Skip to main content

Overview

The Scanova API uses API key authentication to secure all endpoints.
You must include your API key in every request to successfully access the API.
Each request without valid authentication will be rejected with a 401 Unauthorized error.

API Key Authentication

All requests must include your API key in the Authorization header — without any prefix.

Header Format

Authorization: YOUR_API_KEY
All API endpoints require authentication using an API key. The API key must be passed directly in the Authorization header without any prefix.

Example Request

curl -X POST "https://management.scanova.io/qrcode/" \
  -H "Authorization: sk_live_1234567890abcdef" \
  -H "Content-Type: application/json" \
  -d '{
    "category": "1",
    "info": "{\"type\":\"url\",\"data\":{\"url\":\"https://example.com\"}}",
    "qr_type": "dy",
    "name": "My QR Code"
  }'

Obtaining Your API Key

Step 1: Log in to Scanova

  1. Visit https://scanova.io
  2. Log in to your account

Step 2: Navigate to API Settings

  1. Go to your dashboard
  2. Go to Settings and click on the API tab

Step 3: Create an API Key

  1. Click Create New API Key
  2. Select a key type:
    • Live API Key: For production use
    • Sandbox API Key: For testing and development
  3. Give your key a descriptive name
  4. Click Generate Key

Step 4: Copy and Store Your Key

Best practices:
  • Store keys as environment variables
  • Never commit API keys to source control
  • Use a secure secrets manager (like AWS Secrets Manager or Vault)

API Key Limits

PlanLive API KeysSandbox API Keys
Enterprise22

Environment Variables

Use environment variables to securely manage API keys in your project Example .env File 
# .env
SCANOVA_API_KEY=sk_live_your_api_key_here
SCANOVA_BASE_URL=https://management.scanova.io

Node.js Example

// Node.js example
const apiKey = process.env.SCANOVA_API_KEY;
const baseUrl = process.env.SCANOVA_BASE_URL;

const response = await fetch(`${baseUrl}/qrcode/`, {
  method: 'POST',
  headers: {
    'Authorization': apiKey,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    category: '1',
    info: '{"type":"url","data":{"url":"https://example.com"}}',
    qr_type: 'dy',
    name: 'My QR Code'
  })
});

Python Example

# Python example
import os
import requests

api_key = os.getenv('SCANOVA_API_KEY')
base_url = os.getenv('SCANOVA_BASE_URL', 'https://management.scanova.io')

headers = {
    'Authorization': api_key,
    'Content-Type': 'application/json'
}

data = {
    'category': '1',
    'info': '{"type":"url","data":{"url":"https://example.com"}}',
    'qr_type': 'dy',
    'name': 'My QR Code'
}

response = requests.post(f'{base_url}/qrcode/', headers=headers, json=data)

Base URLs

Use the correct base URL depending on your environment:
  • Production: https://management.scanova.io
  • Sandbox: https://sandbox-management.scanova.io

Error Responses

Invalid API Key

{
  "error": "unauthorized",
  "message": "Invalid API key provided"
}
HTTP Status: 401 Unauthorized

Missing API Key

{
  "error": "unauthorized",
  "message": "API key is required"
}
HTTP Status: 401 Unauthorized

Rate Limit Exceeded

{
  "error": "rate_limit_exceeded",
  "message": "Rate limit exceeded. Please try again later."
}
HTTP Status: 429 Too Many Requests

Security Best Practices

Follow these guidelines to keep your API keys and data secure.

1. Keep Your API Keys Safe

  • Never expose keys in frontend code
  • Avoid committing keys to Git or public repos
  • Store them in environment variables or secure storage
  • Rotate keys regularly

2. Always Use HTTPS

The Scanova API only supports secure connections. Avoid plain HTTP

3. Validate Input

  • Validate and sanitize all input before making requests
  • Prevent injection attacks by enforcing proper data formats

4. Handle Errors Gracefully

  • Log errors safely (avoid exposing keys)
  • Show meaningful messages to end users

5. Monitor Usage

  • Track API usage and costs
  • Set alerts for abnormal behavior
  • Review and revoke unused keys

Testing Your Authentication

You can test your API key authentication using the following endpoint: 
curl -X GET "https://management.scanova.io/auth/stats/" \
  -H "Authorization: YOUR_API_KEY"
A successful response indicates your API key is valid: 
{
  "total_qr_count": 150,
  "total_scan_count": 2500,
  "active_qr_count": 120,
  "inactive_qr_count": 30
}

Need Help?

If you’re having trouble with authentication:
  1. Check your API key: Ensure it’s correctly copied
  2. Verify header format: Make sure you’re using Authorization: YOUR_API_KEY (without any prefix)
  3. Check your plan: Ensure your account include API access
  4. Contact support: Scanova Support Center or email support@scanova.io