Authentication
All API requests must include your API key in the X-API-Key header.
Getting Your API Key
- Log in at qbar-scanner.com
- Navigate to Settings → Developer API
- Click Generate API Key
- Copy and securely store the key — it is shown only once
WARNING
Each account can have one active API key. To get a new key, delete the existing one first via the Settings page.
Using Your API Key
Include the X-API-Key header in every request:
bash
curl -H "X-API-Key: qbar_abc123..." \
https://api.qbar-scanner.com/api/v1/qrcodesjavascript
const response = await fetch('https://api.qbar-scanner.com/api/v1/qrcodes', {
headers: {
'Content-Type': 'application/json',
'X-API-Key': 'qbar_abc123...'
}
})API Key Format
API keys follow this format:
qbar_ + 43 random alphanumeric charactersExample: qbar_a1B2c3D4e5F6g7H8i9J0k1L2m3N4o5P6q7R8s9T0u1V
The key prefix (first 8 characters after qbar_) is stored and displayed in your settings for identification.
Security Best Practices
- Never expose your API key in client-side code (browser JavaScript, mobile apps)
- Store keys in environment variables or secret managers
- Use server-side code to make API calls
- Delete and regenerate your key immediately if compromised
- Monitor your usage stats in Settings to detect unauthorized use
Authentication Errors
| Status | Code | Description |
|---|---|---|
401 | UNAUTHORIZED | Missing or invalid API key |
429 | RATE_LIMITED | Too many requests — slow down |
json
{
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key. Include X-API-Key header."
},
"request_id": "550e8400-e29b-41d4-a716-446655440000"
}