<QirtaasRenderer> instead of the editor. The renderer’s auth is
per read, and which credential you use depends on who is reading:
| Reader | Auth | Covered in |
|---|---|---|
| The document’s author | getToken (same embed token as the editor) | this tutorial |
| Anyone with the link | shareToken | this tutorial |
| Another signed-in user, gated by your ACL | getSignature | Access control |
1. Frontend — the read view
Mount<QirtaasRenderer> with the same getToken the editor uses. An embed
token authorizes reads of that identity’s own documents, so this works for
the author viewing any note from their listDocuments() list:
src/ReadNote.tsx
2. Frontend — switch between reading and editing
A common pattern is a read view with an “Edit” button for the owner. Because read and edit are different mounts, just swap components:3. Public reads with a share token
A document explicitly shared by its author carries an opaque share token that resolves it publicly — no key, no signature, no login. If your app stores a note’s share token, a public page is one prop:src/SharedNote.tsx
Where you are
Authors can read their own notes cleanly and share individual documents with the world — still on a single backend endpoint. The remaining case — other signed-in users reading a document when your app decides who’s allowed — needs neither of these credentials, and it’s where your backend re-enters the picture:Access control with signatures
Gate cross-user reads behind your own ACL with per-document HMAC signatures.
