Edit

Share via

Create or Update QR code

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Create a standard or temporary QR code, if there is no active QR code, or update a standard QR code. Only the expireDateTime property can be updated for a standard QR code.

This API is available in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet

Permissions

Permissions acting on self

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) UserAuthenticationMethod.ReadWrite UserAuthenticationMethod.ReadWrite.All
Delegated (personal Microsoft account) Not supported. Not supported.
Application Not supported. Not supported.

Permissions acting on other users

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) UserAuthenticationMethod.ReadWrite.All Not available.
Delegated (personal Microsoft account) Not supported. Not supported.
Application UserAuthenticationMethod.ReadWrite.All Not available.

Important

In delegated scenarios with work or school accounts where the signed-in user is acting on another user, they must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.

  • Authentication Administrator
  • Privileged Authentication Administrator

HTTP request

Update your own QR Code.

PATCH /me/authentication/qrCodePinMethod/standardQRCode
PATCH /me/authentication/qrCodePinMethod/temporaryQRCode

Note

Calling the /me endpoint requires a signed-in user and therefore a delegated permission. Application permissions aren't supported when using the /me endpoint.

Update another user's QR Code.

PATCH /users/{id}/authentication/qrCodePinMethod/standardQRCode
PATCH /users/{id}/authentication/qrCodePinMethod/temporaryQRCode

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.
Content-Type application/json. Required.

Request body

In the request body, supply only the values for properties to update. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values.

The following table specifies the properties that can be updated.

Property Type Description
startDateTime DateTimeOffset The date and time when the QR code becomes available to use.
expireDateTime DateTimeOffset The QR code expires and becomes unusable based on this property's value. This property can be modified for a standard QR code up to the maximum lifetime of 395 days from the startDateTime value. This property can't be modified for a temporary QR code.

Response

If successful, this method returns a 201 Created response code and an updated qrCode object in the response body. The QR code image is returned only when creating a QR code object. It's not returned when updating a standard QR code object.

Examples to create a standard QR code

Request

The following example shows a request.

PATCH https://graph.microsoft.com/beta/users/7c4999f7-9c25-4f8e-8b84-766eb28a1b49/authentication/qrCodePinMethod/standardQRCode
Content-Type: application/json

{
  "@odata.type": "#microsoft.graph.qrCode",
  "expireDateTime": "2025-12-19T12:00:00Z",
  "startDateTime": "2025-01-01T12:00:00Z",
}

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-Type: application/json

{
  "@odata.type": "#microsoft.graph.qrCode",
  "id": "44f2f040-ea9d-4283-9e7b-b63ddae391a9",
  "expireDateTime": "2025-12-19T12:00:00Z",
  "startDateTime": "2025-01-01T12:00:00Z",
  "createdDateTime": "2025-03-04T21:27:46.9771036Z",
  "lastUsedDateTime": "0001-01-01T00:00:00Z",
  "image": {
    "@odata.type": "#microsoft.graph.qrCodeImageDetails",
    "binaryValue": "SGVsbG9Xb3JsZCE=",
    "version": 1,
    "errorCorrectionLevel": "l",
    "rawContent": "SGVsbG9Xb3JsZCEyTXlSYXdDb250ZW50"
  }
}

Examples to update a standard QR code

Request

The following example shows a request.

PATCH https://graph.microsoft.com/beta/me/authentication/qrCodePinMethod/standardQRCode
Content-Type: application/json

{
  "@odata.type": "#microsoft.graph.qrCode",
  "expireDateTime": "2025-12-01T12:00:00Z",
}

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-Type: application/json

{
  "@odata.type": "#microsoft.graph.qrCode",
  "id": "44f2f040-ea9d-4283-9e7b-b63ddae391a9",
  "expireDateTime": "2025-12-01T12:00:00Z",
  "startDateTime": "2025-01-01T12:00:00Z",
  "createdDateTime": "2025-03-04T21:27:46.9771036Z",
  "lastUsedDateTime": "0001-01-01T00:00:00Z",
  "image": null
}