Storage·Multi-chain
Pinata
Managed IPFS pinning service plus dedicated edge gateways. Industry standard for NFT metadata and Web3 file hosting. Use the modern `pinata-web3` SDK (the legacy `@pinata/sdk` is superseded).
- 01NFT image and metadata pinning
- 02dedicated low-latency IPFS gateways
- 03presigned client-side uploads
- 04private/gated content via signed URLs
- 05production-grade IPFS without running infra
- pnpm add pinata-web3
| Variable | Scope | Description |
|---|---|---|
| PINATA_JWT | Server | Pinata API JWT (from Keys dashboard). Server-side only — never ship to the browser. |
| NEXT_PUBLIC_PINATA_GATEWAY | Client | Your dedicated Pinata gateway domain (e.g. `your-name.mypinata.cloud`). Public by design. |
Use `pinata-web3`. Initialize on the server with `const pinata = new PinataSDK({ pinataJwt: process.env.PINATA_JWT, pinataGateway: process.env.NEXT_PUBLIC_PINATA_GATEWAY })`. Upload via `pinata.upload.file(file)` or `.json(obj)` and persist the returned `IpfsHash` (CID). For client-side uploads, generate a one-time presigned upload URL on the server with `pinata.upload.createSignedURL({ expires })` and POST the file to it from the browser — never expose the JWT to the client. Read content through your dedicated gateway (`https://${gateway}/ipfs/{cid}`) for low latency and access control; use `pinata.gateways.createSignedURL` to gate private files. Store the bare CID in your DB, not the gateway URL.
- ⚑`PINATA_JWT` is full-power — never put it in `NEXT_PUBLIC_*` or ship to the client. Use presigned upload URLs for browser uploads.
- ⚑The legacy `@pinata/sdk` (CommonJS) is deprecated; the package readme redirects to `pinata-web3`. Don't paste old tutorial code that imports `@pinata/sdk`.
- ⚑Free tier has strict bandwidth and storage caps — gateway egress (not just pinned size) is metered and an NFT collection going viral can blow through it overnight.
- ⚑Dedicated gateways are publicly readable by default — for gated content you must use signed URLs (`createSignedURL`) and rotate the gateway access key when leaked.
- ⚑Pinning a CID does not make it private — anyone who knows the CID can fetch it from any IPFS gateway. Encrypt before upload if confidentiality matters.
- ⚑Files unpinned from Pinata are NOT immediately deleted from IPFS but become eligible for GC by other nodes — treat unpin as 'no longer guaranteed available'.