Official SDKs

Typed clients over the REST API for TypeScript, Python, and Go. Each one ships bearer-token auth, exponential-backoff retry on 429 / 5xx, and a verifyWebhookSignature helper for HMAC-SHA256 verification of the X-Abundera-Signature header. MIT-licensed.

Source of truth: /docs/openapi.json · support@abundera.ai

TypeScript / Node

Package: @abundera/qr-pro · Node 18+ · zero runtime deps.

npm install @abundera/qr-pro
import { AbunderaQRProClient } from "@abundera/qr-pro";

const client = new AbunderaQRProClient({
  apiKey: process.env.ABUNDERA_API_KEY!,
});

const code = await client.createCode({
  destination_url: "https://example.com/launch",
  label: "Spring launch poster",
});

console.log(code.short_url);

Webhook verification:

import { verifyWebhookSignature } from "@abundera/qr-pro";

verifyWebhookSignature({
  signature: req.headers["x-abundera-signature"],
  body: rawBody,
  secret: process.env.ABUNDERA_WEBHOOK_SECRET!,
});
// throws on bad signature / skew — safe to parse body after this line

Source on GitHub →

Python

Package: abundera-qr-pro · Python 3.9+ · single dep (httpx).

pip install abundera-qr-pro
from abundera_qr_pro import Client

with Client(api_key="abnd_qrpro_...") as c:
    code = c.create_code(
        destination_url="https://example.com/launch",
        label="Spring launch poster",
    )
    print(code.short_url)

Webhook verification:

from abundera_qr_pro import verify_webhook_signature
from abundera_qr_pro.webhook import WebhookVerificationError

try:
    verify_webhook_signature(
        signature=request.headers["X-Abundera-Signature"],
        body=request.body,
        secret=os.environ["ABUNDERA_WEBHOOK_SECRET"],
    )
except WebhookVerificationError:
    return "", 400

Source on GitHub →

Go

Module: github.com/abundera/qr-pro-go · Go 1.21+ · stdlib only.

go get github.com/abundera/qr-pro-go
import qrpro "github.com/abundera/qr-pro-go"

c, _ := qrpro.New(os.Getenv("ABUNDERA_API_KEY"))
ctx := context.Background()

code, err := c.CreateCode(ctx, qrpro.CodeCreate{
    DestinationURL: "https://example.com/launch",
    Label:          "Spring launch poster",
})
if err != nil { log.Fatal(err) }
fmt.Println(code.ShortURL)

Webhook verification:

if err := qrpro.VerifyWebhookSignature(
    r.Header.Get("X-Abundera-Signature"),
    body,
    os.Getenv("ABUNDERA_WEBHOOK_SECRET"),
    0, // default 300s tolerance
); err != nil {
    http.Error(w, "bad signature", http.StatusBadRequest)
    return
}

Source on GitHub →

What each SDK covers

  • Codes — list, get, create, update, delete, slug check, import.
  • Analytics — JSON and CSV, with from/to date filters.
  • Groups — list, create, delete.
  • Webhooks — list, create (with secret), delete, signature verification helper.
  • User/me, account export.

The admin, Stripe-webhook, and infrastructure endpoints are intentionally excluded from the SDKs — they are service-to-service only. The full endpoint list lives in the OpenAPI 3.1 spec.

Postman collection

One-click import into Postman or Insomnia: /docs/postman.json (generated from the OpenAPI spec on every deploy). Every request is pre-configured with the bearer-token auth header template; set your API key once at the collection level and every endpoint inherits it.

Prefer the raw OpenAPI? Postman supports OpenAPI 3.1 natively: File → Import → Link and paste https://pro.qr.abundera.ai/docs/openapi.json.

Versioning policy

SDKs follow SemVer and are versioned independently of the API. An SDK bugfix (0.1.0 → 0.1.1) does not change the API version. An API additive change (new endpoint, new optional field) does not force an SDK major bump.

When each version moves:

  • SDK patch (0.1.x) — bugfix, documentation, no public-API change. Safe to auto-update.
  • SDK minor (0.x.0) — new methods to cover new API endpoints, or ergonomic additions. Backwards compatible.
  • SDK major (1.0.0 → 2.0.0) — rename, removal, type-shape change. Only when the underlying API majors, OR when we fix a long-standing SDK-level ergonomic bug that can't ship inside a minor.

API versioning. The URL prefix is the major version. Today: /api/... (v1). A breaking change ships as /api/v2/..., with v1 kept alive for at least 12 months and Deprecation + Sunset response headers throughout the deprecation window. Full definition of "breaking" at /docs/changelog/.

Support window. The latest minor release on the current major receives security fixes. Older majors get security patches on request for paying Pro customers.

Example apps

Minimal runnable example apps, each demonstrating code creation, destination update, analytics read, and webhook signature verification:

  • node-express — TypeScript + Express, webhook endpoint with replay-protection.
  • fastapi — Python 3.11 + FastAPI, signature verification helper wired in.
  • gin — Go 1.21 + Gin, idiomatic handler pattern.

Each example is CI-tested against a mocked API. Clone, set ABUNDERA_API_KEY and ABUNDERA_WEBHOOK_SECRET, run.

Don't see your language?

The OpenAPI 3.1 spec is the source of truth. You can generate a client in any language with openapi-generator or write a thin wrapper yourself — the API is small (six core resources, bearer-token auth). If you'd like us to ship an official SDK for a language we don't cover, email support@abundera.ai.