Web3 talks a lot about user ownership, decentralization, and privacy But most apps still rely on API keys, centralized auth servers, and custodial recovery systems. Storacha + UCAN changes that completely.Storacha
UCAN lets you delegate permissions instead of accounts. Storacha uses this to build passwordless, non-custodial, user-owned storage.
- No API keys.
- No centralized auth server.
- No platform lock-in.
Storacha is decentralized storage, but a hot new take. Storacha transforms web3.storage into a community-driven, decentralized hot storage network.
Storacha Key Concepts (Simple Definitions)
1. Spaces: Your Storage = Your Identity
In Storacha, your storage lives inside a Space.
- A Space is identified by a DID (Decentralized Identifier)
- It represents your namespace
- Files, blobs, and data belong to this Space—not an app
Think of it like this:
Google Drive account → Centralized identity
Storacha Space → Cryptographic identity (DID)
You own it. You control who can access it.
2. Agents: Permission Holders (Not Accounts)
An Agent is a local session (browser, backend, CLI, mobile app) that holds delegated permissions.
- Agents do NOT own data
- They only act within delegated capabilities
- Permissions can expire or be revoked
Example agents:
- A frontend web app
- A backend service
- A user’s browser session
- A mobile app instance
3. Capabilities: Fine-Grained Permissions
UCAN doesn’t give “full access”.
Instead, it grants capabilities like:
- space/blob/add → upload blobs
- space/blob/read → read data
- filecoin/offer → make storage deals
- space/admin → manage space
Each delegation is:
- Scoped (what can be done)
- Optional time-limited
- Cryptographically verifiable
4. Delegation Chains: How Authority Flows
Permissions flow through delegation chains, not logins.
Example:
Space (DID)
↓ delegates
Backend Agent
↓ delegates
User
↓ delegates
Frontend App
Every step:
- Is signed
- Is verifiable
- Has a cryptographic audit trail
No central authority required.
Don’t miss to checkout Storacha Portfolio – All Project Implementations
This repository contains my complete Storacha learning journey with implementations for all projects.
The Magic Feature: Email Recovery for Storacha
This is where Storacha truly shines.
The Problem with Web3 Recovery
- Lose your key → lose your data
- Custodial recovery → breaks decentralization
Storacha’s Solution
Your Space delegates recovery permissions to your email using UCAN.
How it works:
- Your Space grants a delegation to your email identity
- You lose access (device lost, keys gone)
- You verify your email
- You reclaim delegated permissions
✅ No one holds your keys
✅ No centralized recovery service
✅ No custodian
Recovery is permission-based, not account-based.
Developer Superpowers with UCAN + Storacha
This system unlocks entirely new application architectures.
1. Users Own Their Data
Apps don’t own storage.
Users do.
Apps receive temporary, scoped access only.
2. Permission-Based App Design
You can delegate:
- Read-only access
- Upload-only access
- Admin access
- Time-limited access (expiring tokens)
No API key rotation.
No OAuth servers.
3. Multi-Tenant Apps Without Managing Storage
Instead of:
- Managing buckets
- Handling user uploads
- Running proxy servers
You simply:
- Delegate permissions
- Let users interact directly with storage
Real Example: Backend Delegating Upload Permissions
Traditional Web App Flow
User → Backend → Storage
Problems:
- Backend becomes a bottleneck
- API keys exposed
- High infra costs
UCAN + Storacha Flow (Better)
Backend
└─ delegates upload permission
↓
User uploads directly to YOUR Space
Benefits:
- No backend proxy
- No exposed API keys
- Users act with your permissions, safely scoped
Security Benefits of Storacha
1. No API Keys in the Frontend
- Users receive time-limited UCAN tokens
- Tokens are scoped to specific actions
- Even if leaked → limited damage
2. No Single Point of Failure
- Auth verification happens locally
- No centralized auth server to attack
- No OAuth outage risk
3. Cryptographic Audit Trail
Every permission:
- Who delegated it
- To whom
- For what
- For how long
All verifiable.
4. Fully Revocable Access
- Delegations can be invalidated
- Expiring tokens auto-revoke
- No need to rotate secrets
The Bigger Picture: Why is the Future
UCAN + Storacha is not just storage tech.
It enables:
1. Serverless Backends for Storacha
- Frontends talk directly to storage using delegated auth.
2. Data Portability
- Users can move data between apps without migration hell.
3. Privacy-First Architecture
- No central server tracking user behavior.
4. True Web3 UX
- Passwordless
- Non-custodial
- User-owned
Getting Started Today
You can experiment right now:
1. Generate a Space
- This creates your DID
2. Create an Agent
- Browser, backend, or CLI
3. Issue a UCAN Delegation
- Define permissions and expiry
4. Delegate to Users or Apps
- Upload-only
- Read-only
- Admin
5. Inspect the Delegation Chain
- See cryptographic proof of authority
All tools are already live.
Final Thought
UCAN replaces accounts with authority.
Storacha turns storage into infrastructure owned by users—not platforms.
If you care about:
- Decentralization
- Privacy
- Developer simplicity
- Future-proof app design
UCAN + Storacha is worth learning today—not later.
🌐 Storacha on Social
To stay up to date with the latest news and developments about Storacha and the upcoming airdrop, make sure to follow and subscribe.
