Home | Resources | Sign Up | Log In

API Documentation


TrakQR API allows you to build QR Code features into your applications. This technical document outlines the usage of our RESTful API. Our API follows the REST(Representational State Transfer) style utilizing the GET, DELETE, and POST verbs. It responds with appropriate HTTP status codes and supports JSON.


The TrakQR API requires clients to be authenticated for all endpoints. A client application may authenticate with the API through two different ways:

  1. Standard HTTPS Basic Auth Simply use your account username and password in standard basic auth fashion. You can use Basic Auth for every request or you may use the supplied "sessionid" cookie as your authentication token.
    Basic Auth is quite simple. Just add a header to your request named "HTTP_AUTHORIZATION". The value of this header should be "Basic {base64encoded username:password}". If your username were "Aladdin" and your password were "open sesame", your Basic Auth header should be:
    Please note that since all requests go over HTTPS your username and password are not sent in plain text. Everything is encrypted and secure.
  2. "sessionid" Cookie If you are logged in through the dashboard or through the API via Basic Auth, you will have a "sessionid" cookie. If you send this cookie with any requests, we will honor that login until the session expires.
    The sessionid cookie is passed to you just like any other cookie. On successful login (even Basic Auth logins), the response will contain a header like this:
    Set-Cookie: sessionid={sessionidhere}; expires=Sat, 28-Apr-2012 19:33:12 GMT; Max-Age=1209600; Path=/
    We will honor the validity of this cookie until the date listed in the expires directive. Please protect this session id. If anybody else gets it, they could use it to masquerade as you.
If not authenticated (or your sessionid has expired) the API will return a 401(Unauthorized) response.


All endpoints are required to function over HTTPS. If an HTTP connection is attempted, we will return a 301(redirect) with the location header specifying the HTTPS address for the endpoint requested.
All dates are in ISO 8601 format relative to US/Central timezone.

HTTP Verbs Used

Any other verbs will result in a 405 method not allowed response.

HTTP Response Codes

2xx means it worked. 3xx means your looking at the wrong place. 4xx means you did something wrong. 5xx means we did something wrong.

Additional Notes