BarMake API Documentation

The BarMake REST API lets you programmatically create, manage, and track QR codes. Build QR code generation into your apps, automate bulk creation, and monitor scan analytics in real time.

Get Your API Key OpenAPI / Swagger

Authentication

All API requests require authentication via an API key. Include your API key in the x-api-key header with every request.

http

GET /api/v1/qr HTTP/1.1
Host: api.barmake.io
x-api-key: barmake_your_api_key_here
Content-Type: application/json

Keep your API key secret. Never expose it in client-side code, public repos, or browser requests. Use environment variables and server-side calls only.

Base URL

All API endpoints are relative to the following base URL:

https://api.barmake.io/api/v1

Rate Limits

API rate limits are based on your subscription tier. Limits reset at the beginning of each calendar month.

Plan	Monthly API Calls	QR Codes	Scans Tracked	Price
Free	100	10	1,000	$0/mo
ProPopular	5,000	500	50,000	$19/mo
Business	50,000	5,000	500,000	$79/mo
Enterprise	Unlimited	Unlimited	Unlimited	Contact Us

When you exceed your rate limit, the API returns a 429 Too Many Requests response. Upgrade your plan to increase your limits.

QR Code Endpoints

Barcode Generation

Create barcodes using the same QR code endpoint by setting type to "barcode". The content.barcodeType field determines the barcode topology (e.g., EAN-13, DataMatrix, PDF417). You can pass optional parameters such as eclevel, columns, rows, and mode inside content.params.

Supported Barcode Types

Popular 2D

qrcode, datamatrix, pdf417, azteccode, microqrcode, hanxin, gridmatrix, micropdf417, dotcode, ultracode

Popular 1D

ean13, ean8, upca, upce, code128, code39, code93, itf14, interleaved2of5

More 2D

azteccodecompact, codeone, rmqr, rectangularmicroqrcode, jabcode

GS1 / Supply Chain

gs1-128, gs1datamatrix, gs1dldatamatrix, gs1dlqrcode, gs1qrcode, gs1northamericancoupon, gs1dotcode, databarexpanded, databarstacked, databarlimited, databaromni, databartruncated, databarexpandedstacked, databarstackedomni

Healthcare / HIBC

hibccode128, hibccode39, hibcdatamatrix, hibcqrcode, hibcpdf417, hibcmicropdf417, hibcazteccode, hibccodablockf

Postal

maxicode, uspsintelligenmail, royalmail, auspost, japanpost, kix, onecode, postnet, planet, mailmark

Publishing

isbn, issn, ismn, ean13composite, ean8composite, upcacomposite, upcecomposite

More 1D

code11, code25, code39ext, code93ext, code128b, codabar, msi, plessey, telepen, pharmacode, rationalizedcodabar, ean2, ean5, codablockf, code16k, channelcode, bc412, coop2of5, daft

Some barcode types accept optional parameters via content.params: eclevel (error correction level), columns, rows, and mode. Check the barcode specification for valid values.

Bulk QR Codes

Create multiple QR codes at once by uploading a CSV file. Requires Firebase Auth (Bearer token).

API Key Management

Create and manage API keys for programmatic access. Requires Firebase Auth (Bearer token).

MFA / Two-Factor Authentication

Enable TOTP-based two-factor authentication for added security. All MFA endpoints require Firebase Auth (Bearer token). Once enabled, a valid MFA token must be included via the X-MFA-Token header for protected operations.

MFA is available on Business and Enterprise plans. TOTP secrets are encrypted with AES-256-GCM at rest. Backup codes are bcrypt-hashed.

Webhooks

Receive real-time notifications when events occur on your QR codes. Webhooks are sent as POST requests with HMAC-SHA256 signatures. Requires Firebase Auth (Bearer token).

Event	Description
`qr.created`	A new QR code was created
`qr.updated`	A QR code was updated
`qr.deleted`	A QR code was deleted
`qr.scanned`	A QR code was scanned
`qr.expired`	A QR code expired or reached max scans

Landing Pages

Create custom landing pages for your QR codes with a drag-and-drop block editor. All endpoints use API key authentication.

Custom Domains

Use your own domain for QR code redirect URLs (e.g., qr.yourbrand.com/abc123). Requires Firebase Auth (Bearer token).

Group Endpoints

Organize your QR codes into groups (folders). All endpoints use API key authentication.

Events

Manage events with ticketing, check-in, and analytics. All endpoints use API key authentication.

Fundraising

Create and manage fundraising campaigns with donation tracking. All endpoints use API key authentication.

Shipments

Track shipments with status updates and public tracking pages. All endpoints use API key authentication.

Review Pages

Manage customer review and feedback pages with analytics. All endpoints use API key authentication.

In-Visit Reviews

Create and manage in-visit review surveys for real-time patient/customer feedback. Supports emoji, scale, NPS, yes/no, choice, and text questions with alert notifications.

Forms

Build forms and manage submissions programmatically. All endpoints use API key authentication.

Coupons

Create and manage digital coupons and discount codes. All endpoints use API key authentication.

Wine Labels

Manage digital wine labels with tasting notes and winery information. All endpoints use API key authentication.

Business Cards

Create and manage digital business cards. All endpoints use API key authentication.

Asset Tracking

Track and manage physical assets with check-out, check-in, and maintenance logging. All endpoints use API key authentication.

Product Authentication

Product authentication, warranty registration, and counterfeit detection. All endpoints use API key authentication.

Labels

Create label templates and generate label batches for printing. All endpoints use API key authentication.

File Upload

Upload files (images, PDFs) for use in QR codes, menus, and other features. Max file size: 10MB. Uses API key authentication.

Error Handling

The API uses standard HTTP status codes. Errors return a JSON object with a message field.

Status	Description
`200`	Success
`201`	Resource created
`400`	Bad request - invalid parameters
`401`	Unauthorized - invalid or missing API key
`403`	Forbidden - you do not own this resource
`404`	Resource not found
`410`	Gone - QR code expired or reached scan limit
`429`	Rate limit exceeded
`500`	Internal server error

json

{
  "statusCode": 429,
  "message": "Monthly API call limit reached (5000). Upgrade your plan for higher limits.",
  "error": "Too Many Requests"
}

Code Examples

Full working examples in 8 languages. Each example shows creating a QR code with tags, listing with filters, and more.

bash

# Create a QR code with tags
curl -X POST https://api.barmake.io/api/v1/qr \
  -H "x-api-key: barmake_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "link",
    "isDynamic": true,
    "content": { "url": "https://example.com" },
    "targetUrl": "https://example.com",
    "design": { "dotStyle": "square", "dotColor": "#000000" },
    "tags": ["marketing", "retail"],
    "groupId": "your_group_id"
  }'

# List QR codes filtered by tag
curl "https://api.barmake.io/api/v1/qr?page=1&pageSize=10&tag=marketing" \
  -H "x-api-key: barmake_your_api_key_here"

# List QR codes filtered by group
curl "https://api.barmake.io/api/v1/qr?groupId=your_group_id" \
  -H "x-api-key: barmake_your_api_key_here"

# Create a group
curl -X POST https://api.barmake.io/groups \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "name": "Marketing", "color": "#3b82f6" }'

# Get scan analytics
curl "https://api.barmake.io/api/v1/qr/YOUR_QR_ID/stats?period=30" \
  -H "x-api-key: barmake_your_api_key_here"

# Delete a QR code
curl -X DELETE https://api.barmake.io/api/v1/qr/YOUR_QR_ID \
  -H "x-api-key: barmake_your_api_key_here"

Need Help?

If you have questions or need assistance integrating the BarMake API, our team is here to help.

Contact Support Go to Dashboard