DEVELOPER DOCUMENTATION

SKQR Forge API Docs

Complete public developer docs for rendering QR codes, managing developer API keys, creating reports/issues, and reading user issue conversations.

Base URL: https://skqr.smrprprp.xyzAuth: Firebase ID token or SKQR API keyCurrent quota: ∞ unlimited

Authentication

SKQR has two authentication systems depending on the endpoint.

API key auth

Used by render endpoints. Put your key in X-API-Key or Authorization: Bearer.

Firebase user auth

Used by account endpoints. Send Firebase ID token in Authorization: Bearer.

Generating API keys requires Developer mode. Developer mode requires 2FA first.
API key header
X-API-Key: skqr/-/xxxxxxxxxxxxxxx\-\
Firebase user header
Authorization: Bearer FIREBASE_ID_TOKEN

POST /api/v1/render

Render a QR code from a schema. This endpoint is designed for developers using their SKQR private API key.

POST/api/v1/renderX-API-Key
cURL render request
curl -X POST https://skqr.smrprprp.xyz/api/v1/render \
  -H "Content-Type: application/json" \
  -H "X-API-Key: skqr/-/xxxxxxxxxxxxxxx\-\" \
  -d '{
    "data": "https://smbeta.xyz",
    "title": "smbeta.xyz",
    "subtitle": "CONNECT > BUILD > DEPLOY > REPEAT",
    "accent": "#ff2b2b",
    "dark": "#ffffff",
    "light": "#030000",
    "frame": true,
    "moduleShape": "rounded",
    "outlineWidth": 0
  }'
JavaScript fetch
const response = await fetch('https://skqr.smrprprp.xyz/api/v1/render', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-API-Key': 'skqr/-/xxxxxxxxxxxxxxx\-\'
  },
  body: JSON.stringify({
    data: 'https://smbeta.xyz',
    title: 'smbeta.xyz',
    subtitle: 'CONNECT > BUILD > DEPLOY > REPEAT',
    accent: '#ff2b2b',
    dark: '#ffffff',
    light: '#030000',
    frame: true
  })
});
const json = await response.json();
document.body.innerHTML = json.svg;
Success response
{
  "ok": true,
  "type": "image/svg+xml",
  "svg": "<svg ...>...</svg>",
  "requests": 1,
  "limit": "∞ unlimited"
}

API key endpoints

API keys are stored as hashes. The full private key is only shown once when created.

GET/api/keys/listFirebase Bearer token
List keys
curl https://skqr.smrprprp.xyz/api/keys/list \
  -H "Authorization: Bearer FIREBASE_ID_TOKEN"
POST/api/keys/createFirebase Bearer token + X-SKQR-2FA
Create key
curl -X POST https://skqr.smrprprp.xyz/api/keys/create \
  -H "Authorization: Bearer FIREBASE_ID_TOKEN" \
  -H "X-SKQR-2FA: RECENT_2FA_SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{}'
POST/api/keys/revokeFirebase Bearer token + X-SKQR-2FA
Revoke key
curl -X POST https://skqr.smrprprp.xyz/api/keys/revoke \
  -H "Authorization: Bearer FIREBASE_ID_TOKEN" \
  -H "X-SKQR-2FA: RECENT_2FA_SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "keyId": "firebase_key_id" }'

Issues and reports API

Users can submit a report publicly. Anonymous reporters must accept that they will not receive status/messages without an account.

POST/api/issues/createOptional Firebase Bearer token
Anonymous issue
curl -X POST https://skqr.smrprprp.xyz/api/issues/create \
  -H "Content-Type: application/json" \
  -d '{
    "title": "QR scan problem on iPhone",
    "category": "bug",
    "message": "The QR preview is too large on my device.",
    "anonymousAccepted": true
  }'
Signed-in issue
curl -X POST https://skqr.smrprprp.xyz/api/issues/create \
  -H "Authorization: Bearer FIREBASE_ID_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "API render request",
    "category": "feature",
    "message": "Can you add animated exports?"
  }'
GET/api/issues/listFirebase Bearer token
POST/api/issues/commentFirebase Bearer token
Reply to an issue
curl -X POST https://skqr.smrprprp.xyz/api/issues/comment \
  -H "Authorization: Bearer FIREBASE_ID_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "issueId": "local_issue_id",
    "message": "Here are more details."
  }'

QR schema reference

The site saves schemas instead of rendered images. This keeps storage light and lets users regenerate projects later.

Common schema fields
{
  "data": "https://example.com",
  "title": "example.com",
  "subtitle": "CONNECT > BUILD > DEPLOY > REPEAT",
  "width": 720,
  "height": 720,
  "margin": 24,
  "qrColor": "#ffffff",
  "bgColor": "#030000",
  "accent": "#ff2b2b",
  "outlineColor": "#ff2b2b",
  "outlineWidth": 0,
  "moduleShape": "rounded",
  "moduleGap": 0.08,
  "transparentQR": false,
  "frame": true,
  "glass": true,
  "relief": true,
  "glow": true,
  "logoUrl": "https://example.com/logo.png"
}

Module shapes

square, rounded, circle, diamond, octagon, hexagon, slash, horizontal, vertical, ring, blob

Media fields

logoUrl, qrTexture, backgroundImage can be URLs or data URLs depending on the client.

Errors

Error response format
{
  "error": "Invalid API key."
}
StatusMeaning
400Missing or invalid request body.
401Missing or invalid auth token/API key.
4032FA, Developer mode, or Owner access required.
500Server configuration or provider error.

Full developer workflow

  1. Create an account.
  2. Activate 2FA.
  3. Enable Developer mode.
  4. Generate an API key in Account.
  5. Call POST /api/v1/render with X-API-Key.