Guides
Authentication
Scope keys, rotate secrets, and authorize end users.
Quanta supports two kinds of credentials: server keys with full access, and short-lived client tokens scoped to a single user.
Minting a client token
ts
const token = await quanta.auth.mint({
user: user.id,
scopes: ["notes:read", "notes:write"],
ttl: "15m",
});Never ship a server key to the browser. Mint a scoped client token on your server instead.