v1.1.0 · MIT licensed · self-hosted

QR codes that stay yours.

A self-hosted, open-source QR generator with optional auth, scan analytics, and admin controls. No SaaS account, no trackers, no third parties — ever.

Create a QR code View on GitHub

docker compose up · single container · SQLite-backed

Generate

Build one now.

No sign-up required — anonymous codes are enabled by default. Sign in to manage and edit them later.

Have an account? Sign in →

Configure

/api/v1/qr

Target URL

Template

Error correction

Foreground

Background

Border size

Border style

Center content

Expires at (optional)

Password (optional)

I agree to the Terms of Use and will not use this service to encode unlawful content (phishing, malware, fraud, harassment, CSAM, etc.).

Features

Everything a serious QR workflow needs.

Built for teams that print, share, and track real-world links — and want the whole stack under their own control.

Custom styling

Foreground & background colors, border treatments, templates, and a 10-character center overlay.

Two output formats

Download crisp PNG bitmaps or scalable SVG vectors. Pick the right format for print or web.

Password-protected codes

Require a password before the redirect resolves. Hashed server-side, never stored in plain text.

Expiration dates

Schedule QR codes to deactivate automatically. Run a campaign without manual cleanup.

Scan analytics

Count scans, country (from your reverse-proxy header), and device class — no fingerprinting, no trackers.

API + bulk import

A clean REST API and CSV upload for generating many codes at once. Issue per-user API keys.

How it works

Three steps, no surprises.

01

Paste a URL

Drop any destination — link, login page, Wi-Fi voucher, payment flow.
02

Style and configure

Pick colors, a template, optional center text, expiry and password.
03

Share or print

Download PNG/SVG, copy the short URL, or embed via the API.

Privacy & tracking

Privacy by default, not by promise.

Open-QR is engineered so there is nothing for us to leak — because there is no us. You run it. Raw identifiers are never persisted; sessions are HTTP-only and scoped to the auth path; tracking pixels and third-party scripts simply do not exist in the codebase.

The full source is on GitHub under the MIT license. Audit it, fork it, deploy it.

What is collected

Total scan count per QR code
Country code from your reverse-proxy header (Cloudflare, Vercel, Fly, etc.), if present
A SHA-256 hash of the visitor IP — the raw IP is never stored
Device class (mobile / tablet / desktop / bot) derived from User-Agent before it is hashed
Authentication session cookies — only if you log in

What is never collected

Raw IP addresses or full request fingerprints
Third-party trackers, pixels, or analytics SDKs
Personal data brokers or ad networks of any kind
Cross-site cookies, localStorage profiling, or telemetry

Developer API

A clean REST API, on your own domain.

Issue per-user API keys from the dashboard, point your tooling at your own host, and integrate QR generation into anything — CI/CD, print pipelines, kiosk apps.

Read the API docs Generate an API key →

POST /api/v1/qr

curl -X POST https://your-host/api/v1/qr \
  -H "Authorization: Bearer $OPENQR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "targetUrl": "https://example.com",
    "style": { "template": "minimal", "errorCorrection": "M" }
  }'

Self-host

One container. Your server. Done.

Open-QR ships as a single Docker image with embedded SQLite. Bring your own SMTP for email OTP, or run it fully anonymous. There's nothing else to set up.

$ docker compose up -d