Overview QrX offers two tiers of access: Public (unauthenticated) and Authenticated (with API key). Authentication is optional but recommended for production use.
Rate Limits Public Access
Authenticated Access
No API Key Required Perfect for testing and low-volume use cases.
Rate Limit : 10 requests per minuteAuthentication : None requiredUse Cases : Testing, prototyping, personal projects curl "https://qrgen.maybesurya.live/api/qrgen?data=test"
With API Key Recommended for production applications.
Rate Limit : 100 requests per minuteAuthentication : API key requiredUse Cases : Production apps, high-volume generation curl "https://qrgen.maybesurya.live/api/qrgen?data=test&apiKey=sk_..."
Getting Your API Key Follow these steps to obtain your API key:
Sign In
Create an account or sign in if you already have one
Generate Key
Your API key will be displayed on the dashboard. Copy it to a secure location.
Test Your Key
Make a test request to verify your API key works correctly
Keep your API key secure!
Don’t commit API keys to version control
Don’t share API keys publicly
Use environment variables to store keys
Rotate keys if they’re compromised
Authentication Methods QrX supports two methods for providing your API key:
Method 1: Query Parameter Include the API key as a query parameter in the URL:
curl "https://qrgen.maybesurya.live/api/qrgen?data=Hello&apiKey=sk_YOUR_API_KEY"
Pros:
Simple to implement
Works everywhere
Cons:
API key may appear in logs
Visible in browser history
Include the API key in the x-api-key header:
curl "https://qrgen.maybesurya.live/api/qrgen?data=Hello" \ -H "x-api-key: sk_YOUR_API_KEY"
Pros:
✅ More secure
✅ Doesn’t appear in URLs
✅ Not logged by many servers
✅ Industry best practice
Cons:
Slightly more complex to implement
We strongly recommend using the header method for production applications to keep your API key secure.
Code Examples JavaScript/Fetch const apiKey = process . env . QRX_API_KEY ; // Store in environment variable fetch ( 'https://qrgen.maybesurya.live/api/qrgen?data=Hello' , { headers: { 'x-api-key' : apiKey } }) . then ( response => response . blob ()) . then ( blob => { // Handle the QR code image const imgUrl = URL . createObjectURL ( blob ); console . log ( 'QR Code URL:' , imgUrl ); });
Python import os import requests api_key = os.environ.get( 'QRX_API_KEY' ) # Store in environment variable response = requests.get( 'https://qrgen.maybesurya.live/api/qrgen' , params = { 'data' : 'Hello' }, headers = { 'x-api-key' : api_key} ) if response.status_code == 200 : with open ( 'qr.png' , 'wb' ) as f: f.write(response.content)
Node.js (Axios) const axios = require ( 'axios' ); const fs = require ( 'fs' ); const apiKey = process . env . QRX_API_KEY ; axios ({ url: 'https://qrgen.maybesurya.live/api/qrgen' , method: 'GET' , params: { data: 'Hello' }, headers: { 'x-api-key' : apiKey }, responseType: 'stream' }) . then ( response => { response . data . pipe ( fs . createWriteStream ( 'qr.png' )); });
Rate Limit Responses When you exceed the rate limit, you’ll receive:
HTTP Status : 429 Too Many RequestsResponse : Error message indicating rate limit exceeded{ "error" : "Rate limit exceeded. Please try again later." }
Rate limits reset on a rolling window basis. Wait a minute and try again, or upgrade to an authenticated tier for higher limits.
Best Practices
Secure Storage Store API keys in environment variables, never in code.
Key Rotation Rotate keys periodically and if they’re compromised.
Monitor Usage Track your API usage through the dashboard.
Use Headers Prefer header authentication over query parameters.
Next Steps 
