PermisosQR provides two distinct scanning modes to cover different operational contexts. The in-app scanner is designed for logged-in operators working at a fixed station or using a company device — it leverages the session token for authorization and routes all actions through the standard authenticated API. The public scan mode is designed for environments where a physical label is scanned by anyone with a phone: no login session is required, but the person authorizing the action must supply their email and password inline with each request. Both modes use the sameDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/edgar2420/QrPermision/llms.txt
Use this file to discover all available pages before exploring further.
html5-qrcode library to access the device camera, and both support manual ID entry as a fallback when camera access is unavailable.
In-App Scanning (Authenticated)
The in-app scanner is available at/scan and requires an active login session. It uses the html5-qrcode library to read the device’s rear-facing camera at 10 fps inside a 220×220 px scanning window.
Activate the camera
The operator taps Activar cámara. The browser requests
getUserMedia({ video: { facingMode: 'environment' } }).Decode the QR
html5-qrcode decodes the printed label. The raw value matches /QR-?(\d+)/i or a bare integer, extracting the numeric QR ID.Fetch current status
The app calls
GET /api/qr/:id with the session token to retrieve the QR’s current status, active permission details, and elapsed time.Branch on status
available→ the enable modal opens. The operator enters the employee name and time limit, then confirmsPOST /api/permissions/enable.active→ the return modal opens with the live countdown timer. The operator confirmsPOST /api/permissions/return.disabled/expired→ an error state is displayed; no action is possible.
42 or QR-42) directly into the text input and press Enter or Buscar to trigger the same lookup flow.
Public Scan Mode (No Login Required)
Public scan mode allows any person with a phone to handle a permission event — useful when the employee themselves can confirm a return, or when a supervisor who is not logged into the dashboard needs to authorize an exit at the door. The page is served at/scan/:id and has no authentication middleware.
The public flow has three steps:
Load QR info
On page load the app calls
GET /api/qr/public/:id. This endpoint returns status, active permission details, and elapsed time — but no sensitive user data.Enable a permission (public)
If the QR is Response —
available, the modal asks for the employee name, time limit, and the authorizing operator’s credentials.200 OKQR URL Format
Every printed QR code encodes the URL that the public scan page responds to. When any mobile camera app scans the code, the OS opens it directly in the browser:42 encodes:
GET /api/qr/public/42 to load the QR’s current state. If the QR is available or active, the appropriate action modal opens automatically — no navigation required.
Comparing Scan Modes
- In-App (Authenticated)
- Public (No Login)
| Attribute | Value |
|---|---|
| URL | /scan |
| Auth required | ✅ JWT session token |
| QR info endpoint | GET /api/qr/:id |
| Enable endpoint | POST /api/permissions/enable |
| Return endpoint | POST /api/permissions/return |
| Credentials in body | ❌ No |
| Use case | Fixed-station operators with a company device |