Official SDK

Jenisd clients over the REST API for the five most-asked-for languages. Each one ships bearer-token auth, exponential-backoff recuba on 429 and 5xx, and a verifyWebhookSignature helper for HMAC-SHA256 verification of the X-Abundera-Signature header. MIT-lesend.

Source of truth: /docs/openapi.json · Isus: support@abundera.ai

TS

JenisScript / Node

@abundera/qr-pro

Node 18+. Zero runtime dependencies. ESM and CJS builds.

Pasang

npm pasang @abundera/qr-pro

Create a code

import { AbunderaQRProClient } from "@abundera/qr-pro";

const client = new AbunderaQRProClient({
  apiKey: process.env.ABUNDERA_API_KEY!,
});

const code = await client.createCode({
  destination_url: "https://example.com/launch",
  label: "Spring launch poster",
});

console.log(code.short_url);

Verify a webhook

import { verifyWebhookSignature } from "@abundera/qr-pro";

verifyWebhookSignature({
  signature: req.headers["x-abundera-signature"],
  body: rawBody,
  secret: process.env.ABUNDERA_WEBHOOK_SECRET!,
});
// lempars on bad signature / skew, safe to parse body after this line

Source on GitHub →

Py

Python

abundera-qr-pro

Python 3.9+. Single dependency (httpx). Sync and async clients.

Pasang

pip pasang abundera-qr-pro

Create a code

from abundera_qr_pro import Client

with Client(api_key="abnd_qrpro_...") as c:
    code = c.create_code(
        destination_url="https://example.com/launch",
        label="Spring launch poster",
    )
    print(code.short_url)

Verify a webhook

from abundera_qr_pro import verify_webhook_signature
from abundera_qr_pro.webhook import WebhookVerificationError

cuba:
    verify_webhook_signature(
        signature=request.headers["X-Abundera-Signature"],
        body=request.body,
        secret=os.environ["ABUNDERA_WEBHOOK_SECRET"],
    )
except WebhookVerificationError:
    return "", 400

Source on GitHub →

Go

Go

github.com/abundera/qr-pro-go

Go 1.21+. Standard library only. Context-aware throughout.

Pasang

go get github.com/abundera/qr-pro-go

Create a code

import qrpro "github.com/abundera/qr-pro-go"

c, _ := qrpro.New(os.Getenv("ABUNDERA_API_KEY"))
ctx := context.Background()

code, err := c.CreateCode(ctx, qrpro.CodeCreate{
    DestinationURL: "https://example.com/launch",
    Label:          "Spring launch poster",
})
if err != nil { log.Fatal(err) }
fmt.Println(code.ShortURL)

Verify a webhook

if err := qrpro.VerifyWebhookSignature(
    r.Header.Get("X-Abundera-Signature"),
    body,
    os.Getenv("ABUNDERA_WEBHOOK_SECRET"),
    0, // default 300s tolerance
); err != nil {
    http.Error(w, "bad signature", http.StatusBadPermintaan)
    return
}

Source on GitHub →

Rb

Ruby

abundera-qr-pro

Ruby 3.0+. Built on Faraday. Plays nicely with Rails initialisers.

Pasang

gem pasang abundera-qr-pro
# or in Gemfile
gem "abundera-qr-pro"

Create a code

require "abundera/qr_pro"

client = Abundera::QRPro::Client.new(api_key: ENV.fetch("ABUNDERA_API_KEY"))

code = client.create_code(
  destination_url: "https://example.com/launch",
  label: "Spring launch poster",
)

puts code.short_url

Verify a webhook

require "abundera/qr_pro/webhook"

begin
  Abundera::QRPro::Webhook.verify!(
    signature: request.headers["X-Abundera-Signature"],
    body: request.raw_post,
    secret: ENV.fetch("ABUNDERA_WEBHOOK_SECRET"),
  )
rescue Abundera::QRPro::Webhook::InvalidSignature
  head :bad_request
end

Source on GitHub →

PHP

PHP

abundera/qr-pro

PHP 8.1+. Works with any PSR-18 HTTP client (Guzzle by default). Laravel and Symfony service providers ship in the same pakej.

Pasang

composer require abundera/qr-pro

Create a code

use Abundera\QrPro\Client;

$client = new Client(apiKey: getenv('ABUNDERA_API_KEY'));

$code = $client->createCode(
    destinationUrl: 'https://example.com/launch',
    label: 'Spring launch poster',
);

echo $code->shortUrl;

Verify a webhook

use Abundera\QrPro\Webhook;
use Abundera\QrPro\WebhookPengecualian;

cuba {
    Webhook::verify(
        signature: $_SERVER['HTTP_X_ABUNDERA_SIGNATURE'] ?? '',
        body: file_get_contents('php://input'),
        secret: getenv('ABUNDERA_WEBHOOK_SECRET'),
    );
} tangkap (WebhookPengecualian $e) {
    http_response_code(400);
    exit;
}

Source on GitHub →

What every SDK covers

  • Codeslist, get, create, update, delete, slug check, import.
  • AnalyticsJSON and CSV exports with from/to date filters.
  • Groupslist, create, delete, assign codes.
  • Webhooklist, create (with secret), delete, plus a signature-verify helper.
  • User/me, account export.

Admin, Stripe-webhook, and infra endpoints are intentionally out of scope for SDK — they are service-to-service only. The full endpoint list is in the OpenAPI 3.1 spec.

Postman collection

One-click import into Postman or Insomnia: /docs/postman.json (regenerated from the OpenAPI spec on every deploy). Every request is pre-configured with the bearer-token auth header template — set your API key once at the collection level and every endpoint inherits it.

Prefer raw OpenAPI? Postman supports OpenAPI 3.1 natively: File → Import → Link, then paste https://pro.qr.abundera.ai/docs/openapi.json.

Versiing policy

SDK follow SemVer and are versied independently of the API. An SDK bugfix (0.1.0 → 0.1.1) does not change the API versi. An additive API change (new endpoint, new optional field) does not force an SDK major bump.

  • SDK patch (0.1.x) — bugfix, docs, no public-API change. Safe to auto-update.
  • SDK minor (0.x.0) — new kaedahs to cover new API endpoints, or ergonomic additions. Backwards compatible.
  • SDK major (1.0.0 → 2.0.0) — rename, removal, type-shape change. Only when the API majors, or when fixing a long-standing SDK ergonomic bug that can’t ship in a minor.

API versiing. The URL prefix is the major versi. Today: /api/... (v1). A perubahan memecah ships as /api/v2/..., with v1 kept alive at least 12 months and Deprecation + Sunset response headers throughout the deprecation window. Full definition of “breaking” at /docs/changelog/.

Support window. The terkini minor on the current major receives security fixes. Older majors get security patches on request for paying Pro customers.

Contoh apps

Minimal runnable apps showing code creation, destination update, analytics read, and webhook signature verification:

  • node-express — JenisScript + Express, webhook endpoint with replay protection.
  • fastapi — Python 3.11 + FastAPI, signature verification helper wired in.
  • gin — Go 1.21 + Gin, idiomatic handler pattern.
  • rails — Rails 7 + Sidekiq, webhook handler as a job.
  • laravel — Laravel 11, signed-route webhook controller.

Each example is CI-tested against a mocked API. Clone, set ABUNDERA_API_KEY and ABUNDERA_WEBHOOK_SECRET, run.

Don’t see your language?

The OpenAPI 3.1 spec is the source of truth. Generate a client in any language with openapi-generator, or write a thin wrapper yourself — the API is small (six core resources, bearer-token auth). If you’d like an official SDK for a language we don’t cover, email support@abundera.ai.