Access Control
Access Gating

Access Gating - Who can write?

How does it work?

Access Gating is a feature powered by Orbis Nodes. It allows you to limit who can write content to your Contexts.

Ceramic by itself is a public, trustless and decentralized data network, which means anyone can push content to it.
Orbis Nodes handle content indexing from Ceramic to simplify access and build social graphs.
They consider Access Gating rules when indexing content.

Currently, available rules include Token, Metadata, DID, POAP and Credentials gating.
These rules can be combined to create more complex gating logic.

We will be adding additional rules and logic as deemed necessary by the community and Orbis-powered use cases.

Available Rules

Token Gating (token)

Token Gating can be done based on ERC20, ERC721 and ERC1155 token standards and ownership.
NFTs allow metadata-specific property gating as well.

Supported chains

Token Gating requires a chain to be defined.
Available options are:

  • mainnet - Ethereum Mainnet
  • goerli - Ethereum Goerli Testnet
  • polygon - Polygon Mainnet
  • mumbai - Polygon Mumbai Testnet
  • arbitrum - Arbitrum Mainnet
  • optimism - Optimism Mainnet
  • gnosis - Gnosis Chain Mainnet


    "type": "token",
    "requiredToken": {
        "chain": "string",
        "symbol": "string",
        "address": "contractAddress",
        "decimals": "integer", // null for ERC721 and ERC1155
        "minBalance": "string",
        "token_id": "string", // token ID used to identify ERC1155 token type
        "contract_type": "erc20 || erc721 || erc1155",
        "attributes_required": [
                "key": "string",
                "value": "string"
        ] // ignored/leave empty for ERC20

DIDs (did)

Orbis Profiles are represented by unique DIDs.
You can use gate access to Contexts based on a set of DIDs.


    "type": "did",
    "authorizedUsers": [
            "did": "string"

Credentials (credential)

Orbis Credentials are Verifiable Credentials indexed by Orbis.
Orbis also generates Credentials automatically based on on-chain activity.

To find Credential identifiers to use with this rule, see Credentials List.


    "type": "credential",
    "requiredCredentials": [
            "identifier": "..." // See Credentials List

POAP (poap)

POAP (opens in a new tab) (Proof of Attendance Protocol) allows you to mint digital mementos to prove attendance and turn moments into collectibles.
Orbis allows you to gate access based on ownership of a POAP for an event (event_id).

Learn more about PAOPs at (opens in a new tab).


    "type": "poap",
    "requiredPoap": {
        "event_id": "number"


You can combine rules using operators.
The only operator available currently is the or.

This means at least one rule in a group needs to be satisfied to get access.


    "operator": "or"