API reference
Programmatic access to dynamic QR codes. Available on Business and Enterprise plans. Full markdown reference lives in the repo at docs/API.md.
Base URL
https://qrewire.com/api/v1
Authentication
Send your API key as a Bearer token. Create keys in Dashboard → Settings → API keys. The full key is shown once at creation.
Authorization: Bearer sk_…
Missing or invalid keys return 401. Free and Pro accounts without API access return 403.
Plan gate
| Plan | API access |
|---|---|
| Free | No |
| Pro | No |
| Business | Yes |
| Enterprise | Yes |
Rate limits
- 120 requests per minute per authenticated user.
- Over limit →
429with aRetry-Afterheader (seconds).
Known limitation: rate limiting is in-memory per process/isolate — not shared across Cloudflare Workers isolates or multiple app instances. It blunts naive bursts on a warm isolate but is not a hard distributed guarantee.
Errors
{ "error": "Human-readable message." }| Status | Meaning |
|---|---|
| 400 | Invalid JSON / body |
| 401 | Missing or invalid API key |
| 403 | Plan does not include API access |
| 404 | Code not found or not owned |
| 422 | Validation failed |
| 429 | Rate limit exceeded |
Endpoints
GET /api/v1/codes
List codes owned by the authenticated account.
POST /api/v1/codes
Create a dynamic code. Body requires type and destination; optional title and slug. Returns 201.
{
"type": "url",
"title": "Spring menu",
"destination": { "url": "https://example.com/menu" }
}GET /api/v1/codes/:id
Fetch one owned code.
PATCH /api/v1/codes/:id
Update optional title, destination, or status (active | paused | archived).
DELETE /api/v1/codes/:id
Delete an owned code.
GET /api/v1/codes/:id/scans
Recent scans for an owned code. Query: limit (default 50, max 200), offset (default 0). Does not return IP addresses.
{
"data": [
{
"scannedAt": "2026-07-12T18:00:00.000Z",
"country": "US",
"city": "Austin",
"deviceType": "mobile",
"os": "iOS",
"browser": "Safari",
"referrer": null
}
],
"pagination": { "total": 120, "limit": 50, "offset": 0 }
}GET /api/v1/codes/:id/stats
Aggregate stats. Query: days (1–90, default 30) for the overTime / byHour window. Includes total, unique (distinct hashed IPs), lastScan, byCountry, byDevice, byHour, and byReferrer.
Example
curl -s https://qrewire.com/api/v1/codes \ -H "Authorization: Bearer sk_your_key"