Live API Demo

Test the QR Code API in real-time. Change parameters and see instant results.

Try URLs, WiFi configs, contact info, or plain text

Enter content to generate QR code

Developer docs

QR Code API

Generate PNG/SVG QR codes or decode existing graphics via HTTPS, no API key required. Every request stays on QRCodeCat infrastructure, making it easy to embed in scripts, nocode tools, and backend jobs.

No API key everUnlimited PNG/SVG99.97% uptimeGlobal edge
Generate EndpointReader Endpoint
28M+Requests served monthly
<180msMeasured p95 latency
0$ foreverPublic API tier

Generate QR instantly

Drop in a payload, pick PNG or SVG, and we return a production-ready asset with caching headers.

Open /api/qrcode

Decode existing graphics

Point us at a PNG/JPG or upload it directly—responses land in the goqr JSON schema.

Try /api/read-qr-code

Check live status

Monitor uptime, current deployments, and maintenance windows from our public status page.

View status dashboard

Talk to support

Need higher quotas or EU-only routing? Drop us a note and reference your X-Request-ID.

Email [email protected]

GET or POST

/api/qrcode

https://qrcodecat.com/api/qrcode

  • PNG/SVG output in one hop
  • Custom colors, margins, ECC levels
  • Optional download headers for browsers

GET or POST

/api/read-qr-code

https://qrcodecat.com/api/read-qr-code

  • Accepts remote URLs or uploads ≤1 MiB
  • Outputs JSON or XML payloads
  • No third-party processing or quotas

1.0 General notes

QRCodeCat runs a stateless HTTPS API with no sign-up or quotas. We log referrers/IPs for abuse detection but never persist QR payloads. Reach out if you plan to exceed 10k requests/day so we can allocate bandwidth accordingly.

For production usage, host the generated files on your CDN after the first call to minimize latency. All processing happens on our own infrastructure—there are zero calls to third-party QR services.

Quick start

Create QR (PNG)

curl "https://qrcodecat.com/api/qrcode?size=150x150&data=Hello+QRCodeCat" \
  --output hello.png

Read QR (JSON)

curl "https://qrcodecat.com/api/read-qr-code/?fileurl=https%3A%2F%2Fqrcodecat.com%2Fapi%2Fqrcode%3Fdata%3DHelloWorld"

Responses are cacheable for one hour. Invalid inputs return JSON/XML errors with HTTP 400.

Multi-language snippets

Drop these snippets directly into backend jobs, Zapier webhooks, or CI scripts. They mirror the same endpoints, so you can mix and match languages without touching API keys.

Python (requests)

Uploads Wi-Fi payloads and saves the PNG response locally with automatic retries.

import requests

payload = {
    "data": "WIFI:T:WPA;S:CatCafe;P:Coffee123;;",
    "size": "420",
    "format": "png"
}

response = requests.post("https://qrcodecat.com/api/qrcode", json=payload, timeout=10)
response.raise_for_status()

with open("wifi.png", "wb") as fh:
    fh.write(response.content)

Node.js (fetch)

Generates SVG output from an async job and logs the XML string.

import fetch from 'node-fetch';

async function run() {
  const res = await fetch('https://qrcodecat.com/api/qrcode', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      data: 'https://status.qrcodecat.com/api',
      format: 'svg',
      color: '0f172a',
    }),
  });

  if (!res.ok) {
    console.error('API error', await res.text());
    return;
  }

  const svg = await res.text();
  console.log(svg.substring(0, 120) + '...');
}

run();

PHP (cURL)

POSTs JSON with logos/colors applied and streams the binary response to disk.

<?php
$payload = json_encode([
    'data' => 'https://qrcodecat.com/qr-api',
    'color' => '111827',
    'bgcolor' => 'ffffff',
    'margin' => 2
]);

$ch = curl_init('https://qrcodecat.com/api/qrcode');
curl_setopt_array($ch, [
    CURLOPT_POST => true,
    CURLOPT_HTTPHEADER => ['Content-Type: application/json'],
    CURLOPT_POSTFIELDS => $payload,
    CURLOPT_RETURNTRANSFER => true,
]);
$image = curl_exec($ch);
curl_close($ch);

file_put_contents('landing.png', $image);
?>

Go (net/http)

Uses the reader endpoint to decode an existing QR stored on S3.

package main

import (
    "encoding/json"
    "fmt"
    "net/http"
)

type symbol struct {
    Data string `json:"data"`
}

type qrResponse struct {
    Symbol []symbol `json:"symbol"`
}

func main() {
    url := "https://qrcodecat.com/api/read-qr-code?fileurl=" +
        "https%3A%2F%2Fcdn.example.com%2Fqr.png"

    resp, err := http.Get(url)
    if err != nil {
        panic(err)
    }
    defer resp.Body.Close()

    var payload []qrResponse
    if err := json.NewDecoder(resp.Body).Decode(&payload); err != nil {
        panic(err)
    }

    fmt.Println(payload[0].Symbol[0].Data)
}

Java (HttpClient)

Streams an SVG from the generator endpoint and inspects HTTP headers.

import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;

public class Demo {
  public static void main(String[] args) throws Exception {
    var client = HttpClient.newHttpClient();
    var request = HttpRequest.newBuilder()
        .uri(URI.create("https://qrcodecat.com/api/qrcode"))
        .header("Content-Type", "application/json")
        .POST(HttpRequest.BodyPublishers.ofString("{"data":"Hello devs","format":"svg"}"))
        .build();

    var response = client.send(request, HttpResponse.BodyHandlers.ofString());
    System.out.println(response.headers().firstValue("content-type"));
    System.out.println(response.body());
  }
}

/api/qrcode

Accepts classic create-qr-code parameters over GET or POST so you can generate images from any HTTP client.

ParameterDefaultDescription
datarequired—Text/URL/payload you want encoded. URL-encode for GET requests.
size360Square size in px. Accepts 300 or 300x300, clamped 64–1200.
formatpngpng or svg image output.
eccMQR error correction level (L, M, Q, H).
margin4Quiet zone in px (0–32).
color#0f172aForeground color hex (FF3366, 0f0, etc.).
bgcolor#ffffffBackground color hex.
filenameqrcodecatUsed for download filenames when download=1.
downloadfalseSet to 1/true to add Content-Disposition headers.

POST example

curl -X POST https://qrcodecat.com/api/qrcode \
  -H 'Content-Type: application/json' \
  -d '{
    "data": "WIFI:T:WPA;S:CatCafe;P:Coffee123;H:false;;",
    "format": "svg",
    "color": "ff3366"
  }' \
  --output wifi.svg

/api/read-qr-code

Decodes uploaded or remote images to JSON/XML so downstream systems can extract the embedded text.

ParameterDefaultDescription
fileurlrequired—URL-encoded HTTP/HTTPS link to PNG, JPG, or GIF ≤1 MiB. Ignored when uploading file.
file—Multipart/form-data upload field (POST only) containing the QR image ≤1 MiB.
outputformatjsonjson or xml to match the response schema documented below.

Upload example

curl -X POST https://qrcodecat.com/api/read-qr-code/ \
  -F "file=@./qr.png" \
  -F "outputformat=xml"

JSON response matches goqr\'s structure: [{ "type": "qrcode", "symbol": [{"seq":0,"data":"...","error":null}] }]. XML requests wrap the payload in<barcodes> and place decoded text inside CDATA blocks.

Error codes & troubleshooting

Every response includes an X-Request-ID header to speed up debugging. When errors surface, cross-check the HTTP status below and keep a short retry/backoff policy in place for transient 5xx events.

StatusTriggerResolution
400 Bad RequestMissing data/fileurl, malformed hex colors, or unsupported formatValidate the payload locally and ensure data is URL-encoded or POSTed as UTF-8 JSON.
401 UnauthorizedOnly returned if the request is routed through an allow-listed partner proxy with expired credentials.Remove stale Authorization headers; the public API never requires an API key.
413 Payload Too LargeUploads above 1 MiB or POST bodies exceeding 32 KiB for SVG.Compress the source image or host it remotely and pass fileurl so we fetch it server-side.
415 Unsupported Media TypeNon-JSON POST bodies or XML without proper Content-Type headers.Send application/json (for JSON) or multipart/form-data (for uploads).
429 Too Many RequestsBurst traffic above 50 requests/second from a single IP.Back off for 30 seconds or email [email protected] so we can allocate additional worker pods.
500 Internal Server ErrorUnexpected barcode libraries errors or timeouts fetching remote fileurl targets.Retry with exponential backoff; include the X-Request-ID header when contacting support.

Example 400 payload

{
  "error": {
    "code": 400,
    "message": "Missing data parameter",
    "hint": "Add data=Hello+World or POST a JSON body",
    "requestId": "3c7f7d18"
  }
}

Performance & limits

QRCodeCat runs on edge containers with regional failover. We publish live metrics on status.qrcodecat.com, but the table below lists the most common SRE checkpoints our customers ask about.

MetricValueNotes
P95 response time (NA/EU)< 180 msMeasured on generator endpoint with 360px PNG outputs.
Uptime (rolling 90d)99.97%Backed by dual-region workers with global DNS failover.
Cold-start penalty< 20 msWorkers stay warm through synthetic health checks every 60s.
Daily free throughput10k+ requestsSoft limit; reach out for higher sustained usage.
Max burst rate50 req/sec/IPContact us for dedicated rate pools if you exceed bursts.

3.0 Parameter reference

3.1 data parameter (mandatory)

Provide the text that should live inside the QR code. URL-encode content for GET requests or send it via POST to avoid encoding quirks. You can push a few thousand characters, but smaller payloads scan faster.

Best practice: Shorten URLs or move bulky metadata into landing pages so you can stay under ~900 characters for legacy scanners.

3.2 size parameter (optional)

Square dimensions in pixels (PNG/JPG) or logical units (SVG). Use 64–1200 for raster output; vector exports can scale infinitely.

Example: size=600x600

3.3 charset-source parameter (optional)

Assume UTF-8 for modern payloads. If you POST Latin-1 bytes, set charset-source=ISO-8859-1 so we decode the body correctly before re-encoding to UTF-8.

3.4 charset-target parameter (optional)

Controls how the data itself is encoded prior to QR rendering. We default to UTF-8. Switching to ISO-8859-1 mirrors old QR readers but limits character coverage.

3.5 ecc parameter (optional)

L, M, Q, or H. Higher redundancy preserves data when the code gets scuffed but increases pixel density.

Best practice: Use L for short-lived indoor prints, bump to Q/H if your code may suffer scratches or overlays.

3.6 color parameter (optional)

Accepts 3- or 6-character hex (with or without #). Keep it darker than the background so scanners maintain contrast.

3.7 bgcolor parameter (optional)

Same syntax as color. Default white. Aim for high contrast between color and bgcolor for reliable scans.

3.8 margin parameter (optional)

Pixel margin (0–32) around the QR. We add it inside the requested size so you retain the same outer dimension.

3.9 qzone parameter (optional)

Quiet zone expressed in modules. Equivalent to margin but in multiples of a QR pixel. Works best when set to 4 for print.

3.10 format parameter (optional)

Choose png or svg. PNG is ideal for web and quick shares; SVG remains infinitely scalable for print production.

Response schema & headers

Outputs intentionally mirror the classic goqr/zxing schema so your monitoring and parsing layers can be reused. Use the snippets below to verify status codes, headers, and payload structure in your integration tests.

Generator success (PNG body)

Binary responses arrive with cache headers so you can persist them to your own CDN.

HTTP/2 200 OK
Content-Type: image/png
Cache-Control: public, max-age=3600
X-Request-ID: 8d4c2e5a

...binary data...

Reader success (JSON)

Matches zxing/goqr conventions so downstream tooling can reuse the same parsing logic.

HTTP/2 200 OK
Content-Type: application/json; charset=utf-8
{
  "type": "qrcode",
  "symbol": [
    {
      "seq": 0,
      "data": "https://demo.qrcodecat.com",
      "error": null,
      "format": "UTF-8"
    }
  ]
}

Reader error (XML)

XML variants wrap payloads inside <barcodes>; CDATA ensures UTF-8 text stays intact.

HTTP/2 400 Bad Request
Content-Type: application/xml
<barcodes>
  <error code="400" request-id="8d4c2e5a">
    <![CDATA[ fileurl must be http(s) ]]>
  </error>
</barcodes>

Key response headers

HeaderBehavior
Content-Typeimage/png, image/svg+xml, application/json, or application/xml depending on endpoint.
Cache-Controlpublic, max-age=3600 for generator outputs to encourage CDN caching.
X-Request-IDUnique ID per request—include it when emailing support for traces.
X-Worker-RegionRegion code (iad, fra, sin) returned on enterprise plans for compliance logging.
Content-DispositionInjected when download=1 so browsers prompt to save the file.

Best practices

Integrations & workflows

Zapier: HubSpot form → personalized QR

  1. Trigger: "New Form Submission" in HubSpot (or any CRM). Pass the contact email/URL fields to Zapier.
  2. Add "Webhooks by Zapier" → POST request to https://qrcodecat.com/api/qrcode with JSON body containing data, color, and size.
  3. Toggle "Unflatten" so Zapier keeps nested JSON. Map CRM fields into the QR payload (UTM parameters, coupon codes, etc.).
  4. Add a Formatter step to Base64 encode the binary response when emailing attachments.
  5. Finish with Gmail/SendGrid to send the PNG or upload to Google Drive/Dropbox for long-term storage.

Pro tip: Prefer POST + JSON to avoid query-string limits when merging personalized text.

Make.com scenario: weekly batch generation

  1. Schedule: Cron module triggers every Monday at 08:00 in your timezone.
  2. Google Sheets module retrieves rows with status "needs_qr" and feeds each row into an Iterator.
  3. HTTP module performs POST https://qrcodecat.com/api/qrcode with JSON; map row-specific URLs, colors, and margin.
  4. Cloud storage module (S3, Azure Blob, GCS) stores the resulting binary stream; capture Content-Type for metadata.
  5. Update Sheets row to mark completion and write the public CDN URL back to the spreadsheet.

Pro tip: Enable error catching around the HTTP module so Make.com automatically retries transient 5xx responses.

Google Sheets Apps Script: inline function

  1. Open Extensions → Apps Script, then paste the helper below. It fetches PNG bytes and stores them in Drive.
  2. Use =GENERATE_QR(A2) inside Sheets to create a Drive file per row and return the public link.
  3. Set the destination folder ID at the top of the script so marketing teammates can browse assets later.
const FOLDER_ID = 'YOUR_DRIVE_FOLDER_ID';

function GENERATE_QR(value) {
  const url = 'https://qrcodecat.com/api/qrcode';
  const payload = {
    data: value,
    size: '360',
    format: 'png'
  };

  const response = UrlFetchApp.fetch(url, {
    method: 'post',
    contentType: 'application/json',
    payload: JSON.stringify(payload),
    muteHttpExceptions: true,
  });

  if (response.getResponseCode() !== 200) {
    throw new Error(response.getContentText());
  }

  const folder = DriveApp.getFolderById(FOLDER_ID);
  const file = folder.createFile(response.getBlob()).setName('qr-' + new Date().getTime() + '.png');
  file.setSharing(DriveApp.Access.ANYONE_WITH_LINK, DriveApp.Permission.VIEW);
  return file.getUrl();
}

Pro tip: Apps Script enforces a 6-minute runtime; batch operations should chunk rows (max 50) per invocation.

FAQs

Is there a request limit?

We do not throttle by default. If your automation expects more than 10k calls per day, send a quick note to [email protected] so we can provision bandwidth ahead of time.

Do you require API keys?

No. The generator and reader endpoints are open—just call them over HTTPS.

What formats can I embed?

PNG (<1200px) and SVG (vector). If you need PDF, run the PNG through your print workflow; the QR payload stays the same.

Can I call the API directly from the browser?

Yes—CORS is enabled for https://*.qrcodecat.com. For external domains, proxy through your backend to keep bandwidth predictable.

Do you log QR contents?

No. We inspect metadata (IP, referrer) strictly for abuse prevention. Payloads are processed in-memory and discarded immediately after the response is streamed back.

How do I host results on my CDN?

Make the first call to QRCodeCat, then persist the PNG/SVG in your storage bucket. Our cache headers allow you to re-serve the same asset without re-generating every time.

What about multi-QR decoding?

The reader endpoint returns the first valid symbol today. Multi-QR decoding is on our roadmap; for now, crop each code or call the endpoint per symbol.

Can I store data outside UTF-8?

Yes—use charset-source and charset-target parameters to map Latin-1 or Shift_JIS payloads into UTF-8 before rendering.

Is commercial usage allowed?

Absolutely. Agencies, SaaS tools, and enterprise teams embed this API in production. Drop us a note if you need DPAs or custom SLAs.

How do I report abuse or get support?

Email [email protected] with the X-Request-ID header. We answer most tickets within one business day.

Use cases this API unlocks

Marketing automation

Generate campaign-specific QR codes with UTM tags, drop them into HubSpot/Marketo assets, and source scans by channel without logging into another tool.

Manufacturing & logistics

Bake QR creation into ERP workflows to label parts, pallets, or on-prem kiosks. Pair with our decoder to verify inventory stickers after printing.

Wi-Fi & venue onboarding

Keep a simple POST /api/qrcode inside your property management scripts to refresh guest Wi-Fi posters every time passwords rotate.

Developer tooling

Add QR export buttons to CI dashboards, internal design systems, or CLI tools knowing the response structure mirrors well-known QR APIs.

Event ticketing & access control

Issue single-use QR codes for concerts or conferences, then validate entry by decoding the payload server-side to prevent forgery.

Customer success teams

Attach scannable troubleshooting trees to hardware shipments so field teams can access docs even when offline.

Education & nonprofits

Schools embed QR stickers on library books or lab equipment. Nonprofits print donation QR codes that update landing pages without reprinting.

E-commerce packaging

Print order-specific QR codes with loyalty URLs so unboxing experiences feel personalized and measurable.

Need more?

Browse our QR guides for print sizing advice, or explore task-based generators if you prefer a UI. When you are ready to embed everything, the API is waiting for you—no keys, no rate limits, just HTTPS requests.