Authentication
qr3.app uses API keys (Bearer tokens) for authentication. No OAuth flows — just generate a key and use it immediately.
Create an API key
- Sign in at app.qr3.app
- Go to Settings → API Keys
- Click New Key
- Choose the desired scopes
- Copy the key — it is only shown once!
Key types
| Type | Prefix | Usage |
|---|
| Secret Key | qr3_sk_ | Server-side (API, backend) |
| Publishable Key | qr3_pk_ | Client-side (read-only access) |
| Test Key | qr3_test_sk_ | Development (own rate limits) |
Usage
Authorization: Bearer qr3_sk_your_key_here
cURL
curl https://qr3.app/v1/codes \
-H "Authorization: Bearer qr3_sk_your_key_here" \
-H "X-Workspace-Id: ws_your_workspace_id"
TypeScript SDK
import { QR3 } from "@qr3/sdk";
const client = new QR3({ apiKey: "qr3_sk_your_key_here" });
const codes = await client.codes.list();
CLI
export QR3_API_KEY=qr3_sk_your_key_here
Rate limits
| Plan | Requests/Minute | Response headers |
|---|
| Free | 30 | X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset |
| Pro | 120 | ← |
| Business | 300 | ← |
| Agency | 600 | ← |
On limit exceeded, the API returns HTTP 429:
"type": "https://docs.qr3.app/errors/rate-limited",
"title": "Too Many Requests",
"detail": "Rate limit of 30 requests/minute exceeded"
Scopes
| Scope | Description |
|---|
* | Full access |
codes:read | Read QR codes |
codes:write | Create and edit QR codes |
scans:read | Read scan analytics |
webhooks:write | Configure webhooks |
account:read | Read account information |
