Developers
API & integrations reference
Everything you need to call the Business API, manage keys, and receive webhooks.
Authentication
The Business API authenticates every request with an API key. Send it in the X-Api-Key header, or as a Bearer token in the Authorization header.
Keys are prefixed with qrg_ and are shown only once at creation. Store them securely; you cannot retrieve a key again later.
Requests without a valid key return 401. Requests for a resource you do not own return 403.
Base URL
All Business API endpoints live under the /v1 prefix.
For example, list your QR codes at https://qr-global.com/api/v1/qr-codes.
- Resolved base URL
- https://qr-global.com
API keys
Create and revoke keys on the API keys page in your dashboard.
Each key belongs to your workspace and inherits your plan's rate limit.
Revoking a key takes effect immediately.
Examples
Copy-paste curl commands to get started. Replace YOUR_API_KEY with a key from the API keys page.
List QR codes
curl -sS -H "X-Api-Key: YOUR_API_KEY" -H "Accept: application/json" \ "https://qr-global.com/api/v1/qr-codes"
Create a QR code
Send the QR type and content; the server generates and stores the code.
curl -sS -X POST "https://qr-global.com/api/v1/qr-codes" \
-H "X-Api-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"type":"url","content":"https://example.com","display_name":"Example link"}'Render an image
Fetch a ready PNG or SVG file — pass ?format=png
curl -sS "https://qr-global.com/api/v1/qr-codes/123/image?format=png&size=512" \ -H "X-Api-Key: YOUR_API_KEY" -o qr.png # SVG (vector, no size limit on scale): curl -sS "https://qr-global.com/api/v1/qr-codes/123/image?format=svg" \ -H "X-Api-Key: YOUR_API_KEY" -o qr.svg
Sample webhook payload
{
"event": "qr.scan.created",
"timestamp": "2026-04-03T12:00:00+00:00",
"data": {
"scan_id": 42,
"qr_code_id": 7,
"scanned_at": "2026-04-03T12:00:00+00:00",
"ip_address": "203.0.113.10",
"device_type": "mobile"
}
}Webhooks
Webhooks push events to your endpoint as they happen, so you don't have to poll.
Configure endpoints on the Webhooks page in your dashboard.
Each delivery is signed and retried on failure with exponential backoff.
The scan event fires when someone scans one of your QR codes.
Inspect delivery attempts, payloads, and responses in the delivery log.
Return a 2xx status to acknowledge a delivery; any other status is treated as a failure.
Exports
Export your QR codes, scans, locations, and activity as CSV from the Exports page.
Exports use your dashboard session, not an API key — open them while signed in.
Tips & common errors
- 401 Unauthorized — the API key is missing or invalid. Check the X-Api-Key header.
- 403 Forbidden — the key is valid but the resource belongs to another workspace.
- Some features (like webhooks) depend on your plan. Upgrade if an endpoint returns a feature error.
- No webhook deliveries yet? Trigger a scan on one of your QR codes to generate one.
- Failed webhook deliveries retry automatically; you can also retry them manually from the delivery log.
- Team members act within your workspace; keys and data are scoped to the workspace owner.