API Documentation
Authentication

API Authentication

All API requests require authentication using an API key. This guide explains how to create, manage, and use API keys securely.

Getting an API Key

To get an API key, you need to have an iloveQR account and be part of an organization.

1

Log in to your account

Sign in or create an account if you don't have one.

2

Navigate to the Developers page

Go to Dashboard → Developers to manage your API keys.

3

Create a new API key

Click "Create API Key", give it a descriptive name, and securely store the generated key.

Using Your API Key

Include your API key in the X-API-Key header with every request:

Request Header
curl -X GET \
  https://i-love-qr-production-645dbff8d2fe.herokuapp.com/api/v1/organizations/YOUR_ORG_ID/qr-codes \
  -H "X-API-Key: ilqr_your_api_key_here" \
  -H "Content-Type: application/json"

Organization ID

Most API endpoints require an organization ID in the URL path. You can find your organization ID in the dashboard settings or by making a request to the organizations endpoint.

Get Your Organizations
curl -X GET \
  https://i-love-qr-production-645dbff8d2fe.herokuapp.com/api/v1/users/me/organizations \
  -H "X-API-Key: ilqr_your_api_key_here"
Response
{
  "organizations": [
    {
      "id": "org_abc123",
      "name": "My Company",
      "slug": "my-company",
      "role": "ADMIN"
    }
  ]
}

Security Best Practices

Never expose API keys in client-side code

Always make API calls from your server. Never include API keys in JavaScript that runs in the browser, mobile apps, or any code that can be viewed by users.

Use environment variables

Store your API keys in environment variables, not in your codebase. This prevents accidental exposure through version control.

Rotate keys regularly

Create new API keys periodically and revoke old ones. If you suspect a key has been compromised, revoke it immediately.

Authentication Errors

When authentication fails, the API returns one of these error responses:

Status CodeErrorDescription
401
UNAUTHORIZEDMissing or invalid API key
403
FORBIDDENAPI key doesn't have permission for this action
403
API_KEY_REVOKEDThe API key has been revoked
Example Error Response
{
  "statusCode": 401,
  "message": "Invalid or missing API key",
  "error": "Unauthorized"
}

Next Steps

Now that you understand authentication, learn how to use the API: