Ceramic image fails to start: request to https://cas.3boxlabs.com... Unauthorized

I’ve been building out a node following Running in the Cloud | ComposeDB on Ceramic. Registered DID as per Access Ceramic Mainnet | ComposeDB on Ceramic

However, the image fails to start with:

Error: HTTP request to ‘https://cas.3boxlabs.com/api/v0/service-info/supported_chains’ failed with status ‘Unauthorized’: {“message”:“Unauthorized”}

Full daemon thingy here:

  "anchor": {
    "ethereum-rpc-url": "https://mainnet.infura.io/v3/<stuff>"
  "http-api": {
    "cors-allowed-origins": [
    "admin-dids": [
  "ipfs": {
    "mode": "remote",
    "host": ""
  "logger": {
    "log-level": 2,
    "log-to-files": true
  "network": {
    "name": "mainnet"
  "node": {},
  "state-store": {
    "mode": "fs",
    "local-directory": "/root/.ceramic/statestore"
  "indexing": {
    "db": "postgres://postgres:<last-stuff>@",
    "allow-queries-before-historical-sync": true,
    "disable-composedb": false,
    "enable-historical-sync": false

Hey @FrozenKiwi. Did you complete the email authentication? Especially in this step, did you see the corresponding response Running in the Cloud | ComposeDB on Ceramic?

Is this the curl command you mean?

~/ceramic$ curl --request POST \
>   --url https://cas.3boxlabs.com/api/v0/auth/did \
>   --header 'Content-Type: application/json' \
>   --data '{<guid>",
      "dids": [
          "did:key:<KEY>>     "email": "<myemail>",
>       "otp": "<OTP>",
>       "dids": [
>           "did:key:<DID>"
>       ]
>   }'

I sent that last night, but didn’t get a response in my email. Looking at that call now it kinda looks like the guid right after the data seems like malformed JSON (it looks like that in the console output)? Should I retry this step?

Also, I explicitly set the admin DID (can’t find the docs that suggested that) - I don’t really need to do that, should I try without that set?

You will also need this in your daemon config

"anchor": {
    "auth-method": "did"
"node": {
    "private-seed-url": "inplace:ed25519#private_seed_copied_from_above"
1 Like

Yup, that got it all running - always a risk leaving the tutorial-trail before everything is working.

Last question: Do I need to leave the admin seed in the daemon.config? I generally try not to have sensitive info copied around too many places, and the deployment step runs on another machine (and that will need the private seed too, right?).

You can pass private-seed-url from the environment using CERAMIC_NODE_PRIVATE_SEED_URL. I think admin-dids can only be set by config file though.

1 Like