QR for Agent

register

Obtain an API key for QR code generation by providing your email address. This enables access to dynamic QR code creation and tracking features.

Instructions

Input Schema

TableJSON Schema

Name	Required	Description	Default
`email`	Yes	Your email address.
`label`	No	An optional label to identify this API key.

Implementation Reference

packages/mcp/src/tools.ts:699-712 (handler)

The "register" tool definition and its handler, which triggers a POST request to "/api/register".

register: {
  description:
    "Register for an API key. Provide your email to get a key immediately.",
  inputSchema: z.object({
    email: z.string().email().describe("Your email address."),
    label: z
      .string()
      .optional()
      .describe("An optional label to identify this API key."),
  }),
  handler: async (input: { email: string; label?: string }) => {
    return apiRequest("/api/register", { method: "POST", body: input });
  },
},

src/modules/auth/auth.routes.ts:19-95 (handler)

The backend implementation of the /api/register endpoint which corresponds to the MCP 'register' tool handler.

app.post(
  "/api/register",
  {
    config: {
      rateLimit: {
        max: 3,
        timeWindow: "1 hour",
      },
    },
    schema: {
      tags: ["Auth"],
      summary: "Register for an API key",
      description:
        "Self-service endpoint to obtain an API key. Provide your email address and receive a key immediately. Store the key securely — it will not be shown again. Rate-limited to 3 requests per hour per IP.",
      body: {
        type: "object" as const,
        required: ["email"],
        properties: {
          email: {
            type: "string",
            format: "email",
            description: "Your email address. Used to identify the key owner.",
          },
          label: {
            type: "string",
            maxLength: 100,
            description:
              "Optional human-readable label for this API key (e.g., your app name). Defaults to the email address if not provided.",
          },
        },
      },
      response: {
        201: {
          type: "object",
          description: "The newly created API key. Store it securely.",
          properties: {
            key: {
              type: "string",
              description:
                "Your API key. Include it in the X-API-Key header for all authenticated requests.",
            },
            label: {
              type: "string",
              description: "The label associated with this key.",
            },
            message: {
              type: "string",
              description: "Important reminder about key storage.",
            },
          },
        },
      },
    },
  },
  async (request, reply) => {
    const parsed = registerBodySchema.safeParse(request.body);

    if (!parsed.success) {
      return sendError(reply, 400, {
        error: "Invalid request body.",
        code: "VALIDATION_ERROR",
        hint: "Provide a valid email address in the 'email' field. Optionally include a 'label' (max 100 characters).",
      });
    }

    const { email, label } = parsed.data;
    const result = generateApiKey(label || email, email);

    sendWelcomeEmail(email, result.key, result.label);

    return reply.status(201).send({
      key: result.key,
      label: result.label,
      message: "Store this key securely — it won't be shown again.",
    });
  }
);

Tool Definition Quality

B3.3/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden. It mentions receiving a key 'immediately' suggesting synchronous return, but fails to disclose that this is a state-mutating operation (creates credentials), lacks idempotency guidance (what happens on duplicate email?), and omits side effects or permission requirements.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences with zero waste: the first states purpose, the second states the required action and immediate outcome. Every word earns its place and the key information is front-loaded.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a simple 2-parameter tool with complete schema coverage, the description is minimally viable. However, gaps remain regarding output structure (no output schema exists), error cases (duplicate registration), and the tool's relationship to sibling operations (it is a prerequisite, not described).

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 100% schema description coverage ('Your email address', 'An optional label'), the schema fully documents parameters. The description mentions providing email but adds no syntax, format details, or semantic relationships beyond what the schema already provides, warranting the baseline score.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool 'Register[s] for an API key' with the specific resource (API key) and action. It implicitly distinguishes from QR-code manipulation siblings (create_qr_code, bulk_create, etc.) by being an authentication/onboarding operation rather than a QR management operation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The phrase 'Provide your email to get a key immediately' implies the workflow (input email → receive key), but lacks explicit guidance on when to use this versus existing credentials, whether it can be called multiple times, or that it is a prerequisite for other tools.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/benswel/qr-agent-core'

If you have feedback or need assistance with the MCP directory API, please join our Discord server