~/work/dynamic-qr

dynamic qr

Print a QR code once, then change where it points whenever you want, so a moved or dead link never means reprinting.

Visit qr.bmac.io

client

Internal product

role

Solo build, from scratch

launched

July 2026

status

Live

next.jstypescriptreactprismaneon postgresnextauthresendnetlifyvitest
qr.bmac.io
The dynamic qr landing page, with a headline about QR codes that never go stale and a form to create a code.

// the problem

Most QR codes encode the destination URL directly. When a campaign page moves, gets renamed, or goes down, the printed code is dead and has to be regenerated and reprinted. For anything physical, like posters, packaging, signage, or menus, that is slow and expensive.

qr.bmac.io/r/...
A scanned QR code that leads to a dead end, showing a message that the code is no longer active.
what a scanner sees when a code points nowhere

// what I built

I built a dynamic redirect service. Each QR encodes a short link on my own domain (qr.bmac.io/r/<code>), and the real destination is a database record you can edit at any time, so the printed code keeps working. You can create a code anonymously in a couple of seconds with no signup, then claim it into an account later. Signed-in users manage their codes from a dashboard, edit destinations, and see scan analytics. Sign-in works with either email and password or a passwordless magic link.

qr.bmac.io/dashboard
Editing a dynamic QR code's destination URL from the dashboard.
change where the QR points, no reprint

// technical highlights

  • Dynamic redirect through a short base62 code, so the destination changes without regenerating or reprinting the QR.
  • Anonymous creation backed by an unguessable edit token, no cookies required, and claimable into an account on sign-up.
  • Passwordless magic-link sign-in alongside email and password (Auth.js v5, JWT sessions).
  • First-party scan analytics logged on every redirect: timestamp, approximate country from an edge geo header, device type parsed from the user agent, and the referrer host. The write is fire-and-forget so it never blocks or slows the redirect.
  • Privacy-conscious by design: raw IP addresses are never stored (only a salted one-way hash), and analytics are cookieless, so no consent banner is needed.
  • Collision-resistant short-code generation with retry on conflict.
  • Abuse protection: a per-IP daily cap on anonymous creates and a per-email hourly cap on magic-link requests, enforced in the database so the limits hold across serverless instances.
  • Analytics dashboard with a hand-built SVG time-series chart, country and device breakdowns, and CSV export.
  • 34 automated tests (Vitest), unit and integration, including the core behavior: edit the destination and the redirect follows.
qr.bmac.io/dashboard
Scan analytics for a QR code, with a 30-day chart plus country and device breakdowns.
30-day chart, country and device breakdowns, CSV export
qr.bmac.io/dashboard
A dashboard listing a user's dynamic QR codes with their short links and destinations.
short links, destinations, edit and download

// the impact

edit after print
the destination changes without regenerating or reprinting the QR code.
no signup to start
create a working code anonymously, then claim it into an account later.
cookieless analytics
per-code country, device, and referrer, logged without cookies or storing raw IP addresses.

Live and free to use. The free tier, accounts, magic-link sign-in, and scan analytics with CSV export all work today. A paid tier, with extras like higher limits and vector or PDF export, is planned but not turned on yet.

qr.bmac.io
The result screen after creating a QR anonymously, with a scan URL, a PNG download, and an option to save it by email.
scan URL, PNG download, save by email

Have a similar problem?

Let's talk about what to build.

Start a project →