NiceQR.me Docs

API Key Authentication

Use an API key from Dashboard > API Keys in the X-Api-Key header.

Overview

NiceQR.me public API requests are authenticated with an API key sent in the X-Api-Key header.

In the product UI, these credentials are managed under Dashboard > API Keys.

This docs set intentionally does not expose user JWT flows such as register, login, Google login, refresh tokens, or dashboard-only endpoints.

Create API Key

API keys are created and managed from Dashboard > API Keys.

  • API Keys is a Business feature.
  • API key creation and management are not exposed as public REST endpoints.
  • The raw key is shown only once. Save it now because it will not be shown again.

Environment

In Dashboard > API Keys, the Environment field uses these values:

  • Live → keys start with nq_live_...
  • Test → keys start with nq_test_...

Request Header

X-Api-Key: nq_live_your_api_key

Permissions

For the currently documented public endpoint, enable the Generate QR Code permission (qr:generate) in Dashboard > API Keys.

Key Status

In Dashboard > API Keys, a key can appear as:

  • Active
  • Suspended
  • Revoked
  • Expired

The documented public route only works when the key is effectively active and the account still has an active Business plan.

If the key is valid but does not include the required permission, the request is intentionally hidden and returns 404 Not Found with an empty body.

Failure Behavior

For the API-key-protected public route, the backend intentionally returns 404 Not Found with an empty body when:

  • the X-Api-Key header is missing
  • the key is invalid
  • the key is revoked or expired
  • the key is suspended because the account no longer has an active Business plan
  • the key does not have the required permission

Treat that response as an authentication or authorization failure on the client side.

Example

curl -X POST https://api.niceqr.me/v1/qr/generate \
  -H "X-Api-Key: nq_live_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "data": "https://example.com",
    "bodyStyle": "square",
    "bodyBrush": { "type": "Solid", "color": "#000000" }
  }'

Security Notes

  • Never embed Live API keys in frontend or browser code.
  • Use API keys only for server-to-server integrations.
  • Revoke and replace leaked keys from the dashboard.

Introduction

NiceQR.me public API for programmatic access and server-to-server integrations with API Keys.

QR Generation

Generate custom QR codes with the public endpoint that uses API Keys.

On this page

OverviewCreate API KeyEnvironmentRequest HeaderPermissionsKey StatusFailure BehaviorExampleSecurity Notes