“base64”);
const client = create({
host: “.ipfs.infura-ipfs.io”,
port: 5001,
protocol: “https”,
apiPath: “ipfs”,
headers: {
authorization: auth,
},
});
I’m also trying to create a connection using ipfs-http-client. I’ve already enabled dedicated gateway option on Infura but still can’t upload any file . These are the errors that I get;
“403 (Forbidden)”
and
“Error while ipfs uploading: HTTPError: ipfs method not supported”
Need help.

philvms · August 10, 2022, 2:59pm

@Flaveeu yes I have implemented the authorization as recommended.

I’m using ipfs-http-client. Authorization is good because I mistakenly did the wrong project id and got an error for that. I fixed it and now I get error 403

Marius_Vasili · August 10, 2022, 3:35pm

Hi everyone
I have the same problem (403 Forbidden)
const projectId = ‘xxxx’;
const projectSecret = ‘xxx’;
const auth =
'Basic ’ + Buffer.from(projectId + ‘:’ + projectSecret).toString(‘base64’);

const ipfs = ipfsClient({
host: ‘ipfs.infura.io’,
port: 5001,
protocol: ‘https’,
headers: {
Authorization: auth,
},
});

This is my configuration

philvms · August 10, 2022, 3:40pm

mine is

export const INFURA_PROJECT_ID =
process.env.NEXT_PUBLIC_REACT_APP_IPFS_INFURA_PROJECT_ID;
export const INFURA_PROJECT_SECRET =
process.env.NEXT_PUBLIC_REACT_APP_IPFS_INFURA_PROJECT_SECRET;
const auth = Basic ${Buffer.from( ${INFURA_PROJECT_ID}:${INFURA_PROJECT_SECRET}, ).toString("base64")};

then later down I have

const ipfsClient = create({
    host: 'ipfs.infura.io,
    port: 5001,
    protocol: "https",
    headers: { Authentication: auth},
});

black · August 10, 2022, 3:43pm

Thank you phil. Also, if someone solves the problem , would be awesome if you share with us.

Eugene_Melnikov · August 10, 2022, 3:49pm

I have the same issue
I use authentication and ipfs-http-client
ipfs.add() worked yesterday, but today returns 403

edval · August 10, 2022, 3:54pm

I’m getting the same “403 - Forbidden” error with code below:

const projectId = process.env.IPFS_PROVIDER_PROJECTID;
const projectSecret = process.env.IPFS_PROVIDER_PROJECTSECRET;

const auth = "Basic " + Buffer.from(projectId + “:” + projectSecret, “utf8”).toString(“base64”);
const client = ipfsHttpClient({
url: “https://ipfs.infura.io:5001/api/v0”,
headers: {
authorization: auth,
}
});

This code worked up until 12.00UTC today

If i’m using dedicated gateway subdomain with code below, I’m getting “blocked by CORS policy” error

const projectId = process.env.IPFS_PROVIDER_PROJECTID;
const projectSecret = process.env.IPFS_PROVIDER_PROJECTSECRET;

const auth = "Basic " + Buffer.from(projectId + “:” + projectSecret, “utf8”).toString(“base64”);
const client = ipfsHttpClient({
url: “my-gateway-subdomain/api/v0”,
headers: {
authorization: auth,
}
});

secrecys · August 10, 2022, 4:26pm

using dedicated gateway subdomain seams to not work because of SSL: no alternative certificate subject name matches target host name ‘xxx.infura-ipfs.io’
More details here: curl - SSL CA Certificates

The cert should include *.infura-ipfs.io as alternative name, and it doesn’t
instead its signed to be used by ipfs[.]prod[.]infura[.]org

Using curl, its seams I can get to use the gateway with the new Authentication header, but using http client no…
ipfs = window.IpfsHttpClient(…

secrecys · August 10, 2022, 5:11pm

So…

if you use

curl -X POST -F file=@favicon.gif -u “project:pass” “https://ipfs.infura.io:5001/api/v0/add” --insecure -A “Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0”
403 - Forbidden

but changing the User Agent to curl

curl -X POST -F file=@favicon.gif -u “project:pass” “https://ipfs.infura.io:5001/api/v0/add” --insecure -A “curl”
{“Name”:“favicon.gif”,“Hash”:“QmbFMke1KXqnYyBBWxB74N4c5SBnJMVAiMNRcGu6x1AwQH”,“Size”:“6”}

Basically… they are denying the use in the browser…

Do we have to start using a backend gateway to the infura gateway?

jaimiedaly · August 10, 2022, 6:35pm

Is there any update on this I have a similar set up where I create the buffer string on backend and pass it to client configuration but getting a 403

philvms · August 10, 2022, 6:50pm

Still nothing. It’s gonna be on infura side since we are all getting it now since the update

Aleksandr_Khaustov · August 10, 2022, 7:19pm

absolutely similar situation - 403 error, although before that it worked successfully for six months. strange that no reaction from the infura support team

traian.vila · August 10, 2022, 7:50pm

Hey all,

I’m sorry for the trouble, one thing to clarify, the IPFS API access remains on https://ipfs.infura.io:5001/api/v0/, it’s just requiring to pass auth now.
So your clients should not be using the dedicated gw, it’s still:

host: 'ipfs.infura.io',
port: 5001,
protocol: 'https'

I’m testing right now /add and will get back.

Thanks,
Traian

traian.vila · August 10, 2022, 8:07pm

Uploading via ipfs-http-client works on my end, posting below a sample script. I’ll look at the CORS issue next.

const ipfsClient = require("ipfs-http-client");

const projectId = '...'
const projectSecret = '...'

async function main() {

const auth = 'Basic ' + Buffer.from(projectId + ':' + projectSecret).toString('base64');

 const client = await ipfsClient.create({
    host: 'ipfs.infura.io',
    port: 5001,
    protocol: 'https',
    apiPath: '/api/v0',
    headers: {
      authorization: auth
    }
  })

try {
    const file = await client.add('test.jpg')
    console.log(file)

    } catch (error) {
      console.log(error)
    }

}
main();

Aleksandr_Khaustov · August 10, 2022, 8:22pm

it turned out that the client stopped working from the browser, if you replace (via devtools) the user agent in the browser with an “-” or any other symbol, then everything works again as before

Marco_mand · August 10, 2022, 8:35pm

It does not work from the clients browsers (User-agent)

traian.vila · August 10, 2022, 9:21pm

It looks like this is coming from here https://github.com/ipfs/kubo/issues/8539
Incidentally there was go-ipfs update today that enabled the user-agent blocker. You’ll have to pass also the Origin header as explained above.

jath · August 10, 2022, 9:51pm

Do we have to set up a backend gateway? I have been yet to figure out a way to use it on browser and I would really like to continue using it on browser