Authentication

The Quality QR API uses API keys to authenticate requests. You can create and manage your API keys in your dashboard.

Getting an API Key

To get started with the API, you'll need to create an API key:

Go to your API Keys dashboard
Click "Create Key" and give it a descriptive name
Copy your API key immediately — it won't be shown again
Store it securely in your environment variables

Keep your API key secure

Never expose your API key in client-side code, public repositories, or share it publicly. If compromised, revoke it immediately and create a new one.

Using Your API Key

Include your API key in the Authorization header of every request:

Header

Authorization: Bearer qr_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Example Request

cURL

curl https://quality-qr.app/api/v1/qr \
  -H "Authorization: Bearer qr_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"type": "url", "content": "https://example.com"}'

JavaScript (fetch)

const response = await fetch('https://quality-qr.app/api/v1/qr', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer qr_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    type: 'url',
    content: 'https://example.com',
  }),
});

const data = await response.json();

Python (requests)

import requests

response = requests.post(
    'https://quality-qr.app/api/v1/qr',
    headers={
        'Authorization': 'Bearer qr_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
        'Content-Type': 'application/json',
    },
    json={
        'type': 'url',
        'content': 'https://example.com',
    }
)

data = response.json()

Authentication Errors

If authentication fails, you'll receive one of these error responses:

Status	Error	Description
401	missing_api_key	No Authorization header provided
401	invalid_api_key	The API key is invalid or has been revoked
401	expired_api_key	The API key has expired

Best Practices

Use environment variables

Store your API key in environment variables, never in code.

Use separate keys for dev and production

Create different API keys for development and production environments.

Rotate keys regularly

Periodically create new keys and revoke old ones as a security measure.

Never expose keys in client-side code

API calls should be made from your server, not from browsers or mobile apps.

← API Overview QR Codes Endpoint →