API Documentation

The FlexQR REST API allows you to create, update, and retrieve QR codes programmatically. All requests require authentication via an API key.

Authentication

Generate an API key in Settings → API Keys. Include it in every request via the Authorization header:

Authorization: Bearer YOUR_API_KEY

Base URL

https://your-domain.com/api

Endpoints

GET

/api/qr

List all QR codes for the authenticated user.

Example Request

fetch('https://your-domain.com/api/qr', { headers: { 'Authorization': 'Bearer YOUR_API_KEY' } }).then(r => r.json())

Response

[ { "id": "abc123", "name": "My QR Code", "type": "dynamic", "destinationUrl": "https://example.com", "shortUrl": "https://your-domain.com/r/xyz", "createdAt": "2025-01-01T00:00:00.000Z" } ]

POST

/api/qr

Create a new QR code.

Request Body

{ "name": "string (required)", "destinationUrl": "string (required)", "type": "static | dynamic (default: static)", "fgColor": "#000000", "bgColor": "#ffffff", "errorCorrection": "L | M | Q | H (default: M)" }

Example Request

fetch('https://your-domain.com/api/qr', { method: 'POST', headers: { 'Authorization': 'Bearer YOUR_API_KEY', 'Content-Type': 'application/json' }, body: JSON.stringify({ name: 'My QR Code', destinationUrl: 'https://example.com', type: 'dynamic' }) }).then(r => r.json())

PUT

/api/qr/:id

Update an existing QR code's destination URL or styling.

fetch('https://your-domain.com/api/qr/abc123', { method: 'PUT', headers: { 'Authorization': 'Bearer YOUR_API_KEY', 'Content-Type': 'application/json' }, body: JSON.stringify({ destinationUrl: 'https://new-destination.com' }) }).then(r => r.json())

GET

/api/qr/:id/analytics

Get scan analytics summary for a QR code.

fetch('https://your-domain.com/api/qr/abc123/analytics', { headers: { 'Authorization': 'Bearer YOUR_API_KEY' } }).then(r => r.json()) // Response: // { // "totalScans": 142, // "uniqueScans": 98, // "deviceBreakdown": { "mobile": 80, "desktop": 50, "tablet": 12 } // }

Rate Limits

Plan	Requests / minute	Requests / day
Free	10	100
Pro	60	5,000
Business	200	20,000
Agency	500	100,000

Rate limit headers are included in every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.

Error Responses

All errors return JSON with an error field:

{ "error": "Unauthorized" }

Status	Meaning
400	Bad Request — invalid parameters
401	Unauthorized — missing or invalid API key
403	Forbidden — plan limit exceeded
404	Not Found
429	Too Many Requests — rate limit hit
500	Internal Server Error