Activation QR codes
For a LoRaWAN® end-device to be activated on a given network, several device-specific attributes need to be provisioned on the Network Server. These attributes include mandatory ones, such as the device identifier (DevEUI), Join Server identifier (JoinEUI), and device profile, and the optional ones, such as serial number, owner token, and vendor-specific attributes. Historically, such attributes have been either (partially) printed on the end-device for the user to read them and manually enter them, or passed to the user in an email for him/her to copy-and-paste. In either case, the procedure has been laborsome and prone to errors. For confidentiality reasons, the device's security key (AppKey) is never included in the QR code. Therefore, to maximize the efficiency of using QR codes and prevent out-of-band exchanges between the manufacturer and the device owner (yielding unsecure delivery of the AppKey), it is highly recommended to rely on the external Join Server mode to activate OTAA devices. With this activation mode on external Join Server, the Owner Token can be safely present in the QR code.
In order to facilitate end-device provisioning for zero-touch user experience (without human intervention), LoRa Alliance has defined a standard QR encoding for end-device attributes. QR codes that are generated in accordance with the standard can embed all of the aforementioned info in a way that they can be placed on the end-device casing and read using a QR reader app. Streamlined and reliable end-device provisioning is the benefit of using this new standard.
For detailed information about the LoRa-Alliance technical specification, see tr005-lorawan-device-identification-qr-codes.