Security & Access Controls
Enterprise-grade security for every layer of the QRZone platform.
API Key Management
Generate, rotate, and revoke API keys from the dashboard. Scoped keys restrict access to specific operations or code collections.
OAuth 2.0
Full OAuth 2.0 authorization code flow for third-party integrations. PKCE support for single-page applications.
Encryption
All data encrypted at rest (AES-256) and in transit (TLS 1.3). QR code destinations are encrypted before storage.
Rate Limiting
Adaptive rate limits: 1,000 requests/min on free plans, 10,000 on Pro, and custom limits for Enterprise. 429 responses include Retry-After headers.
IP Allowlisting
Enterprise plans can restrict API access to specific IP ranges. Configure via dashboard or API.
Audit Logs
Immutable audit trail of all account actions: code creation, deletion, setting changes, team member additions, and API key usage.