How to control access to private ipfs api address

I’ve setup a private IPFS network, which comprised of few known nodes … API of each node are now publicly available and every one who know the API ip:port and the hash can remove files. i need that API to be available only for specified origin with API key … how can i restrict the access to API? i’ve set CROS origin in config file but still every origin in their browser can call it.

You might want to change the API multi address and expose it to localhost instead. Have a look at the configuration file, you should find Address.API to equal /ip4/0.0.0.0/tcp/5001, you need to change that.

Example:

  "Addresses": {
    "API": "/ip4/127.0.0.1/tcp/5001",
    [...]
  }