Auth Docs and API Access
Public discovery endpoints, OpenAPI metadata, MCP discovery, and vCard payload generation do not require authentication.
Public Endpoints
- No API key required:
GET /v1/health,GET /v1/product,POST /v1/vcard,GET /mcp, andPOST /mcp. - CORS: Public API responses allow browser-based agents and automation clients to read the endpoints.
- Privacy: The free static generator runs QR rendering in the browser. The API returns vCard text for user-authorized workflows; it does not create accounts or store contacts.
Authenticated Product Areas
Dynamic QR profiles, analytics dashboards, billing, and user-owned edits live at app.vcardqrcodegenerator.com. Agents should not modify user-owned dynamic QR resources unless an authenticated app flow is explicitly documented and authorized by the user.