We highly recommend using our Web SDK as the quickest and simplest way to start implementing QR code authentication in your app. The implementation steps using the Web SDK can be found in the using device credentials with QR codes guide.

If you prefer to use the API directly, then the documentation below outlines the Client API’s QR code endpoints and their authentication model. We recommend using the WebSocket API for real-time feedback, falling back to REST API polling if WebSocket connections are not supported in your environment.

For real-time QR code authentication with immediate updates when users scan and interact with QR codes, use the WebSocket API.

The WebSocket API provides:

  • Real-time state updates as users scan and respond to QR codes
  • Immediate notifications for challenge approval or rejection
  • Lower latency for time-sensitive authentication flows

Details on how to authenticate with the WebSocket API can be found in the WebSocket API documentation.

REST API

  1. Start QR Code Challenge - Generates a QR code challenge
  2. Verify QR Code Challenge - Verifies the challenge was completed

These endpoints must be authenticated using bearer auth with a token.