Formats that matter
Side-by-side of QR, PDF417, Aztec, Data Matrix and Code 128 — capacity, error correction, and where each is actually used.
Reference · Updated 2026
Barcode tickets, demystified.
A clear, no-nonsense reference on how modern tickets encode data in a barcode, how scanners validate them, and what makes one ticket harder to forge than another — whether it is on paper, in a wallet app, or on a printed boarding pass.
What you will find here
Plain-language explanations for anyone holding a ticket, issuing one, or building the system behind it.
Printing & display
Minimum sizes, quiet zones, screen brightness, and why glossy screen protectors kill scan rates.
How scanning works
From the camera sensor to the validation server: what the gate actually checks when your ticket beeps.
Ticket security
Single-use IDs, signed payloads, rotating codes, and the honest limits of anti-copy protection.
Mobile vs. paper
When a screenshot is fine, when a wallet pass is required, and why some venues still print.
Troubleshooting
A checklist for the moment your ticket will not scan — and what venue staff can do about it.
Barcode formats used on tickets
Linear (1D) codes store a short identifier and rely on a database for everything else. 2D codes pack dozens to thousands of characters directly into the symbol, which is why most modern tickets use one of them.
| Format | Type | Typical capacity | Where you see it |
|---|---|---|---|
| QR Code | 2D matrix | Up to ~4,200 alphanumeric characters | Events, mobile tickets, wallet passes |
| PDF417 | 2D stacked | Up to ~1,800 characters | Airline boarding passes (IATA BCBP), concerts |
| Aztec | 2D matrix | Up to ~3,000 characters | Rail, metro, some boarding passes |
| Data Matrix | 2D matrix | Up to ~2,300 characters | Compact labels, postal, small-format tickets |
| Code 128 | 1D linear | ~48 characters | Legacy paper tickets, wristbands, inventory |
Figures are practical ceilings for the highest-density configurations; real tickets use far less. Higher error-correction levels reduce usable capacity but survive creases, dirt and cracked phone screens.
From booking to gate, in four steps
Most systems vary in the details, but the pipeline looks the same.
-
Issue
The issuer generates a unique ticket ID, stores it with event, seat and buyer metadata, and renders it into a barcode — often with a signature so tampering can be detected offline.
-
Deliver
The code is sent to you as a PDF, an email attachment, a wallet pass (Apple Wallet, Google Wallet), or inside the issuer’s app where it can be refreshed on demand.
-
Present
At the gate you hold the code under a scanner — a phone camera, a handheld imager, or a fixed turnstile reader. The scanner decodes the symbol in milliseconds.
-
Validate
The decoded ID is checked against the issuer’s system (or a signed allow-list downloaded in advance). If it is valid and unused, the gate opens and the ID is marked as used.
Get your ticket scanned, first try
Almost every failed scan comes down to one of these.
Brightness to maximum
Auto-brightness dims the screen just as you hand it over. Turn it off, or crank the slider up manually before you reach the gate.
Clean and flat
Wipe the screen. Hold the phone flat, not tilted. A cracked screen protector scatters light and kills contrast — unwrap the case if you have to.
Keep the quiet zone
Barcodes need a margin of empty space around them. Do not zoom until the code fills the edges — most readers lose lock when the quiet zone is cropped.
Screenshot with care
Screenshots work for static codes. They will not work for rotating or time-based codes that refresh every minute — use the issuer’s app for those.
Print dark on light
Black on white, at least 2 cm on the short edge for 2D codes. Thermal paper fades fast — keep it out of wallets, pockets and sunlight.
Have a backup
Save the PDF locally. Venue Wi-Fi is unreliable and cell signal drops at the worst moment. Offline is always a better plan than "it’s in my email".
What actually stops a fake ticket?
Three layers, each doing something different.
- Unique IDs — every ticket has a long, random identifier. Guessing one is computationally hopeless.
- Single-use on the back end — once the ID scans, it is burnt. A forwarded screenshot beats you to the gate, but only one copy gets in.
- Cryptographic signatures — the code carries a signature the gate can verify without a network round-trip. Altering the payload invalidates the signature.
- Rotating codes — high-value tickets (flights, finals, transit) refresh every 30–60 seconds, so a screenshot expires before it can be resold.
- Bind to identity where it matters — some tickets also carry a name or document number that is checked at the gate.
No barcode is unforgeable on its own. Security comes from the system around it: the issuer, the scanner, and the rules they enforce together.
Quick answers
The questions we are asked most often. More in the full FAQ.
Is a screenshot of my barcode good enough?
For a static code, yes — a clear, uncropped screenshot scans identically to the original. For rotating or signed codes generated by the issuer’s app, no. If the ticket email says "generated at entry" or "do not screenshot", take that literally.
Can two people use the same barcode?
No. The first scan marks the ticket as used in the back-end system; every copy after that is rejected, regardless of how it was delivered.
Why do some tickets refuse to scan from a phone?
Most often: screen too dim, code partially cropped, or an aggressive screen protector adding glare. Rarely: the code is signed to a specific wallet and rejects copies on purpose.
What is the code below the barcode for?
It is the human-readable version of the same identifier. Staff use it to look up your ticket manually if the scanner cannot read the code.
Are QR tickets safer than PDF417 tickets?
Neither is inherently safer — both are open standards that can be read by anyone. Safety comes from whether the payload is signed, single-use, and validated against a live back end.
Keep reading
Focused guides, each under ten minutes.
How barcode tickets work →
The full lifecycle, from issue to validation.
Ticket formats compared →
QR, PDF417, Aztec, Data Matrix, Code 128 — when each one is chosen.
Scanning tips →
Why scans fail and how to fix them in the line.
Mobile vs. paper →
Where each format still makes sense.
Ticket security →
Signatures, rotating codes, and what they cannot protect against.
Full FAQ →
Every question in one place.
Have a question we have not answered?
Write to us — we read everything.