QRLabPro
Get Started

API Authentication

Secure your API requests with bearer token authentication.

API Keys

All API requests require authentication via an API key. You can generate API keys from your account settings.

Key Types

Type Prefix Use Case
Live qrcp_live_ Production requests
Test qrcp_test_ Development and testing

Test keys work identically to live keys but do not affect your production data or count against plan limits.

Using Your API Key

Include your API key in the Authorization header of every request: 

Authorization: Bearer qrcp_live_xxxxxxxxxxxxxxxxxxxx

Example Request

curl https://api.qrcodepro.io/v1/qrcodes \
  -H "Authorization: Bearer qrcp_live_xxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json"

Security Best Practices

Keep Keys Secret

  • Never commit API keys to version control
  • Use environment variables in your code
  • Do not expose keys in client-side JavaScript

Using Environment Variables

# .env file (do not commit this!)
QRCODEPRO_API_KEY=qrcp_live_xxxxxxxxxxxxxxxxxxxx
// Node.js example
const apiKey = process.env.QRCODEPRO_API_KEY;

fetch('https://api.qrcodepro.io/v1/qrcodes', {
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  }
});

Rotate Keys Regularly

We recommend rotating your API keys periodically:

  1. Generate a new key in your settings
  2. Update your application to use the new key
  3. Verify everything works
  4. Revoke the old key

Revoking Compromised Keys

If you suspect a key has been compromised:

  1. Immediately revoke the key in your API settings
  2. Generate a new key
  3. Update your applications
  4. Review your audit logs for unauthorized access

Rate Limits

API requests are rate-limited to ensure fair usage:

Plan Rate Limit
Pro 100 requests/minute
Enterprise 1,000 requests/minute

Rate Limit Headers

Every response includes rate limit information: 

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1699574400

When Rate Limited

If you exceed the rate limit, you will receive a 429 Too Many Requests response: 

{
  "error": {
    "code": "rate_limit_exceeded",
    "message": "Rate limit exceeded. Please retry after 60 seconds."
  }
}

Authentication Errors

401 Unauthorized

Missing or invalid API key:

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key"
  }
}

403 Forbidden

Valid key but insufficient permissions:

{
  "error": {
    "code": "forbidden",
    "message": "API access requires an Enterprise plan"
  }
}

Need API Access?

API access is available on Enterprise plans. Contact sales to learn more.