Integrations allow you to extend the capabilities of CodeQR and seamlessly connect with third-party platforms and services. You can build your own integrations with CodeQR using our API.
  1. Read the documentation on how to create links or create QR Codes.
  2. Learn how to integrate CodeQR into your application.
  3. Reach out to us to feature your integration in the integrations marketplace.
In this guide, you will learn how to create and manage integrations on CodeQR, allowing you to incorporate CodeQR’s link attribution platform and QR Code management into your application. CodeQR supports OAuth 2.0 authentication, which is recommended if you build integrations extending CodeQR’s functionality. We recommend you use an OAuth client library to integrate the OAuth flow. You can find recommended libraries in a variety of programming languages here.

Set up OAuth 2.0

Here is a step-by-step guide on how to set up OAuth 2.0 authentication with CodeQR.
1

Create an OAuth2 application in CodeQR

  • Go to the OAuth Apps tab in your project.
  • Click on Create OAuth App.
  • Fill in the required fields to create an OAuth2 application.
2

Redirect users to authorization URL

When you want to authenticate a user, you need to redirect them to the CodeQR OAuth authorization URL.
GET https://app.codeqr.io/oauth/authorize
Parameters:
PropertyDescription
client_idThe client ID of your OAuth application.
redirect_uriThe URL to redirect the user to after they authorize the application.
response_typeExpected response type. It should be code.
scopeA space-separated list of scopes that you want to request access to.
stateThe state parameter to prevent against CSRF attacks.
An example URL would look like this:
GET https://app.codeqr.io/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code&scope=SOME_SCOPE&state=SOME_STATE
OAuth consent screen
3

Exchange code for an access token

The code parameter is returned in the query string when the user is redirected back to your application. You can exchange this code for an access token by making a POST request to the CodeQR OAuth token URL.
POST https://api.codeqr.io/oauth/token
The Content-Type header should be set to application/x-www-form-urlencoded.
Parameters:
PropertyDescription
codeThe code you received when the user was redirected back to your application.
client_idThe client ID of your OAuth application.
client_secretThe client secret of your OAuth application.
redirect_uriThe same redirect URI you used in the authorization URL.
grant_typeThe grant type. It should be authorization_code.
Response:After a successful request, you will receive a JSON response with the access token.
{
  "access_token": "codeqr_access_token_ae8ebf6f97e6200d886ef48a5...",
  "refresh_token": "7f5acfbe14bca0a20fe6e430ddb7bb494eed160bd...",
  "token_type": "Bearer",
  "expires_in": 7200,
  "scope": "projects.read,projects.write,links.read,links.write,qrcodes.read,qrcodes.write,pages.read,pages.write,tags.read,tags.write"
}
We recommend using the PKCE flow for native desktop or mobile applications or single-page apps (SPAs) where the client_secret cannot be hidden.
4

Make an API request with the access token

Once you have obtained a valid access token, you can use it to make requests to the CodeQR API.Here is an example of how you can create a QR Code by passing the access token in the header: Authorization: Bearer <ACCESS_TOKEN>
curl --request POST \
  --url https://api.codeqr.io/qrcodes \
  --header 'Authorization: Bearer <ACCESS_TOKEN>' \
  --header 'Content-Type: application/json' \
  --data '{"url": "https://example.com"}'
5

Refresh the access token

CodeQR access tokens are short-lived, depending on the expires_in value (the default value is 7,200 seconds, or 2 hours). CodeQR will respond with 401 Unauthorized if you try to use an expired access token.To refresh the access token, you need to make a POST request to the CodeQR OAuth token URL with the refresh_token you obtained when exchanging the code for an access_token.
POST https://api.codeqr.io/oauth/token
The Content-Type header should be set to application/x-www-form-urlencoded.
Parameters:
PropertyDescription
client_idThe client ID of your OAuth application.
client_secretThe client secret of your OAuth application.
grant_typeThe grant type. It should be refresh_token.
refresh_tokenThe refresh token you received when exchanging the code for an access token.
Response:After a successful request, you will receive a JSON response with the new access token.
{
  "access_token": "codeqr_access_token_ae8ebf6f97e6200d886ef48a5...",
  "refresh_token": "7f5acfbe14bca0a20fe6e430ddb7bb494eed160bd...",
  "token_type": "Bearer",
  "expires_in": 7200,
  "scope": "projects.read,projects.write,links.read,links.write,qrcodes.read,qrcodes.write,pages.read,pages.write,tags.read,tags.write"
}
This will invalidate the old access token and refresh token.

Scopes

You can request access to specific scopes when redirecting users to the CodeQR OAuth authorization URL. Scopes are permissions that the user needs to grant to your application. CodeQR supports the following scopes for OAuth 2.0:
ScopeDescription
project.readRead access to project.
project.writeWrite access to project.
links.readRead access to links.
links.writeWrite access to links.
qrcodes.readRead access to QR Codes.
qrcodes.writeWrite access to QR Codes.
tags.readRead access to tags.
tags.writeWrite access to tags.
pages.readRead access to pages.
pages.writeWrite access to pages.
analytics.readRead access to analytics.
domains.readRead access to domains.
domains.writeWrite access to domains.
user.readRead access to user information. This scope is included by default.
CodeQR also supports API key authentication; however, it is not recommended for building integrations. It should only be used for internal integrations or personal projects that do not require user consent. Learn more about API Keys.