Password Protect PDFs

Document Engine enables you to create password-protected PDFs.

Before you get started, make sure Document Engine is up and running.

You’ll be sending multipart POST requests with instructions to Document Engine’s /api/build endpoint. To learn more about multipart requests, refer to our blog post on the topic, A Brief Tour of Multipart Requests.

Check out the API Reference to learn more about the /api/build endpoint and all the actions you can perform on PDFs with Document Engine.

PDF Passwords

PDF files can be protected with passwords to control who can access, modify, and print the contents of a document.

PDFs are protected with two types of passwords: the owner password and the user password.

  • Owner password — This password allows the owner of the PDF file to modify the file and change its permissions. The owner can change the user password, as well as set or modify the user permissions that control what users can do with the file.

  • User password — This password allows a user to open the PDF file with a set of permissions defined by the owner of the file. These permissions control what the user can do with the file, such as view, print, copy, or modify the contents. The user password can be used to protect the PDF file from unauthorized access by preventing users from viewing or modifying the file without the password.

PDF Permissions

Specify what users can do to a password-protected document with the user_permissions parameter. The value of this parameter is an array, where each element is one of the following:

  • annotations_and_forms allows users to add or modify text annotations and fill in interactive form fields.

  • assemble allows users to insert, rotate, or delete pages and create document outline items or thumbnail images.

  • extract allows users to copy or otherwise extract text and graphics from the document.

  • extract_accessibility allows users to copy or otherwise extract text and graphics from the document using accessibility options.

  • fill_forms allows users to fill in existing interactive form fields (including signature fields).

  • modification allows users to modify the document in any way not covered by the other permissions settings.

  • print_high_quality allows users to print the document in high quality.

  • printing allows users to print the document.

Password Protecting the PDF Output

To password protect the PDF output from /api/build, use the following example:

curl -X POST http://localhost:5000/api/build \
  -H "Authorization: Token token=<API token>" \
  -F cover=@/path/to/cover.pdf \
  -F document=@/path/to/example-document.pdf \
  -F instructions='{
  "parts": [
    {
      "file": "cover"
    },
    {
      "file": "document"
    }
  ],
  "output": {
    "type": "pdf",
    "owner_password": "owner-password",
    "user_password": "user-password",
    "user_permissions": [
      "printing",
      "modification",
      "extract",
      "annotations_and_forms",
      "fill_forms",
      "extract_accessibility",
      "assemble",
      "print_high_quality"
    ]
  }
}' \
  -o result.pdf
POST /api/build HTTP/1.1
Content-Type: multipart/form-data; boundary=customboundary
Authorization: Token token=<API token>

--customboundary
Content-Disposition: form-data; name="cover"; filename="cover.pdf"
Content-Type: application/pdf

<PDF data>
--customboundary
Content-Disposition: form-data; name="document"; filename="example-document.pdf"
Content-Type: application/pdf

<PDF data>
--customboundary
Content-Disposition: form-data; name="instructions"
Content-Type: application/json

{
  "parts": [
    {
      "file": "cover"
    },
    {
      "file": "document"
    }
  ],
  "output": {
    "type": "pdf",
    "owner_password": "owner-password",
    "user_password": "user-password",
    "user_permissions": [
      "printing",
      "modification",
      "extract",
      "annotations_and_forms",
      "fill_forms",
      "extract_accessibility",
      "assemble",
      "print_high_quality"
    ]
  }
}
--customboundary--