I Built a QR Code API in Go - Here's What I Learned in One Week

Muhammad Zuhrul Umam — Thu, 11 Dec 2025 03:58:00 +0000

The Setup: Father of 2, Go developer in Indonesia, 6 months runway, $63 budget. The mission: validate 1 of 20 researched micro-SaaS ideas before my savings run out.

I chose the QR Code API. Not because it's sexy—because the numbers made sense.
The Research That Led Me Here
I spent 2 weeks analyzing exit data from Acquire.com, scraping RapidAPI marketplace pricing, and reading IndieHackers revenue posts. QR Code APIs showed:

Competitors charging $5-30/month with active subscribers
Post-COVID adoption created permanent demand (contactless payments, digital menus)
Simple tech = low maintenance (critical with 2 kids)
The QR standard hasn't changed since 2015 (zero breaking changes)

The market exists. The question: Can I capture any of it?
Why Speed Mattered More Than Features
My biggest risk isn't building the wrong features—it's running out of time building features nobody wants.
The bet: Ship a working API in 1 week. Free during beta. If 10+ people sign up asking about paid tiers, I build more features. If not, I pivot to idea #2 (Markdown to PDF API) using the same infrastructure.
Day 1-2: Building the Core
I picked Go because that's what I know. AWS Lambda because the free tier is permanent (1M requests/month forever). The actual QR generation library did the heavy lifting—I just needed to wrap it properly.
The hardest part wasn't the code. It was resisting the urge to add "just one more feature."
Every time I thought "I should add SVG support":

That's 6 more hours
Nobody asked for it yet
I can add it in week 2 if demand proves it

Ship the minimal version. Validate first. Perfectionism kills indie projects.
Day 3: The 4-Hour CORS Detour
Everything worked via curl. Then I tried calling it from my frontend and hit the dreaded CORS error.
Turns out I had CORS headers in THREE places:

My Lambda function
API Gateway configuration
CloudFlare Worker proxy

Each one added Access-Control-Allow-Origin: *. Browsers saw *, * and rejected it. Duplicate headers = fail.
The fix: Remove CORS from Lambda and API Gateway. Let CloudFlare Worker handle it once. One source of truth.
The lesson: Distributed systems multiply your debugging surface area. When something breaks, you're hunting across multiple services.
Day 4-5: Protection and Testing
Free API = abuse magnet. I needed protection without friction.
Set up API Gateway throttling:

10 requests/second max
50,000/day limit
CloudWatch alarm emails me at 50K

The math: 50K/day × 30 = 1.5M/month. My free tier is 1M. The alarm fires before I get charged.
For testing, I skipped mocking AWS locally (too complex). Wrote simple table-driven tests that run in 50ms. Fast feedback > perfect simulation.
Day 6-7: Landing Page and Launch Prep
Built the landing page with plain HTML and Tailwind. No React, no build step, no complexity. The live demo calls the actual API client-side so people can test it instantly.
Pricing decision: I almost listed $9 and $29/month tiers. Then I realized—I'm selling features I haven't built yet. SVG export? Not implemented. Logo embedding? Doesn't exist.
Pivot to honesty: Free during beta. Unlimited. Email capture for "notify me when paid tiers launch."
If people don't even use it free, they won't pay for it.
The Economics That Make This Possible

AWS Lambda: $0 (1M free requests/month, permanent)
API Gateway: $0 (1M free requests/month, permanent)
CloudFlare Worker: $0 (100K requests/day free)
Route53: $0.50/month (only real cost)

Total: $0.50/month
Response times: 50-150ms globally.
I can validate this idea for the cost of a coffee. That's the power of serverless for bootstrappers.
What I Got Wrong

CORS strategy Should have decided upfront which layer handles it. Cost me 4 hours of debugging.
Analytics Launched without usage tracking. Now I have no idea who's testing it until they email.
Overthinking features Almost delayed launch to add SVG support. Caught myself, shipped anyway. The Validation Framework Week 1-2: Watch these signals Good signs:

10+ email signups
People asking "when can I pay?"
Feature requests in emails
Actual API usage (CloudWatch shows calls)

Bad signs:

<3 signups after posting on 3 platforms
Zero API calls (people don't even test it)
"I'll just use the free alternatives"

Week 3: Decision point

Strong demand → Build SVG, logos, analytics, launch paid tiers
Weak demand → Pivot to idea #2, reuse infrastructure

What Happens If This Fails?
I'm not starting from zero. The infrastructure is reusable:

Lambda setup works for any API
Landing page template ready
Stripe integration (if I build it)
Marketing channels (Product Hunt profile, Dev.to followers)

Time to pivot: 1 week (just swap the API logic)
From QR generation to Markdown→PDF conversion? Change 100 lines of Go. Everything else stays.
I have runway for 4-5 validation attempts. This is attempt #1.
Current Status
✅ Live: healnify.com
✅ Free: Unlimited during beta
✅ Working: 50ms response times
⏳ Validating: Waiting for demand signals
Try it:
POST https://qrcodeapi.healnify.com/generate
{"url": "https://example.com", "size": 512}
Returns base64-encoded PNG.
The Real Lesson
Perfect code doesn't matter if nobody wants the product.
I could spend 2 more weeks adding:

SVG and PDF export
Logo embedding with transparency
Gradient backgrounds
Analytics dashboard
Dynamic QR with tracking

Or I can spend 2 weeks learning if anyone cares.
I chose validation over perfection.
Next 2 weeks: Marketing push (Product Hunt, Dev.to, Reddit). Track signups and usage. Make the pivot decision at week 3.

Following along? I'm building in public on Twitter/X and LinkedIn. Sharing real metrics, not vanity numbers.
Questions about:

The validation framework?
AWS free tier limits?
Why I'm risking 6 months on this?

Drop them below. I'll answer everything.

Forem: Muhammad Zuhrul Umam

I Built a QR Code API in Go - Here's What I Learned in One Week