Working with Password-Protected PDFs

Document Engine enables you to work with password-protected PDFs. You can provide password-protected PDFs as inputs for Document Engine’s operations and password protect the output of these operations.

PDF Passwords

PDF files can be protected with passwords to control who can access, modify, and print the contents of a document.

PDFs are protected with two types of passwords: the owner password and the user password.

  • Owner password — This password allows the owner of the PDF file to modify the file and change its permissions. The owner can change the user password, as well as set or modify the user permissions that control what users can do with the file.

  • User password — This password allows a user to open the PDF file with a set of permissions defined by the owner of the file. These permissions control what the user can do with the file, such as view, print, copy, or modify the contents. The user password can be used to protect the PDF file from unauthorized access by preventing users from viewing or modifying the file without the password.

Performing Document Engine Operations on Password-Protected PDFs

If a document is password protected, any operations performed on it require supplying a password. Document Engine’s Server API allows you to specify passwords via pspdfkit-pdf-password HTTP header.

The value of this header can be either a plain-text password or a Base64-encoded password in the form base64:<encoded-password>. Use the Base64 encoding if your password contains characters that aren’t allowed in HTTP headers or that would be otherwise mangled (e.g. trailing or leading spaces).

For example, to upload a password-protected PDF, use the following request:

curl -X POST http://localhost:5000/api/documents \
  -H "Authorization: Token token=<API token>" \
  -H "pspdfkit-pdf-password: document-password" \
  -F file=@/path/to/example-document.pdf

Performing Build Operations on Password-Protected PDFs

To use a password-protected part in Build API, provide the appropriate password in the password field of the FilePart.

For example, to merge a password-protected PDF with an unprotected PDF document, use the following request:

curl -X POST http://localhost:5000/api/build \
  -H "Authorization: Token token=<API token>" \
  -F document=@/path/to/example-document.pdf \
  -F password-document=@/path/to/example-password-document.pdf \
  -F instructions='{
  "parts": [
    {
      "file": "document"
    },
    {
      "file": "password-document",
      "password": "123456"
    }
  ]
}' \
  -o result.pdf
POST /api/build HTTP/1.1
Content-Type: multipart/form-data; boundary=customboundary
Authorization: Token token=<API token>

--customboundary
Content-Disposition: form-data; name="document"; filename="example-document.pdf"
Content-Type: application/pdf

<PDF data>
--customboundary
Content-Disposition: form-data; name="password-document"; filename="example-password-document.pdf"
Content-Type: application/pdf

<PDF data>
--customboundary
Content-Disposition: form-data; name="instructions"
Content-Type: application/json

{
  "parts": [
    {
      "file": "document"
    },
    {
      "file": "password-document",
      "password": "123456"
    }
  ]
}
--customboundary--
Warning

The PDF documents you create with /api/build are unprotected by default. For more information on setting a password for a document, see the guide on Output.