Loading
Loading
Our Protect PDF API offers enterprise-grade security tools to lock down sensitive information and control how users interact with your documents. Lock PDF files with user and owner passwords using industry standard AES-256 encryption and apply granular restrictions like copying, printing, or making changes. Whether you're protecting confidential reports, securing client contracts, or preventing unauthorized document modifications, our API handles it all through simple REST endpoints.
Built for compliance systems, document management platforms, confidential report generators, and enterprise content security solutions. Password protect sensitive financial documents, prevent copying from legal contracts, restrict printing for internal memos, secure client proposals with editing restrictions, or apply comprehensive protection to intellectual property documents. Control exactly what users can and cannot do with your PDFs while maintaining complete security over your content. With asynchronous request processing and webhook support, you can seamlessly integrate PDF Protection APIs into your automation pipelines.
If you don't want to poll for task status, you can simply provide the webhook data in your request. Instead of manually checking status, we will automatically notify your endpoint the moment the task processing is completed.
destroy parameter, your files are permanently wiped from our servers immediately after processing finishes, ensuring complete data security. If destroy is not set, files are retained up to 30 days based on user's plan.We don't compromise on security. All PDFs uses industry standard 256-bit AES encryption, providing enterprise-grade security for your PDF files making them virtually impossible to crack without the correct credentials. Your documents are protected with the same encryption standards used by financial institutions and government agencies worldwide.
Implement flexible security policies with distinct "User" and "Owner" passwords. User passwords restrict document opening, while owner passwords control who can modify security settings and restrictions. You get full flexibility to implement your security requirements.
Apply specific restrictions to prevent copying, printing, editing, form filling and annotation modifications. Control exactly what users can do with your PDFs through distinct restriction types, from blocking high-quality printing to preventing content extraction. This allows you to share documents for viewing while protecting your intellectual property.
Stop unauthorized text and image extraction with content copying restrictions. Perfect for protecting intellectual property, confidential information, and proprietary content from being copied or redistributed without permission.
Handle heavy documents and high-resolution assets with ease. Our API supports a massive 1GB payload size per request, allowing you to process even the largest PDF files without worrying about size restrictions.
$ pip install requestsimport requests
url = "https://api.apifreaks.com/v1.0/pdf/encrypt?user_password=MySecurePass123&owner_password=AdminPass456&output=protected_document"
payload = {}
files=[
('file',('file.pdf',open('/path/to/file.pdf','rb'),'application/pdf'))
]
headers = {
'X-apiKey': 'API-KEY'
}
response = requests.request("POST", url, headers=headers, data=payload, files=files)
print(response.text)
$ pip install requestsimport requests
url = "https://api.apifreaks.com/v1.0/pdf/restrict?restrictions=copy_and_extract_content&user_password=UserPass123&output=restricted_document"
payload = {}
files=[
('file',('file.pdf',open('/path/to/file.pdf','rb'),'application/pdf'))
]
headers = {
'X-apiKey': 'API-KEY'
}
response = requests.request("POST", url, headers=headers, data=payload, files=files)
print(response.text)
Use these endpoints to manage files and check task status.
task_id. The response includes creation and expiry timestamps to help you track result availability, along with specific error details if a task fails. Results are retained for up to 7 days, depending on the operation.file_id. Returns details including file name, size, type, and creation/deletion timestamps. Generated or uploaded files are retained up to 30 days based on user's plan, unless destroy is enabled to delete them immediately. You can use this endpoint to check if the file has expired using its file_id.multipart/form-data request. Each file receives a unique file_id that can be used with the PDF APIs.file_id for uses with the PDF APIs.Encrypt your PDF with password protection by uploading a file directly (multipart upload) or referencing a file_id of a stored file. Set a user password to control who can open the document, and optionally set an owner password for managing restrictions.
# Standard Response { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d", "inputIds": [ "7a9e4b12-f3c8-4d56-b7e1-8c2f9d0a3e6f" ] } # Response with destroy=true (No File IDs as they are deleted right away) { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d" }curl -X POST "https://api.apifreaks.com/v1.0/pdf/encrypt?user_password=MySecurePass123&owner_password=AdminPass456&output=protected_document" \ -H "X-apikey: YOUR_API_KEY" \ -F "file=@/path/to/document.pdf"
Notes:
destroy=true parameter to delete input file after encryption completes (returns only taskId)After submitting a encryption or restriction task, check its progress using the Task Status API with your taskId. The task goes through these statuses: queued, processing, completed, and failed.
# Response (completed) { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d", "status": "completed", "createdAt": "2025-01-26 10:30:00", "outputUrls": [ "https://api.apifreaks.com/v1.0/pdf/resource/download?resource_id=9b2e7f3a-5c8d-4e1b-a6f9-0d3c8e7b2a5f" ], "outputFileId": [ "9b2e7f3a-5c8d-4e1b-a6f9-0d3c8e7b2a5f" ], "inputIds": [ "7a9e4b12-f3c8-4d56-b7e1-8c2f9d0a3e6f" ], "expiresAt": "2025-01-27 10:30:00" } # Response (failed) { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d", "status": "failed", "createdAt": "2025-01-26 10:30:00", "inputIds": [ "7a9e4b12-f3c8-4d56-b7e1-8c2f9d0a3e6f" ], "error": "Invalid PDF File", "message": "The provided file is not a valid PDF file.", "expiresAt": "2025-01-27 10:30:00" }curl -X GET "https://api.apifreaks.com/v1.0/pdf/task-status?task_id=04a06cd5-158d-4191-a45b-6f58249c599d" \ -H "X-apikey: YOUR_API_KEY"
Once the task status shows “completed”, download your protected PDF using the File Download API with the outputFileId from the task status response.
curl -X GET "true?resource_id=9b2e7f3a-5c8d-4e1b-a6f9-0d3c8e7b2a5f" \ -H "X-apikey: YOUR_API_KEY" \ --output protected_document.pdf
Secure your PDF with permission restrictions by uploading a file directly or using a stored file_id. Define specific restrictions to prevent copying, printing, editing, and other actions. Optionally set passwords to enforce these restrictions and control document access.
# Standard Response { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d", "inputIds": [ "7a9e4b12-f3c8-4d56-b7e1-8c2f9d0a3e6f" ] } # Response with destroy=true (No File IDs as they are deleted right away) { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d" }curl -X POST "https://api.apifreaks.com/v1.0/pdf/restrict?restrictions=copy_and_extract_content&restrictions=print_high&restrictions=modify_content&user_password=UserPass123&owner_password=AdminPass456&output=restricted_document" \ -H "X-apikey: YOUR_API_KEY" \ -F "file=@/path/to/document.pdf"
Notes:
restrictions parameter is required and can contain multiple restriction valuesprint_high, print_low, edit_document_assembly, fill_form_fields, edit_annotations, modify_content, copy_and_extract_content, use_accessibility which are explained in the table above.destroy=true parameter to delete input file after restriction completes (returns only taskId)Get automatic notifications when your task completes instead of polling the task status endpoint. Good for event-driven applications and real-time document processing.
Add webhook_urlto your request. We'll send a POST request to this URL when the task finishes (either completed or failed).
See the Complete Webhook Example section below for a full demonstration including custom authorization headers.
Webhook delivery will be attempted up to 3 times. If all retries fail and webhook_failure_notificationis enabled, we'll send an email notification to the requesting user or their organization admin.
Use X-Webhook-Authorization to add a custom header to webhook requests for endpoint security.
Format: Key:Value
Example: If you send Authorization:Bearer token123, the webhook request will include: Authorization: Bearer token123
See the Complete Webhook Example below for a full demonstration.
Here's a complete example showing webhook integration with custom authorization header and failure notifications:
# Response { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d", "inputIds": [ "566dc743-d8fe-4943-8cef-61e5d3d6096c" ] }curl -X 'POST' \ 'https://api.apifreaks.com/v1.0/pdf/restrict?webhook_url=https://yourdomain.com/webhook/pdf-restrict&webhook_failure_notification=true' \ -H 'X-apiKey: YOUR_API_KEY' \ -H 'X-Webhook-Authorization: Authorization:Bearer token123' \ -F 'file=@/path/to/document.pdf'
When your task completes, we send a POST request to your webhook_url with these headers:
| Header | Description |
|---|---|
Content-Type | Always application/json |
X-Signature | HMAC-SHA256 signature of the request body using your API key. Use this to verify the payload is authentic. |
| Custom Header | (If provided) Your custom header from X-Webhook-Authorization |
The webhook payload contains the same response structure as the Task Status API endpoint when checked for the task ID.
Use the X-Signatureheader to verify webhook requests actually came from API Freaks and weren't tampered with.
How the signature works:
X-Signature header valueTo verify the webhook:
X-Signature header valueImportant:Don't transform or process the raw request body before verification. Adding whitespace or other formatting creates a different signature and verification will fail.
To use this PDF Protect APIs, API credits are required. Charges apply only for successful queries, defined by a 2xx status code. If a request results in a 4xx or 5xx status code, no credits will be deducted, and any credits already charged will be refunded. In the event of a Task Processing Error, a maximum of 200 credits will be refunded. Surcharges for additional file sizes are non-refundable.
For each successful request, 200 credits will be charged. 1 extra credit will be charged per MB beyond 50 MB.
Utilize the Credits Usage API to efficiently monitor your recent consumption of both one-off and subscription credits. This API provides a streamlined way to track and manage your credit usage, ensuring you stay informed about your remaining balance and can optimize your resource allocation effectively.