Available on: Pro and Max plans Who can manage: Owners and Admins only
Creating an API Key
- Go to API Settings in the sidebar
- Click Create API Key
- Give your key a descriptive name (e.g., “Production Server”, “Development Testing”)
- Copy the key immediately—you won’t be able to see it again
Naming Best Practices
Use clear names that identify where and how the key is used:
| Good | Bad |
|---|---|
| Production-WebApp | Key 1 |
| Dev-Testing | Test |
| Mobile-iOS-App | API |
| Zapier-Integration | Key |
Storing Your API Key Securely
Never commit API keys to source control or share them publicly.
Secure storage options:
- Environment variables in your application
- Secret management services (AWS Secrets Manager, HashiCorp Vault, etc.)
- Encrypted configuration files
Viewing Your API Keys
The API Keys page shows all your keys with:
- Name: The name you assigned
- Key Prefix: First few characters (e.g.,
qr_live_a1b2...) - Created: When the key was created
- Last Used: When the key was last used for an API call
- Status: Active or Inactive
Note: You can only see the prefix, not the full key.
Monitoring Usage
The API page displays your current usage:
- API Calls: Used / Monthly limit
- Image Generation Credits: Used / Monthly limit
Limits refresh at the end of each month.
Learn more about API calls and image generation credits.
Pausing an API Key
If you need to temporarily disable a key:
- Find the key in your list
- Click the pause icon
- The key will stop working until you re-enable it
This is useful when you need to temporarily disable access without permanently revoking the key.
Revoking an API Key
If a key is compromised or no longer needed:
- Find the key in your list
- Click the trash icon
- Confirm the revocation
After revocation:
- The key stops working immediately
- Applications using it will receive
401 Unauthorizederrors - The action cannot be undone—create a new key if needed
If a Key is Compromised
- Revoke immediately — Don’t wait
- Create a new key — Get a replacement
- Update applications — Deploy the new key
- Review activity — Check for unauthorized usage in your QR code list
Best Practices
- One key per application: Don’t share keys across different apps
- Rotate regularly: Create new keys periodically and retire old ones
- Monitor “Last Used”: Revoke keys that haven’t been used in months
- Limit access: Only share keys with team members who need them
Troubleshooting
”Unauthorized” errors
- Verify the API key is correct (no extra spaces)
- Check the key hasn’t been revoked
- Ensure you’re using
Bearerprefix:Authorization: Bearer qr_live_...
Forgot or lost API key
- You cannot retrieve a key after creation
- Revoke the old key and create a new one
- Update your applications with the new key
API Key Format
SnapGlyph API keys follow this format:
qr_live_[32 random characters]qr_= QR key prefixlive_= Production environment