Authentication
All endpoints use bearer tokens. Send Authorization: Bearer <api_key> on every request.
API keys are scoped to a workspace. Quotas: Pro 20k calls/month, Business 100k calls/month. Per-key rate limit: 10 req/s burst.
Developers
API & webhooks
Automate QR creation, updates, and analytics with signed API calls. Subscribe to real-time scan webhooks with HMAC signatures.
Base URL
/api/v1 on your deployed domain (e.g. https://qrcode.ing/api/v1).Endpoints
- POST
/qrs– create a QR (supports all QR types, smart routing, A/B variants). - PATCH
/qrs/:id– update destination, routing rules, or variants. - GET
/qrs– list QRs (pagination via?limit/?offset). - GET
/qrs/:id– fetch a single QR. - GET
/qrs/:id/scans– list scan events (analytics window respects your plan).
Payloads
Create/Update body:
{
"title": "Spring promo",
"status": "active",
"qrType": { "type": "url", "url": "https://example.com" },
"routingRules": [{ "kind": "device", "value": "ios", "target": "https://apps.apple.com/app" }],
"variants": [{ "label": "A", "url": "https://example.com/a", "weight": 70 }]
}Webhooks
Register endpoints from the dashboard. We fire qr_scan with geo/device/referrer data and the resolved destination. Webhook quotas: Pro up to 3 endpoints, Business up to 10.
Headers: X-QRCode-Event (qr_scan), X-QRCode-Timestamp, and HMAC signature X-QRCode-Signature computed with your secret over timestamp.body.
Retries: 3 attempts with backoff. Endpoints auto-disable after 5 consecutive failures.