IPFS Authentication Error 403 - Forbidden

Been using the unauthenticated api until just recently just fine. Now the change to authenticated requested required me to authorize it. I input the details and now I am getting a 403 - Forbidden Error. No change to my API calls aside from adding the Authentication header

hi @philvms and welcome to Infura community.

We removed today the support for non-authenticated IPFS API requests and public non-authenticated IPFS gateway, please subscribe for updates here: Infura Status - Removal of IPFS un-authenticated API and non-authenticated Public IPFS gateway

Hi, here is my code ;
const projectId = “28…eR”;
const projectSecret = “4c…9”;
const auth = "Basic " + Buffer.from(projectId + “:” + projectSecret).toString(“base64”);
const client = create({
host: “.ipfs.infura-ipfs.io”,
port: 5001,
protocol: “https”,
apiPath: “ipfs”,
headers: {
authorization: auth,
},
});
I’m also trying to create a connection using ipfs-http-client. I’ve already enabled dedicated gateway option on Infura but still can’t upload any file . These are the errors that I get;
“403 (Forbidden)”
and
“Error while ipfs uploading: HTTPError: ipfs method not supported”
Need help.

1 Like

@Flaviu yes I have implemented the authorization as recommended.

I’m using ipfs-http-client. Authorization is good because I mistakenly did the wrong project id and got an error for that. I fixed it and now I get error 403

Hi everyone
I have the same problem (403 Forbidden)
const projectId = ‘xxxx’;
const projectSecret = ‘xxx’;
const auth =
'Basic ’ + Buffer.from(projectId + ‘:’ + projectSecret).toString(‘base64’);

const ipfs = ipfsClient({
host: ‘ipfs.infura.io’,
port: 5001,
protocol: ‘https’,
headers: {
Authorization: auth,
},
});

This is my configuration

mine is

export const INFURA_PROJECT_ID =
process.env.NEXT_PUBLIC_REACT_APP_IPFS_INFURA_PROJECT_ID;
export const INFURA_PROJECT_SECRET =
process.env.NEXT_PUBLIC_REACT_APP_IPFS_INFURA_PROJECT_SECRET;
const auth = Basic ${Buffer.from( ${INFURA_PROJECT_ID}:${INFURA_PROJECT_SECRET}, ).toString("base64")};

then later down I have

const ipfsClient = create({
    host: 'ipfs.infura.io,
    port: 5001,
    protocol: "https",
    headers: { Authentication: auth},
});

Thank you phil. Also, if someone solves the problem , would be awesome if you share with us.

1 Like

I have the same issue
I use authentication and ipfs-http-client
ipfs.add() worked yesterday, but today returns 403

1 Like

I’m getting the same “403 - Forbidden” error with code below:

const projectId = process.env.IPFS_PROVIDER_PROJECTID;
const projectSecret = process.env.IPFS_PROVIDER_PROJECTSECRET;

const auth = "Basic " + Buffer.from(projectId + “:” + projectSecret, “utf8”).toString(“base64”);
const client = ipfsHttpClient({
url: “https://ipfs.infura.io:5001/api/v0”,
headers: {
authorization: auth,
}
});

This code worked up until 12.00UTC today

If i’m using dedicated gateway subdomain with code below, I’m getting “blocked by CORS policy” error

const projectId = process.env.IPFS_PROVIDER_PROJECTID;
const projectSecret = process.env.IPFS_PROVIDER_PROJECTSECRET;

const auth = "Basic " + Buffer.from(projectId + “:” + projectSecret, “utf8”).toString(“base64”);
const client = ipfsHttpClient({
url: “my-gateway-subdomain/api/v0”,
headers: {
authorization: auth,
}
});

1 Like

using dedicated gateway subdomain seams to not work because of SSL: no alternative certificate subject name matches target host name ‘xxx.infura-ipfs.io
More details here: curl - SSL CA Certificates

The cert should include *.infura-ipfs.io as alternative name, and it doesn’t
instead its signed to be used by ipfs[.]prod[.]infura[.]org

Using curl, its seams I can get to use the gateway with the new Authentication header, but using http client no…
ipfs = window.IpfsHttpClient(…

So…

if you use

curl -X POST -F file=@favicon.gif -u “project:pass” “https://ipfs.infura.io:5001/api/v0/add” --insecure -A “Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0”
403 - Forbidden

but changing the User Agent to curl

curl -X POST -F file=@favicon.gif -u “project:pass” “https://ipfs.infura.io:5001/api/v0/add” --insecure -A “curl”
{“Name”:“favicon.gif”,“Hash”:“QmbFMke1KXqnYyBBWxB74N4c5SBnJMVAiMNRcGu6x1AwQH”,“Size”:“6”}

Basically… they are denying the use in the browser…

Do we have to start using a backend gateway to the infura gateway?

Is there any update on this I have a similar set up where I create the buffer string on backend and pass it to client configuration but getting a 403

Still nothing. It’s gonna be on infura side since we are all getting it now since the update

absolutely similar situation - 403 error, although before that it worked successfully for six months. strange that no reaction from the infura support team

Hey all,

I’m sorry for the trouble, one thing to clarify, the IPFS API access remains on https://ipfs.infura.io:5001/api/v0/, it’s just requiring to pass auth now.
So your clients should not be using the dedicated gw, it’s still:

host: 'ipfs.infura.io',
port: 5001,
protocol: 'https'

I’m testing right now /add and will get back.

Thanks,
Traian

Uploading via ipfs-http-client works on my end, posting below a sample script. I’ll look at the CORS issue next.

const ipfsClient = require("ipfs-http-client");

const projectId = '...'
const projectSecret = '...'

async function main() {

const auth = 'Basic ' + Buffer.from(projectId + ':' + projectSecret).toString('base64');

 const client = await ipfsClient.create({
    host: 'ipfs.infura.io',
    port: 5001,
    protocol: 'https',
    apiPath: '/api/v0',
    headers: {
      authorization: auth
    }
  })

try {
    const file = await client.add('test.jpg')
    console.log(file)

    } catch (error) {
      console.log(error)
    }

}
main();

it turned out that the client stopped working from the browser, if you replace (via devtools) the user agent in the browser with an “-” or any other symbol, then everything works again as before

2 Likes

It does not work from the clients browsers (User-agent)

1 Like

It looks like this is coming from here https://github.com/ipfs/kubo/issues/8539
Incidentally there was go-ipfs update today that enabled the user-agent blocker. You’ll have to pass also the Origin header as explained above.

Do we have to set up a backend gateway? I have been yet to figure out a way to use it on browser and I would really like to continue using it on browser