seriousQR
Get Started

API Authentication

Secure your API requests with bearer token authentication.

API Keys

All API requests require authentication via an API key. You can generate API keys from your account settings.

Key Types

Type Prefix Use Case
Live sk_live_ Production requests
Test sk_test_ Development and testing

Test keys work identically to live keys but do not affect your production data or count against plan limits.

Using Your API Key

Include your API key in the Authorization header of every request: 

Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxxxxx

Example Request

curl https://api.seriousqr.com/v1/qrcodes \
  -H "Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json"

Security Best Practices

Keep Keys Secret

  • Never commit API keys to version control
  • Use environment variables in your code
  • Do not expose keys in client-side JavaScript

Using Environment Variables

# .env file (do not commit this!)
SERIOUSQR_API_KEY=sk_live_xxxxxxxxxxxxxxxxxxxx
// Node.js example
const apiKey = process.env.SERIOUSQR_API_KEY;

fetch('https://api.seriousqr.com/v1/qrcodes', {
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  }
});

Rotate Keys Regularly

We recommend rotating your API keys periodically:

  1. Generate a new key in your settings
  2. Update your application to use the new key
  3. Verify everything works
  4. Revoke the old key

Revoking Compromised Keys

If you suspect a key has been compromised:

  1. Immediately revoke the key in your API settings
  2. Generate a new key
  3. Update your applications
  4. Review your audit logs for unauthorized access

Rate Limits

API requests are rate-limited to ensure fair usage:

Plan Rate Limit
Free 10 requests/minute
Pro 60 requests/minute
Business 120 requests/minute
Enterprise 300 requests/minute

Rate Limit Headers

Every response includes rate limit information: 

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1699574400

When Rate Limited

If you exceed the rate limit, you will receive a 429 Too Many Requests response: 

{
  "error": {
    "code": "rate_limit_exceeded",
    "message": "Rate limit exceeded. Please retry after 60 seconds."
  }
}

Authentication Errors

401 Unauthorized

Missing or invalid API key:

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key"
  }
}

403 Forbidden

Valid key but insufficient permissions:

{
  "error": {
    "code": "forbidden",
    "message": "Insufficient permissions for this action"
  }
}

Get Started with the API

API access is included on every plan, including Free. View the developer guide or compare plan limits.