name: scanblitz
description: Create dynamic, trackable QR codes and inspect scan analytics with the ScanBlitz API. Use when a user wants QR codes whose destinations can change later, QR scan/click attribution, campaign QR links, or programmatic QR creation from an agent. Not for static offline-only QR images, barcode scanning, or decoding QR codes from images.
version: 1.0.0
license: MIT
metadata:
openclaw:
emoji: "📱"
homepage: https://scanblitz.com
requires:
env:

• SCANBLITZAPIKEY

bins:

• curl

primaryEnv: SCANBLITZAPIKEY
envVars:

• name: SCANBLITZAPIKEY

required: true
description: ScanBlitz API key. Keys usually start with sbapi. Older partner keys may start with sbzpartner.

• name: SCANBLITZAPIBASE

required: false
description: Optional override for the API base URL. Defaults to https://scanblitz.com/api/enterprise for sbapi keys.

ScanBlitz — Dynamic QR Codes and Scan Analytics

ScanBlitz creates dynamic QR codes and short links that track scans. Use it when an agent needs to create a QR code, update the destination later, or check scan analytics such as device, country, referrer, and daily trends.

When to Use

Use this skill when the user asks to:

• Create a QR code for a URL and track scans.
• Make a dynamic QR code whose destination can be changed later.
• Create QR links for campaigns, flyers, packages, events, or landing pages.
• Check how many times a QR code was scanned.
• Pull scan analytics by device, country, city, referrer, or date.
• Update, deactivate, or delete an existing ScanBlitz QR code.
• Generate QR codes programmatically from an agent or automation.

Do not use this skill for:

• Static QR images that do not need tracking or redirect updates.
• Reading or decoding QR codes from images.
• Barcode generation.
• Anything that should avoid third-party network calls.

Setup

Option A: Use an existing ScanBlitz API key

Set the key in OpenClaw's environment file:

mkdir -p ~/.openclaw
printf '\nSCANBLITZ_API_KEY=%s\n' 'sb_api_your_key_here' >> ~/.openclaw/.env

If your installation uses a custom state directory, put it in $OPENCLAW_STATE_DIR/.env instead.

Option B: Self-register by email

Agents can request a verification code and receive an API key without a browser.

curl -s -X POST 'https://kylpeyhiqtdonlqqguty.supabase.co/functions/v1/agent-register' \
  -H 'Content-Type: application/json' \
  -d '{"email":"you@example.com","agent_name":"OpenClaw Agent"}'

Check that inbox for the 6-digit code, then verify:

curl -s -X POST 'https://kylpeyhiqtdonlqqguty.supabase.co/functions/v1/agent-register/verify' \
  -H 'Content-Type: application/json' \
  -d '{"email":"you@example.com","code":"123456"}'

Save the returned api_key as SCANBLITZ_API_KEY. The key is only shown once.

Optional MCP server

ScanBlitz also provides an MCP server:

{
  "mcpServers": {
    "scanblitz": {
      "command": "npx",
      "args": ["-y", "@scanblitz/mcp-server"],
      "env": { "SCANBLITZ_API_KEY": "sb_api_..." }
    }
  }
}

Auth and Base URLs

Recommended API keys use the sb_api_ prefix and the public enterprise API:

SCANBLITZ_API_BASE="${SCANBLITZ_API_BASE:-https://scanblitz.com/api/enterprise}"
AUTH_HEADER="Authorization: Bearer $SCANBLITZ_API_KEY"

Older partner keys may start with sbz_partner_. If you have one, use the partner API and X-Partner-Key header:

SCANBLITZ_API_BASE="https://kylpeyhiqtdonlqqguty.supabase.co/functions/v1/partner-api"
AUTH_HEADER="X-Partner-Key: $SCANBLITZ_API_KEY"

Always include a source header so traffic is classified correctly:

SOURCE_HEADER="X-Source-Type: agent"

Create a Dynamic QR Code

curl -s -X POST "$SCANBLITZ_API_BASE/qr-codes" \
  -H "Content-Type: application/json" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER" \
  -d '{
    "name": "Product Launch",
    "destination_url": "https://example.com/launch"
  }'

Expected response shape:

{
  "success": true,
  "data": {
    "id": "uuid",
    "short_id": "xK7mQ3",
    "name": "Product Launch",
    "destination_url": "https://example.com/launch",
    "scan_count": 0,
    "is_active": true
  }
}

Save both:

• id: needed for enterprise API update/delete/analytics endpoints.
• short_id: useful for public redirect links like https://scanblitz.com/qr/xK7mQ3.

If using the older partner API, create with the base URL directly:

curl -s -X POST "$SCANBLITZ_API_BASE" \
  -H "Content-Type: application/json" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER" \
  -d '{
    "name": "Product Launch",
    "destination_url": "https://example.com/launch",
    "partner_ref": "openclaw:product-launch"
  }'

List QR Codes

curl -s "$SCANBLITZ_API_BASE/qr-codes?page=1&limit=50&sort_by=created_at&sort_order=desc" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER"

Useful filters:

• search=launch
• active=true
• sort_by=scan_count
• sort_order=desc

Get One QR Code

Enterprise API:

QR_ID="uuid-from-create-or-list"
curl -s "$SCANBLITZ_API_BASE/qr-codes/$QR_ID" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER"

Older partner API:

SHORT_ID="xK7mQ3"
curl -s "$SCANBLITZ_API_BASE/$SHORT_ID" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER"

Update a QR Destination

Enterprise API:

QR_ID="uuid-from-create-or-list"
curl -s -X PUT "$SCANBLITZ_API_BASE/qr-codes/$QR_ID" \
  -H "Content-Type: application/json" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER" \
  -d '{
    "destination_url": "https://example.com/new-page",
    "name": "Updated Launch QR"
  }'

Older partner API:

SHORT_ID="xK7mQ3"
curl -s -X PUT "$SCANBLITZ_API_BASE/$SHORT_ID" \
  -H "Content-Type: application/json" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER" \
  -d '{
    "destination_url": "https://example.com/new-page",
    "name": "Updated Launch QR"
  }'

Get Scan Analytics

Enterprise API:

QR_ID="uuid-from-create-or-list"
curl -s "$SCANBLITZ_API_BASE/qr-codes/$QR_ID/analytics?group_by=day" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER"

Older partner API:

SHORT_ID="xK7mQ3"
curl -s "$SCANBLITZ_API_BASE/analytics/$SHORT_ID" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER"

Analytics may include:

• total scans
• device type
• browser and OS
• country and city
• referrer
• UTM parameters
• daily, weekly, or monthly trends

Delete or Deactivate

Enterprise API permanently deletes the QR code:

QR_ID="uuid-from-create-or-list"
curl -s -X DELETE "$SCANBLITZ_API_BASE/qr-codes/$QR_ID" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER"

If you only want to pause a QR code, update it instead:

curl -s -X PUT "$SCANBLITZ_API_BASE/qr-codes/$QR_ID" \
  -H "Content-Type: application/json" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER" \
  -d '{"is_active": false}'

Older partner API soft-deletes/deactivates by short ID:

SHORT_ID="xK7mQ3"
curl -s -X DELETE "$SCANBLITZ_API_BASE/$SHORT_ID" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER"

Bulk Create

Bulk create is available on paid plans.

curl -s -X POST "$SCANBLITZ_API_BASE/qr-codes/bulk" \
  -H "Content-Type: application/json" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER" \
  -d '{
    "qr_codes": [
      {"name":"Store #1","destination_url":"https://example.com/store/1"},
      {"name":"Store #2","destination_url":"https://example.com/store/2"}
    ]
  }'

Health Check

For older partner API keys:

curl -s 'https://kylpeyhiqtdonlqqguty.supabase.co/functions/v1/partner-api/health' \
  -H "X-Partner-Key: $SCANBLITZ_API_KEY" \
  -H "$SOURCE_HEADER"

For enterprise keys, use a lightweight authenticated call:

curl -s "$SCANBLITZ_API_BASE/usage" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER"

Generate a Printable QR Image

ScanBlitz creates the trackable link. To render a PNG, encode the ScanBlitz scan URL, not the final destination URL.

SCAN_URL="https://scanblitz.com/qr/xK7mQ3"
ENCODED=$(python3 - <<'PY'
from urllib.parse import quote
import os
print(quote(os.environ["SCAN_URL"], safe=""))
PY
)
curl -fsSL "https://api.qrserver.com/v1/create-qr-code/?size=1024x1024&ecc=H&format=png&data=$ENCODED" \
  -o scanblitz-qr.png

If you do not have Python available, paste the SCAN_URL into any trusted QR generator.

Response Handling

Always check for both HTTP errors and JSON errors:

response=$(curl -sS -w '\n%{http_code}' -X POST "$SCANBLITZ_API_BASE/qr-codes" \
  -H "Content-Type: application/json" \
  -H "$AUTH_HEADER" \
  -H "$SOURCE_HEADER" \
  -d '{"name":"Test","destination_url":"https://example.com"}')

body=$(printf '%s' "$response" | sed '$d')
status=$(printf '%s' "$response" | tail -n1)
printf 'HTTP %s\n%s\n' "$status" "$body"

Common issues:

• 401: missing or invalid SCANBLITZ_API_KEY.
• 403: key lacks permission for that operation.
• 404: wrong QR id/short_id, wrong base URL for the key type, or inactive/deleted code.
• 429: rate limit exceeded.

Quick Reference

| Task | Enterprise endpoint | Partner endpoint |
| --- | --- | --- |
| Create | POST /qr-codes | POST / |
| List | GET /qr-codes | Not available |
| Get | GET /qr-codes/:id | GET /:short_id |
| Update | PUT /qr-codes/:id | PUT /:short_id |
| Analytics | GET /qr-codes/:id/analytics | GET /analytics/:short_id |
| Delete/deactivate | DELETE /qr-codes/:id or PUT is_active:false | DELETE /:short_id |
| Usage/health | GET /usage | GET /health |

Security Notes

• Never print or commit SCANBLITZ_API_KEY.
• Store credentials in environment files, shell secrets, or OpenClaw state, not in the skill folder.
• Do not create QR codes that hide malicious destinations.
• Inspect the returned destination_url before sharing or printing a QR code.
• Prefer https://scanblitz.com/qr/<short_id> for public-facing links when available.

References

• ScanBlitz: https://scanblitz.com
• API docs: https://scanblitz.com/api-docs
• Agent reference: https://scanblitz.com/llms-full.txt
• MCP server: npx -y @scanblitz/mcp-server