Reputation: 1
Is it possible to have private QR Codes
Is it possible to have some kind of authorization added to the QR code reader process. I don't want a QR code to be read by all scanners. For example User 1: Gets a QR code by Logging into a website User 2: Logs in into a native mobile application and scans the QR code generated by User 1
Since User 2 is authorized, the reader should retrieve information from a Database.
If not an authenticated user, the QR code should throw an error stating "Not Authorized"
Upvotes: 0
Views: 982
Answers (2)
Reputation: 868
You can generate a QR code with an encrypted token. Your app can read the code and send an API request to the server with that QR string for verification. The server will decrypt the string, cross-check the token with the user and give you a response after verification.
This URL will be a secured one, not a public URL. That way you won't have to let everyone know what URL you are hitting. Also, this way you can implement your preferred encryption algorithm with your preferred salt.
Upvotes: 0
Reputation: 14334
A QR code just contains a URl. When User 2 opens the website, they should have to log in. That will tell you if they are authorised.
(OK, a QR code can contain any data - but in most cases, it is a web address.)
Upvotes: 1
Related Questions
- Prevent QR code from being copied and QR code should be scanable by my mobile app only
- How to create an individual QR-Code and thus, make is unscannable for third devices?
- Generating QR code which can be read only by my app
- QR code security
- Is it possible to make a website that is accessible strictly by using QR code?
- QR/Bar Code Security
- iphone: local qr code generator
- Avoid qrcode cloning
- Using a QR code securely
- QR codes linked to android