A brief summary of popular use cases for QR codes.
Perhaps the most common use for QR Codes is to share URLs: simply encode the (URL-encoded) string value
and make sure to include the scheme http(s):// so that it can be properly identified by the reader application:
https://en.m.wikipedia.org/wiki/URL
Some URLs may open a vendor specific application, for example the following URL may open the YouTube app:
https://www.youtube.com/watch?v=dQw4w9WgXcQ
See also:
E-Mail links are encoded similar to URLs, preceded by the mailto: scheme to ensure they are properly identified and the default mail application can be opened.
Parameters may be added as a URL query string:
mailto:<ADDR>[,...?to=<ADDR>,...&cc=<ADDR>,...&bcc=<ADDR>,...&subject=<SUBJECT>&body=<BODY>]
| Query parameter | Description |
|---|---|
to |
Alternative to add a recipient address: mailto:<ADDR>?to=<ADDR> is equivalent tomailto:<ADDR>,<ADDR> and mailto:?to=<ADDR>,<ADDR> |
subject |
Subject text: mailto:<ADDR>?subject=Hello%20World%21 would open the e-mail appand create a messagewith the subject Hello World! |
body |
Message body: mailto:<ADDR>?body=This%20is%20the%20message%20body.creates a message with the contents This is the message body. |
cc |
"Carbon copy" to add one or more cc recipients |
bcc |
"Blind carbon copy" to add one or more bcc recipients |
The fields for recipient adresses (mailto:, to, cc, bcc) may contain one or more elements separated by a comma ,; the values of all fields shall be URL-encoded according to RFC 3986.
Examples:
mailto:?to=addr1@example.commailto:addr1@example.com,addr2@example.commailto:addr1@example.com?cc=addr2@example.com&subject=Hello%21
See also:
A phone number should be prefixed with the tel: scheme so that a device's dialer can be invoked properly:
tel:+999-123-456-7890
Generally, the most complete version of a telephone number possible sould be used, e.g. +<country code><area code><number>, spaces or hyphens may be used to separate blocks.
Some devices may also support the sms and fax schemes, which are deprecated in favor of tel.
See also:
- RFC 3966 - The 'tel' URI for Telephone Numbers
- List of country calling codes (Wikipedia)
- National conventions for writing telephone numbers (Wikipedia)
- google/libphonenumber (GitHub) (PHP port (GitHub))
A geographical coordinate, including altitude can be encoded using the geo: URI scheme so that it can be opened with a map application.
geo:<latitude>,<longitude>[,<altitude>;crs=<crs>;u=<num>]
The default coordinate system is WGS-84, for which latitude and longitude should be supplied as decimal degrees, the optional altitude in meters.
The parameter u can be used to specify an uncertainty value (in meters), a different coordinate reference system may be supplied with crs.
Some applications support an additional query string with values of z for zoom level and q for a local search query (URL-encoded):
geo:<latitude>,<longitude>?z=<zoom>&q=<search>
Examples:
geo:47.620521,-122.349293geo:27.988056,86.925278,8848geo:11.373333,142.591667,-10920;u=10geo:37.786971,-122.399677;crs=Moon-2011;u=35
See also:
- RFC 5870 - A Uniform Resource Identifier for Geographic Locations ('geo' URI)
- geo URI scheme (Wikipedia)
- Coordinate reference system (Wikipedia)
Mobile authenticators can be added with the otpauth scheme:
otpauth://<MODE>/<LABEL>?secret=<SECRET>[&issuer=<ISSUER>¶ms...]
The path elemets MODE and LABEL as well as the query parameter secret are mandatory, other query parameters are optional,
however, it is strongy advised to add the issuer parameter to ease identification.
The LABEL, as well as the issuer values shall be URL-encoded according to RFC 3986.
| Path element | Description |
|---|---|
MODE |
Authenticator mode, either totp (time based) or hotp (counter based) |
LABEL |
The label is used to identify which account a key is associated with. It may be prefixed with the issuer name, separated by a colon: <issuer>:<account> |
| Query parameter | Description |
|---|---|
secret |
Secret key (required), a cryptographically random string, encoded in Base32 according to RFC 3548 (without padding). Some authenticators may support Base64 and hexadecimal values as well. |
issuer |
A string value indicating the provider or service this account is associated with. |
algorithm |
Hash algorithm, may be one of SHA1 (default), SHA256 or SHA512 |
digits |
Length of the OTP code: 6 or 8 |
counter |
(hotp only, required) The initial counter value |
period |
(totp only) The period of time in seconds a code will be valid for (default: 30) |
The parameters algorithm, digits and period may not be supported by some devices/apps.
Examples:
otpauth://hotp/example.com:counter-based?secret=JBSWY3DPEHPK3PXP&counter=42otpauth://hotp/counter-based?secret=JBSWY3DPEHPK3PXP&issuer=example.com&digits=6&algorithm=SHA256&counter=42otpauth://totp/example.com%3Atime-based?secret=JBSWY3DPEHPK3PXPotpauth://totp/time-based?secret=JBSWY3DPEHPK3PXP&issuer=example.com&digits=8&algorithm=SHA512&period=60
See also:
- RFC 4226 - An HMAC-Based One-Time Password Algorithm
- RFC 6238 - Time-Based One-Time Password Algorithm
- Google Authenticator (Wikipedia)
- google-authenticator: Key Uri Format (GitHub)
- php-qrcode: Authenticator example (GitHub)
Wi-Fi configuration general syntax looks as follows:
WIFI:S:<SSID>[;T:<TYPE>;P:<PASSWORD>;H:<HIDDEN>;];
| Parameter | Description |
|---|---|
S* |
Network SSID (required) |
T |
Authentication type: can be one of WEP, WPA, WPA2-EAPor nopass for no password (in which case you can omit the parameter) |
P* |
Password, ignored if parameter T is set to nopass |
H |
Set to true the network SSID is hidden. |
* the value shall be enclosed in double quotes " if it is an ASCII string that can be interpreted as hex, e.g. "ABCD1234",
special characters \ ; , " : shall be escaped with a backslash \.
Additional parameters for WPA2 and WPA3 (please note that these parameters may not be supported by some devices):
| Parameter | Description |
|---|---|
A |
WPA2-EAP: Anonymous identity |
E |
WPA2-EAP: EAP method, like TTLS or PWD |
PH2 |
WPA2-EAP: Phase 2 method, like MSCHAPV2 |
I |
WPA2-EAP, WPA3: UTF-8 encoded password identifier, present if the password has an SAE password identifier |
K |
WPA3: DER of ASN.1 SubjectPublicKeyInfo in compressed form and encoded in “base64”, present when the network supports SAE-PK |
R |
WPA3: Transition Disable value |
Examples:
WIFI:S:MyNetworkWihoutPassword;;WIFI:S:MyNetworkWihoutPassword;T:nopass;P:;;WIFI:S:MyHiddenWpaNetwork;T:WPA;P:"PASSWORD123";H:true;;WIFI:S:MyHiddenWpa2Network;T:WPA2-EAP;P:"PASSWORD123";H:true;;
See also:
The vCard is the most commonly used format to exchange contact details. It's too complex to fully explain here, instead just a bare minimum example:
BEGIN:VCARD
VERSION:4.0
N:<NAME>
FN:<FULL NAME>
GENDER:O
EMAIL;type=(WORK|HOME):<EMAIL>
TEL;type=(WORK|CELL|HOME):<PHONE>
ADR;type=WORK:<LINE1>;<LINE2>;<STREET>;<CITY>;<STATE>;<ZIP>;<COUNTRY>
TZ:<CITY/COUNTRY>
URL:<URL>
PHOTO;JPEG:<LINK>
LOGO;JPEG:<LINK>
NOTE:<TEXT>
CATEGORIES:<LIST>
END:VCARD
See also:
- RFC 6350 - vCard Format Specification
- vCard (Wikipedia)
- vCard Ontology - for describing People and Organizations (W3C)
- vobject library for PHP (GitHub)
Calendar events can be shared via the iCalendar (formerly vCalendar) object (example from icalendar-generator):
BEGIN:VCALENDAR
VERSION:2.0
PRODID:spatie/icalendar-generator
NAME:Laracon online
X-WR-CALNAME:Laracon online
BEGIN:VEVENT
UID:5ef5c3f64cb2c
DTSTAMP;TZID=UTC:20200626T094630
SUMMARY:Creating calendar feeds
DTSTART:20190306T150000Z
DTEND:20190306T160000Z
DTSTAMP:20190419T135034Z
END:VEVENT
END:VCALENDAR
See also: