# Access Controls

When a dedicated IPFS gateway is configured to be private, an API token can also be generated and attached to the gateway. In this mode, the user or application must present the API token when making a request to successfully authorize the request.

### Creating an API token

1. Select a Dedicated IPFS Gateway from the **Gateways** page of your dashboard.
2. In the top right corner, select the orange **Authorization** button.
3. A modal will pop up. Here you can add, update, and remove API tokens.<br>

   <figure><img src="https://3861818989-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Lyjw7dWpiQtUFDa1pO0%2Fuploads%2FZFkEQBN29mYQCIpkrvcq%2Fimage.png?alt=media&#x26;token=84922c3c-1798-4b02-9bb4-72d6a28783f4" alt="" width="530"><figcaption></figcaption></figure>

### Using an API token <a href="#passing-api-tokens-query-string-or-header" id="passing-api-tokens-query-string-or-header"></a>

Filebase has made it convenient to pass API tokens when making HTTP requests to dedicated IPFS gateways. Users have two options for including the token:

* **Query String Parameter**: Users can append the `filebaseGatewayToken` query string parameter to the URL when making an HTTP request to the dedicated gateway. For example:

```javascript
https://gateway.myfilebase.com/ipfs/QmbWqxBEKC3P8tqsKc98xmWNzrzDtRLMiMPL8wBuTGsMnR?filebaseGatewayToken=your_token_here
```

* **Header**: Users can also include the `x-filebase-gateway-token` header in their HTTP request. The token should be set as the header value. For example:

```javascript
x-filebase-gateway-token: your_token_here
```