Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/hxmz-axfn07/qr-printing-sfw/llms.txt

Use this file to discover all available pages before exploring further.

QR Print Station runs a self-hosted Python HTTP server that serves both the customer-facing upload flow and the admin order management dashboard. All API responses use JSON, there is no versioning prefix in any path, and the server ships no external framework — everything is handled by Python’s built-in http.server.

Base URL

http://<server-host>:<PORT>
The default port is 8000, controlled by the PORT variable in .env. When PUBLIC_URL is set, the server advertises that URL instead of the auto-detected LAN address — useful when the machine is behind a reverse proxy or ngrok tunnel.

Authentication

Public endpoints (/api/config, /qr.png, POST /api/orders) require no credentials. Every other endpoint is admin-only. The ADMIN_TOKEN is a free-form secret string set in .env: 
ADMIN_TOKEN=change-this-secret-token
Admin identity is checked inside is_admin() via three methods, evaluated in this order:

1. Secret URL (dashboard page only)

The admin dashboard HTML page is served at: 
GET /admin/<ADMIN_TOKEN>
The token is embedded directly in the URL path. Visiting any other path under /admin/ returns 404.

2. Request Header

X-Admin-Token: <token>
Pass this header on any API request that requires admin access.

3. Query Parameter

?token=<token>
Append the token as a URL query parameter. This is how the admin dashboard fetches /files/:doc_id links — so that clicking a document link in the browser opens the file without needing a separate header injection.

Example: header auth

curl http://localhost:8000/api/orders \
  -H "X-Admin-Token: your-secret-token"
If ADMIN_TOKEN is empty in .env, the server falls back to an optional ADMIN_PIN cookie mechanism. For production deployments, always set a strong ADMIN_TOKEN.

Response Format

All API endpoints return application/json. The general conventions are:
  • Success — HTTP 2xx with an endpoint-specific JSON body. Creation responses use 201 Created and include "ok": true.
  • Client error — HTTP 4xx with {"error": "<message>"}.
  • Server error — HTTP 500 with {"error": "<message>"}.
  • Unauthorized — HTTP 401 with {"error": "Admin token required"}.

Endpoint Index

MethodPathAuthDescription
GET/api/configNoneShop config and pricing
GET/qr.pngNoneQR code PNG image
POST/api/ordersNoneSubmit a new print order
GET/api/ordersAdminList all orders
GET/api/orders/:idAdminGet single order
POST/api/orders/:id/transitionAdminAdvance order status
POST/api/orders/:id/printAdminTrigger print command
GET/files/:doc_idAdminDownload/view uploaded file
POST /api/orders requires no authentication by design — it is the customer submission endpoint, reached by scanning the shop’s QR code. Anyone with network access to the server can submit an order.

Build docs developers (and LLMs) love

Get started for freeTalk to us