Browse All Events

events

Concerts & Live MusicFestivals & FairsTheater & Performing ArtsComedy & Stand-UpNightlife & ClubsSports & GamesFitness & WellnessOutdoor & Adventure

Popular Destinations

Portland
PricingBlog
Event organizers
Knowledge BaseCheck-In System

Zero-Login Scanner Technology

Technical deep-dive into the zero-login scanner architecture and security model.

7 min readUpdated 2025-01-15

The Zero-Login Scanner enables instant ticket validation without app downloads, user accounts, or training. This document explains the technical architecture and security measures.

Try the Scanner Interface

Click the QR code to simulate a scan

Valid
Already Scanned
Invalid

Architecture Overview

Frontend

Technology: Progressive Web App (PWA)
Camera: WebRTC getUserMedia API
QR Decoder: client-side JS library
Storage: IndexedDB for offline cache

Backend

Validation API: < 100ms response
WebSocket: Real-time scan sync
Database: Distributed read replicas

Security

Auth: Time-limited access tokens
Link expiry: Configurable (default: event end + 24hr)
Permissions: Scan-only (no financial access)

Scanner Link Generation

javascript
// Scanner link structure
https://scan.brightstarevents.com/v/{token}

// Token contains:
{
  "event_id": "evt_abc123",
  "permissions": ["scan", "view_attendee_name"],
  "expires_at": "2025-07-18T00:00:00Z",
  "created_by": "usr_xyz789",
  "entrance_id": "main"  // Optional: multi-entrance
}

// Token is signed with event-specific key
// Cannot be modified without detection

Scan Validation Flow

When a QR code is scanned:

  1. 1Camera captures QR code image
  2. 2Client-side decoder extracts ticket ID
  3. 3Local cache checked first (offline support)
  4. 4API request to validation endpoint
  5. 5Server checks: valid ticket, not already scanned, correct event
  6. 6Response returned with attendee name + ticket type
  7. 7Scan logged with timestamp, device info, GPS (if permitted)
  8. 8UI shows green (valid), red (invalid/duplicate), yellow (warning)

Scanner validation flow diagram

Interactive component coming soon

Security Features

Built-in security measures:

  • Scanner links are unique per event (not reusable)
  • Links can be revoked instantly from dashboard
  • Scanner sees attendee name only (no email/phone)
  • No access to sales data or financial info
  • All scans logged with device fingerprint
  • GPS tagging optional (for multi-venue events)
  • Duplicate scan detection prevents re-entry
Generate separate scanner links for each entrance. This enables real-time capacity tracking by location: "Main Gate: 250 scanned | VIP Entrance: 45 scanned".

Related Articles

QR Code Specifications

5 min read

Offline Mode & Sync

5 min read

Ticket Validation API

6 min read

Ready to get started?

Create your first event on BrightStar — it's free.

Create Free AccountContact Support
Back to Knowledge Base