diff --git a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitApiController.php b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitApiController.php
index d90452ae3..23b5e41fb 100644
--- a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitApiController.php
+++ b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitApiController.php
@@ -983,4 +983,20 @@ public function updateLeadReportSettings($summit_id) {
             );
         });
     }
+
+    /**
+     * @param $summit_id
+     * @return mixed
+     */
+    public function getQREncKey($summit_id) {
+        return $this->processRequest(function () use ($summit_id) {
+            $summit = SummitFinderStrategyFactory::build($this->getSummitRepository(), $this->resource_server_context)->find($summit_id);
+            if (is_null($summit)) return $this->error404();
+
+            return $this->ok(SerializerRegistry::getInstance()
+                ->getSerializer($summit, SummitQREncKeySerializer::SerializerType)
+                ->serialize()
+            );
+        });
+    }
 }
\ No newline at end of file
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 339a378e6..5c5294499 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -87,5 +87,6 @@ class Kernel extends HttpKernel
         'cache'            => \App\Http\Middleware\CacheMiddleware::class,
         'ssl'              => \App\Http\Middleware\SSLMiddleware::class,
         'auth.user'        => \App\Http\Middleware\UserAuthEndpoint::class,
+        'service.account'  => \App\Http\Middleware\EnsureServiceAccount::class,
     ];
 }
diff --git a/app/Http/Middleware/EnsureServiceAccount.php b/app/Http/Middleware/EnsureServiceAccount.php
new file mode 100644
index 000000000..2b7fc2d3e
--- /dev/null
+++ b/app/Http/Middleware/EnsureServiceAccount.php
@@ -0,0 +1,49 @@
+<?php namespace App\Http\Middleware;
+
+/**
+ * Copyright 2025 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+use Closure;
+use models\oauth2\IResourceServerContext;
+use Illuminate\Support\Facades\Response;
+
+final class EnsureServiceAccount
+{
+    /**
+     * @var IResourceServerContext
+     */
+    private $context;
+
+    /**
+     * EnsureServiceAccount constructor.
+     * @param IResourceServerContext $context
+     */
+    public function __construct(IResourceServerContext $context)
+    {
+        $this->context = $context;
+    }
+
+    /**
+     * @param $request
+     * @param Closure $next
+     * @return \Illuminate\Http\JsonResponse|mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $application_type = $this->context->getApplicationType();
+        if ($application_type != IResourceServerContext::ApplicationType_Service) {
+            return Response::json(['error' => 'Only service accounts are allowed.'], 403);
+        }
+        return $next($request);
+    }
+}
diff --git a/app/Security/SummitScopes.php b/app/Security/SummitScopes.php
index a28588bc1..cf08dd0df 100644
--- a/app/Security/SummitScopes.php
+++ b/app/Security/SummitScopes.php
@@ -117,4 +117,6 @@ final class SummitScopes
 
     const WriteAttendeeNotesData = '%s/attendee/notes/write';
     const ReadAttendeeNotesData = '%s/attendee/notes/read';
+
+    const ReadSummitsEncKey = '%s/summits/read-enc-key';
 }
\ No newline at end of file
diff --git a/database/seeders/ApiEndpointsSeeder.php b/database/seeders/ApiEndpointsSeeder.php
index c42a8217b..e267387e0 100644
--- a/database/seeders/ApiEndpointsSeeder.php
+++ b/database/seeders/ApiEndpointsSeeder.php
@@ -8819,6 +8819,14 @@ private function seedSummitEndpoints()
                     IGroup::Administrators
                 ]
             ],
+            [
+                'name' => 'retrieve-qr-enc-key',
+                'route' => '/api/v1/summits/{id}/qr-codes-enc-key',
+                'http_method' => 'GET',
+                'scopes' => [
+                    sprintf(SummitScopes::ReadSummitsEncKey, $current_realm)
+                ]
+            ],
             [
                 'name' => 'get-registration-feed-metadata',
                 'route' => '/api/v1/summits/{id}/registration-feed-metadata',
diff --git a/database/seeders/ApiScopesSeeder.php b/database/seeders/ApiScopesSeeder.php
index 3098de8c3..86801770a 100644
--- a/database/seeders/ApiScopesSeeder.php
+++ b/database/seeders/ApiScopesSeeder.php
@@ -387,7 +387,12 @@ private function seedSummitScopes()
                 'name' => sprintf(SummitScopes::WriteAttendeeNotesData, $current_realm),
                 'short_description' => 'Write Attendee Notes Data',
                 'description' => 'Grants write access for Attendee Notes Data',
-            ]
+            ],
+            [
+                'name' => sprintf(SummitScopes::ReadSummitsEncKey, $current_realm),
+                'short_description' => 'Read Summit QR Codes Enc Key',
+                'description' => 'Grants read only access for Summit QR Codes Encryption Key',
+            ],
         ];
 
         foreach ($scopes as $scope_info) {
diff --git a/routes/api_v1.php b/routes/api_v1.php
index 3478b339b..dea12f4de 100644
--- a/routes/api_v1.php
+++ b/routes/api_v1.php
@@ -2117,6 +2117,10 @@
             });
         });
 
+        //qr-code-enc-keys
+
+        Route::get('qr-codes-enc-key', ['middleware' => 'service.account', 'uses' => 'OAuth2SummitApiController@getQREncKey']);
+
         // registration-feed-metadata
 
         Route::group(['prefix' => 'registration-feed-metadata'], function(){
diff --git a/tests/OAuth2SummitApiTest.php b/tests/OAuth2SummitApiTest.php
index 85ed738f5..3b9da9330 100644
--- a/tests/OAuth2SummitApiTest.php
+++ b/tests/OAuth2SummitApiTest.php
@@ -1149,4 +1149,28 @@ public function testUpdateSummitRegSlugPrefixHavingPaidTickets(){
         $this->assertResponseStatus(412);
         $this->assertStringContainsString('there are paid tickets', $content);
     }
+
+    public function testGetQREncKey(){
+
+        App::singleton('App\Models\ResourceServer\IAccessTokenService', AccessTokenServiceStub2::class);
+
+        $params = [
+            'id' => self::$summit->getId(),
+        ];
+
+        $response = $this->action(
+            "GET",
+            "OAuth2SummitApiController@getQREncKey",
+            $params,
+            [],
+            [],
+            [],
+            $this->getAuthHeaders()
+        );
+
+        $content = $response->getContent();
+        $this->assertResponseStatus(200);
+        $summit_enc_key = json_decode($content);
+        self::assertNotNull($summit_enc_key);
+    }
 }
\ No newline at end of file
diff --git a/tests/ProtectedApiTestCase.php b/tests/ProtectedApiTestCase.php
index 1581f07c4..a1a920b7c 100644
--- a/tests/ProtectedApiTestCase.php
+++ b/tests/ProtectedApiTestCase.php
@@ -137,6 +137,7 @@ public function get($token_value)
             ElectionScopes::NominatesCandidates,
             ElectionScopes::WriteMyCandidateProfile,
             sprintf(SummitScopes::ReadAuditLogs, $url),
+            sprintf(SummitScopes::ReadSummitsEncKey, $url),
         );
 
         return AccessToken::createFromParams(
@@ -230,6 +231,7 @@ public function get($token_value)
             ElectionScopes::NominatesCandidates,
             ElectionScopes::WriteMyCandidateProfile,
             sprintf(SummitScopes::Allow2PresentationAttendeeVote, $url),
+            sprintf(SummitScopes::ReadSummitsEncKey, $url),
         );
 
         return AccessToken::createFromParams(