QQuantav2.4

Guides

Authentication

Scope keys, rotate secrets, and authorize end users.

Quanta supports two kinds of credentials: server keys with full access, and short-lived client tokens scoped to a single user.

Minting a client token

ts
const token = await quanta.auth.mint({
  user: user.id,
  scopes: ["notes:read", "notes:write"],
  ttl: "15m",
});

Never ship a server key to the browser. Mint a scoped client token on your server instead.