Docs

API Reference

Programmatically create passes, validate scans, and manage templates. The PassQR API uses RESTful conventions and returns JSON responses.

Base URL

https://passqr.com/api/v1

Authentication

Bearer pqr_live_xxx

Rate Limits

60–120 req/min per IP

Authentication

All API requests require authentication via an API key. Include it in theAuthorizationheader:

http
Authorization: Bearer pqr_live_a1b2c3d4e5f6...

Getting an API Key

  1. Sign up at passqr.com/signup
  2. Upgrade to the Starter or Pro plan (API access required)
  3. Go to Settings → API Keys
  4. Click "New Key", give it a name, and copy the key

Keep your API key secret

Never expose your API key in client-side code, public repos, or browser requests. API keys are hashed in our database — we can't recover them if lost.

Quick Start

curl
# List passes
curl -X GET "https://passqr.com/api/v1/passes?page=1&limit=20" \
  -H "Authorization: Bearer pqr_live_your_api_key_here"

# Create a pass
curl -X POST "https://passqr.com/api/v1/passes" \
  -H "Authorization: Bearer pqr_live_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "template_id": "your-template-uuid",
    "holder_name": "Jane Smith",
    "holder_email": "jane@example.com",
    "max_uses": 1,
    "expires_at": "2025-12-31T23:59:59Z"
  }'

# Validate a pass
curl -X POST "https://passqr.com/api/v1/validate" \
  -H "Authorization: Bearer pqr_live_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"code": "PASS-ABC12345"}'

Endpoints

Passes

Templates

Validation

Response Format

All responses follow a consistent JSON structure:

json
// Success (single item)
{ "data": { ... } }

// Success (list with pagination)
{ "data": [ ... ], "meta": { "page": 1, "limit": 20, "total": 42 } }

// Error
{ "error": "Error type", "message": "Human-readable explanation" }

HTTP Status Codes

200Success
201Created
400Bad Request — invalid parameters
401Unauthorized — missing or invalid API key
403Forbidden — plan doesn't include API access
404Not Found
429Rate Limited — slow down
500Internal Server Error

Rate Limits

API requests are rate-limited per IP address to ensure fair usage:

EndpointLimitWindow
GET endpoints120 requests1 minute
POST/PATCH/DELETE60 requests1 minute
POST /validate60 requests1 minute

When rate-limited, you'll receive a 429 status with aRetry-After header indicating when to retry.

Ready to integrate?

Create an account, grab an API key, and start building in minutes.

Start FreeGet API Key