API Overview

The qr3.app REST API is available at https://qr3.app/v1/.

Versioning

The API is versioned via the URL path (/v1/). Breaking changes always introduce a new major version.

Request Format

Content-Type: application/json
Authentication: Authorization: Bearer qr3_sk_xxx
Idempotency: POST requests can be made idempotent with Idempotency-Key: <uuid>

Response Format

All successful responses return JSON:

{
  "id": "qr_abc123",
  "type": "url",
  "url": "https://example.com",
  "short_url": "https://qr3.app/r7f3Kx",
  "created_at": "2026-03-15T10:00:00.000Z"
}

List responses always include a meta.pagination structure:

{
  "data": [...],
  "meta": {
    "request_id": "req_xxx",
    "pagination": {
      "has_more": true,
      "next_cursor": "qr_abc",
      "total_count": 142
    }
  }
}

Error Format (RFC 7807)

All errors follow the RFC 7807 Problem Details standard:

{
  "type": "https://docs.qr3.app/errors/not-found",
  "title": "Not Found",
  "status": 404,
  "detail": "QR code qr_xxx not found",
  "instance": "/v1/codes/qr_xxx"
}

Status	Error type	Description
400	`bad-request`	Invalid JSON or missing required fields
401	`authentication`	Missing or invalid API key
403	`forbidden`	No permission for this resource
404	`not-found`	Resource not found
409	`conflict`	Idempotency key conflict
422	`validation`	Invalid input data (with `errors` array)
429	`rate-limited`	Rate limit exceeded
500	`internal`	Internal server error

Pagination

The API uses cursor-based pagination:

# First page
GET /v1/codes?limit=20

# Next page
GET /v1/codes?limit=20&cursor=qr_lastid

Rate Limits

Every response includes:

X-RateLimit-Limit: 30
X-RateLimit-Remaining: 28
X-RateLimit-Reset: 1742040120

Interactive API Reference

Test all endpoints directly in your browser:

→ Open API Reference (Scalar, interactive, with Try-it-out)