Skip to main content

Overview

QrX offers two tiers of access: Public (unauthenticated) and Authenticated (with API key). Authentication is optional but recommended for production use.

Rate Limits

No API Key Required

Perfect for testing and low-volume use cases.
  • Rate Limit: 10 requests per minute
  • Authentication: None required
  • Use Cases: Testing, prototyping, personal projects
curl "https://qrgen.maybesurya.live/api/qrgen?data=test"

Getting Your API Key

Follow these steps to obtain your API key:
1

Access Dashboard

Navigate to the QrX Dashboard
2

Sign In

Create an account or sign in if you already have one
3

Generate Key

Your API key will be displayed on the dashboard. Copy it to a secure location.
4

Test Your Key

Make a test request to verify your API key works correctly
Keep your API key secure!
  • Don’t commit API keys to version control
  • Don’t share API keys publicly
  • Use environment variables to store keys
  • Rotate keys if they’re compromised

Authentication Methods

QrX supports two methods for providing your API key:

Method 1: Query Parameter

Include the API key as a query parameter in the URL: 
curl "https://qrgen.maybesurya.live/api/qrgen?data=Hello&apiKey=sk_YOUR_API_KEY"
Pros:
  • Simple to implement
  • Works everywhere
Cons:
  • API key may appear in logs
  • Visible in browser history
Include the API key in the x-api-key header: 
curl "https://qrgen.maybesurya.live/api/qrgen?data=Hello" \
  -H "x-api-key: sk_YOUR_API_KEY"
Pros:
  • ✅ More secure
  • ✅ Doesn’t appear in URLs
  • ✅ Not logged by many servers
  • ✅ Industry best practice
Cons:
  • Slightly more complex to implement
We strongly recommend using the header method for production applications to keep your API key secure.

Code Examples

JavaScript/Fetch

const apiKey = process.env.QRX_API_KEY; // Store in environment variable

fetch('https://qrgen.maybesurya.live/api/qrgen?data=Hello', {
  headers: {
    'x-api-key': apiKey
  }
})
  .then(response => response.blob())
  .then(blob => {
    // Handle the QR code image
    const imgUrl = URL.createObjectURL(blob);
    console.log('QR Code URL:', imgUrl);
  });

Python

import os
import requests

api_key = os.environ.get('QRX_API_KEY')  # Store in environment variable

response = requests.get(
    'https://qrgen.maybesurya.live/api/qrgen',
    params={'data': 'Hello'},
    headers={'x-api-key': api_key}
)

if response.status_code == 200:
    with open('qr.png', 'wb') as f:
        f.write(response.content)

Node.js (Axios)

const axios = require('axios');
const fs = require('fs');

const apiKey = process.env.QRX_API_KEY;

axios({
  url: 'https://qrgen.maybesurya.live/api/qrgen',
  method: 'GET',
  params: { data: 'Hello' },
  headers: { 'x-api-key': apiKey },
  responseType: 'stream'
})
  .then(response => {
    response.data.pipe(fs.createWriteStream('qr.png'));
  });

Rate Limit Responses

When you exceed the rate limit, you’ll receive: HTTP Status: 429 Too Many Requests Response: Error message indicating rate limit exceeded 
{
  "error": "Rate limit exceeded. Please try again later."
}
Rate limits reset on a rolling window basis. Wait a minute and try again, or upgrade to an authenticated tier for higher limits.

Best Practices

Secure StorageStore API keys in environment variables, never in code.

Key RotationRotate keys periodically and if they’re compromised.

Monitor UsageTrack your API usage through the dashboard.

Use HeadersPrefer header authentication over query parameters.

Next Steps

API Endpoint Reference

Learn about the QR generation endpoint

Code Examples

View complete examples in multiple languages