Official SDKs

عملاء مكتوبة بأنواع محددة فوق REST API للغات الخمس الأكثر طلباً. كل منها يأتي بمصادقة bearer token، وإعادة محاولة exponential-backoff على 429 و5xx، ومساعد verifyWebhookSignature للتحقق HMAC-SHA256 من ترويسة X-Abundera-Signature. مرخصة MIT.

Source of truth: /docs/openapi.json · Issues: support@abundera.ai

TS
TypeScript

Node 18+ · zero runtime deps

@abundera/qr-pro

npmعرض →
Py
Python

3.9+ · httpx

abundera-qr-pro

PyPIعرض →
Go
Go

1.21+ · stdlib only

github.com/abundera/qr-pro-go

Go modulesعرض →
Rb
Ruby

3.0+ · Faraday

abundera-qr-pro

RubyGemsعرض →
PHP
PHP

8.1+ · Guzzle / PSR-18

abundera/qr-pro

Packagistعرض →

TypeScript / Node

@abundera/qr-pro

Node 18+. Zero runtime dependencies. ESM and CJS builds.

Install

npm install @abundera/qr-pro

Create a code

import { AbunderaQRProClient } from "@abundera/qr-pro";

const client = new AbunderaQRProClient({
  apiKey: process.env.ABUNDERA_API_KEY!,
});

const code = await client.createCode({
  destination_url: "https://example.com/launch",
  label: "Spring launch poster",
});

console.log(code.short_url);

Verify a webhook

import { verifyWebhookSignature } from "@abundera/qr-pro";

verifyWebhookSignature({
  signature: req.headers["x-abundera-signature"],
  body: rawBody,
  secret: process.env.ABUNDERA_WEBHOOK_SECRET!,
});
// throws on bad signature / skew, safe to parse body after this line

Source on GitHub →

Python

abundera-qr-pro

Python 3.9+. Single dependency (httpx). Sync and async clients.

Install

pip install abundera-qr-pro

Create a code

from abundera_qr_pro import Client

with Client(api_key="abnd_qrpro_...") as c:
    code = c.create_code(
        destination_url="https://example.com/launch",
        label="Spring launch poster",
    )
    print(code.short_url)

Verify a webhook

from abundera_qr_pro import verify_webhook_signature
from abundera_qr_pro.webhook import WebhookVerificationError

try:
    verify_webhook_signature(
        signature=request.headers["X-Abundera-Signature"],
        body=request.body,
        secret=os.environ["ABUNDERA_WEBHOOK_SECRET"],
    )
except WebhookVerificationError:
    return "", 400

Source on GitHub →

Go

github.com/abundera/qr-pro-go

Go 1.21+. Standard library only. Context-aware throughout.

Install

go get github.com/abundera/qr-pro-go

Create a code

import qrpro "github.com/abundera/qr-pro-go"

c, _ := qrpro.New(os.Getenv("ABUNDERA_API_KEY"))
ctx := context.Background()

code, err := c.CreateCode(ctx, qrpro.CodeCreate{
    DestinationURL: "https://example.com/launch",
    Label:          "Spring launch poster",
})
if err != nil { log.Fatal(err) }
fmt.Println(code.ShortURL)

Verify a webhook

if err := qrpro.VerifyWebhookSignature(
    r.Header.Get("X-Abundera-Signature"),
    body,
    os.Getenv("ABUNDERA_WEBHOOK_SECRET"),
    0, // default 300s tolerance
); err != nil {
    http.Error(w, "bad signature", http.StatusBadRequest)
    return
}

Source on GitHub →

Ruby

abundera-qr-pro

Ruby 3.0+. Built on Faraday. Plays nicely with Rails initialisers.

Install

gem install abundera-qr-pro
# or in Gemfile
gem "abundera-qr-pro"

Create a code

require "abundera/qr_pro"

client = Abundera::QRPro::Client.new(api_key: ENV.fetch("ABUNDERA_API_KEY"))

code = client.create_code(
  destination_url: "https://example.com/launch",
  label: "Spring launch poster",
)

puts code.short_url

Verify a webhook

require "abundera/qr_pro/webhook"

begin
  Abundera::QRPro::Webhook.verify!(
    signature: request.headers["X-Abundera-Signature"],
    body: request.raw_post,
    secret: ENV.fetch("ABUNDERA_WEBHOOK_SECRET"),
  )
rescue Abundera::QRPro::Webhook::InvalidSignature
  head :bad_request
end

Source on GitHub →

PHP

abundera/qr-pro

PHP 8.1+. Works with any PSR-18 HTTP client (Guzzle by default). Laravel and Symfony service providers ship in the same package.

Install

composer require abundera/qr-pro

Create a code

use Abundera\QrPro\Client;

$client = new Client(apiKey: getenv('ABUNDERA_API_KEY'));

$code = $client->createCode(
    destinationUrl: 'https://example.com/launch',
    label: 'Spring launch poster',
);

echo $code->shortUrl;

Verify a webhook

use Abundera\QrPro\Webhook;
use Abundera\QrPro\WebhookException;

try {
    Webhook::verify(
        signature: $_SERVER['HTTP_X_ABUNDERA_SIGNATURE'] ?? '',
        body: file_get_contents('php://input'),
        secret: getenv('ABUNDERA_WEBHOOK_SECRET'),
    );
} catch (WebhookException $e) {
    http_response_code(400);
    exit;
}

Source on GitHub →

What every SDK covers

Codeslist, get, create, update, delete, slug check, import.
AnalyticsJSON and CSV exports with from/to date filters.
Groupslist, create, delete, assign codes.
Webhookslist, create (with secret), delete, plus a signature-verify helper.
User/me, account export.

Admin, Stripe-webhook, and infra endpoints are intentionally out of scope for SDKs — they are service-to-service only. The full endpoint list is in the OpenAPI 3.1 spec.

Postman collection

One-click import into Postman or Insomnia: /docs/postman.json (regenerated from the OpenAPI spec on every deploy). Every request is pre-configured with the bearer-token auth header template — set your API key once at the collection level and every endpoint inherits it.

Prefer raw OpenAPI? Postman supports OpenAPI 3.1 natively: File → Import → Link, then paste https://pro.qr.abundera.ai/docs/openapi.json.

Versioning policy

SDKs follow SemVer and are versioned independently of the API. An SDK bugfix (0.1.0 → 0.1.1) does not change the API version. An additive API change (new endpoint, new optional field) does not force an SDK major bump.

SDK patch (0.1.x) — bugfix, docs, no public-API change. Safe to auto-update.
SDK minor (0.x.0) — new methods to cover new API endpoints, or ergonomic additions. Backwards compatible.
SDK major (1.0.0 → 2.0.0) — rename, removal, type-shape change. Only when the API majors, or when fixing a long-standing SDK ergonomic bug that can’t ship in a minor.

API versioning. The URL prefix is the major version. Today: /api/... (v1). A breaking change ships as /api/v2/..., with v1 kept alive at least 12 months and Deprecation + Sunset response headers throughout the deprecation window. Full definition of “breaking” at /docs/changelog/.

Support window. The latest minor on the current major receives security fixes. Older majors get security patches on request for paying Pro customers.

Example apps

Minimal runnable apps showing code creation, destination update, analytics read, and webhook signature verification:

node-express — TypeScript + Express, webhook endpoint with replay protection.
fastapi — Python 3.11 + FastAPI, signature verification helper wired in.
gin — Go 1.21 + Gin, idiomatic handler pattern.
rails — Rails 7 + Sidekiq, webhook handler as a job.
laravel — Laravel 11, signed-route webhook controller.

Each example is CI-tested against a mocked API. Clone, set ABUNDERA_API_KEY and ABUNDERA_WEBHOOK_SECRET, run.

Don’t see your language?

The OpenAPI 3.1 spec is the source of truth. Generate a client in any language with openapi-generator, or write a thin wrapper yourself — the API is small (six core resources, bearer-token auth). If you’d like an official SDK for a language we don’t cover, email support@abundera.ai.