azionelab/docs/adr/0003-qr-code-token-strategy.md

ADR-0003: Use Opaque Tokens in QR Codes

Date: 2026-04-28

Status

Accepted

Context

Confirmed reservations need QR codes that visitors can show on a smartphone or printed page. Staff must be able to scan the QR code at the entrance and verify the reservation.

QR codes are easy to copy or share, so they must not expose personal data or encode reservation details directly.

Decision

QR codes will contain only an opaque, random, non-guessable token or a verification URL containing that token.

The backend will resolve the token server-side, validate that the reservation is confirmed, and reject duplicate check-ins. Tokens must not contain names, email addresses, phone numbers, notes, or other personal data.

Consequences

• QR codes remain privacy-preserving even if printed, forwarded, or photographed.
• Token validation stays centralized in the backend.
• Check-in requires backend availability at the venue.
• Duplicate check-in prevention depends on reliable server-side state and database constraints.