Skip to main content

Requirements

  • Backend service capable of HTTPS POST calls
  • Access to site-level API key from dashboard
  • Access to site_id and scan_session_id from your QR journey/session flow
  • Stable event IDs for retry-safe delivery

Security Requirements

  • Never expose X-API-Key in frontend/browser code
  • Store API key in environment secret manager
  • Rotate/revoke keys through dashboard API tab