CTRL+K
Our Unlock PDF API provides a streamlined solution to programmatically decrypt PDF files and strip away permission limits. Whether you need to recover access to a password-protected archive or remove PDF restrictions to enable printing and editing, our API handles it securely and efficiently. Unlock secured PDFs completely or selectively remove restrictions while keeping the file encrypted.
Ideal for enterprises managing large document repositories, legal teams handling archived contracts, and accounting systems processing password-protected invoices. Remove passwords to migrate documents between systems, unlock restrictions to enable collaboration features, or batch decrypt files for automated processing. With asynchronous request processing and webhook support, integrate seamlessly in your workflows.
If you don't want to poll for task status, you can simply provide the webhook data in your request. Instead of manually checking status, we will automatically notify your endpoint the moment the task processing is completed.
destroy parameter, your files are permanently wiped from our servers immediately after processing finishes, ensuring complete data security. If destroy is not set, files are retained up to 30 days based on user's plan.Remove all security from PDF files including both user passwords and owner passwords using our decrypt endpoint. This creates a completely open PDF with no encryption or restrictions, perfect for authorized document processing and content extraction workflows.
Our API strips permission restrictions while keeping file passwords intact, allowing you to reset security policies without compromising encryption. Perfect for updating legacy document permissions or enabling full access for authorized users.
Handle heavy documents and high-resolution assets with ease. Our API supports a massive 1GB payload size per request, allowing you to process even the largest PDF files without worrying about size restrictions.
$ pip install requests
Removes all encryption and restrictions from a PDF file, creating a completely open document.
File uploads must use multipart/form-data format. PDF API accepts a single file upload.
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| file | No | multipart/form-data | - | The PDF file to process. Only used if you're uploading a file instead of using file_id. |
Input Priority Rule:
If both file and file_id are provided, the multipart file upload takes priority and file_id is ignored.
All parameters must be included as query parameters. Any parameters sent in the form data will be ignored.
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| file_password | Yes | String | - | Password to unlock the input file if it's protected. Either the owner or user password can be provided. The owner password takes precedence. |
| file_id | No | String | - | The unique ID of a file already present on our server. Use this instead of uploading the file again. |
| output | No | String | decrypted_output | Name of the output PDF (without extension). |
| destroy | No | Boolean | false | If true, we delete the input file immediately after generating the output. |
$ pip install requests
Which endpoint should I use?
/pdf/decrypt to remove all security (passwords + restrictions) and create a completely open PDF/pdf/unrestrict to remove only restrictions while keeping password protection intactRemoves permission restrictions while maintaining password protection. Allows you to set new passwords while removing restrictions.
File uploads must use multipart/form-data format. PDF API accepts a single file upload.
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| file | No | multipart/form-data | - | The PDF file to process. Only used if you're uploading a file instead of using file_id. |
Input Priority Rule:
If both file and file_id are provided, the multipart file upload takes priority and file_id is ignored.
Query parameters
All parameters must be included as query parameters. Any parameters sent in the form data will be ignored.
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| file_password | Yes | String | - | Password to unlock the input file. Either the owner or user password can be provided. The owner password takes precedence. |
| user_password | No | String | - | Set new user password for the PDF file. Password must be between 6 and 128 characters. Either user_password or owner_password must be provided. |
| owner_password | No | String | - | Set new owner password for the PDF file. Password must be between 6 and 128 characters. If only owner_password is provided, it will be used as both owner and user password. |
| file_id | No | String | - | The unique ID of a file already present on our server. Use this instead of uploading the file again. |
| output | No | String | unrestricted_output | Name of the output PDF (without extension). |
| destroy | No | Boolean | false | If true, we delete the input file immediately after generating the output. |
Note:
For unrestrict endpoint, either user_password or owner_password must be provided. Both cannot be absent.
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| webhook_url | No | String | - | The URL where we'll send the webhook notification after the task completes. Authentication parameters in the URL (e.g., ?auth=token123) are passed as-is. |
| webhook_failure_notification | No | Boolean | false | If true, we'll send an email notification if the webhook request fails after 3 retries. The email goes to the requesting user or their org admin if user is part of an organization. |
| Header | Required | Type | Default | Description |
|---|---|---|---|---|
| X-Webhook-Authorization | No | String | - | Custom authorization header sent with the webhook request. Format: Key:Value (e.g., Authorization:Bearer token123). |
Explore detailed response fields including field names, data types, requirements, and descriptions in the interactive Response Tables below. For PDF Decrypt API click here, and for PDF Unrestrict API click here.
Use these endpoints to manage files and check task status.
task_id. The response includes creation and expiry timestamps to help you track result availability, along with specific error details if a task fails. Results are retained for up to 7 days, depending on the operation.file_id. Returns details including file name, size, type, and creation/deletion timestamps. Generated or uploaded files are retained up to 30 days based on user's plan, unless destroy is enabled to delete them immediately. You can use this endpoint to check if the file has expired using its file_id.multipart/form-data request. Each file receives a unique file_id that can be used with the PDF APIs.file_id for uses with the PDF APIs.| HTTP Status | Reasons |
|---|---|
| 400 | Invalid PDF File: Please provide a valid PDF file. We don't support other types. |
| 400 | Missing File or ID: You must provide either a file or a file ID. |
| 400 | Invalid Parameter: The value for 'param_name' is invalid. |
| 400 | Missing PDF Password Exception: Please provide a password for security operations. |
| 400 | Missing PDF Password Exception: Please provide a file password for security operations. |
| 400 | Weak Password Provided: Please provide a strong password. Refer to the documentation for password requirements. |
| 404 | File ID Not Found: Please provide a valid file ID. |
| 500 | File Saving Exception: An unknown error occurred while saving. Try again later. |
| 500 | Internal Server Error: Internal Server Error Occurred. |
| HTTP Status | Reasons |
|---|---|
| 400 | Invalid PDF File: Please provide a valid PDF file. We don't support other types. |
| 400 | Missing File or ID: You must provide either a file or a file ID. |
| 400 | Invalid Parameter: The value for 'param_name' is invalid. |
| 400 | Weak Password Provided: Please provide a strong password. Refer to the documentation for password requirements. |
| 400 | Missing PDF Password Exception: Please provide either a user password or an owner password for security operations. |
| 400 | Missing PDF Password Exception: Please provide a password for security operations. |
| 400 | Missing PDF Password Exception: Please provide a file password for security operations. |
| 404 | File ID Not Found: Please provide a valid file ID. |
| 500 | File Saving Exception: An unknown error occurred while saving. Try again later. |
| 500 | Internal Server Error: Internal Server Error Occurred. |
These errors might appear in the task-status response if the background job fails.
| Error | Description |
|---|---|
Invalid PDF File | The provided file is not a valid PDF file. |
Invalid File Password | Please provide the correct file password for security operations. Refer to documentation for valid password selection. |
Missing Owner Password | Please provide an owner password for security operations. You have provided a user password which is not valid for this operation. |
File Saving Exception | An unknown error occurred while saving the file. Try again later. |
PDF Generation Exception | An unknown error occurred while generating the PDF. Try again later. |
Internal Server Error | Internal Server Error Occurred. |
Decrypt your PDF to remove all security including passwords and restrictions by uploading a file directly (multipart upload) or referencing a file_id of a stored file. Provide the file password (user or owner password) to unlock and decrypt the document.
# Standard Response { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d", "inputIds": [ "7a9e4b12-f3c8-4d56-b7e1-8c2f9d0a3e6f" ] } # Response with destroy=true (No File IDs as they are deleted right away) { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d" }curl -X 'POST' \ 'https://api.apifreaks.com/v1.0/pdf/decrypt?file_password=CurrentPassword123&output=unlocked_document' \ -H 'X-apiKey: YOUR_API_KEY' \ -F 'file=@/path/to/protected.pdf'
Notes:
file_password parameter is required to unlock the protected PDFdestroy=true parameter to delete input file after decryption completes (returns only taskId)After submitting a decrypt or unrestrict task, check its progress using the Task Status API with your taskId. The task goes through these statuses: queued, processing, completed, and failed.
# Response (completed) { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d", "status": "completed", "outputFileId": "9b2e7f3a-5c8d-4e1b-a6f9-0d3c8e7b2a5f", "outputFileName": "processed_document.pdf", "createdAt": "2025-01-26 10:30:00", "expiresAt": "2025-01-27 10:30:00" } # Response (failed) { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d", "status": "failed", "error": "Invalid PDF File", "message": "The provided file is not a valid PDF file.", "createdAt": "2025-01-26 10:30:00" }curl -X GET "https://api.apifreaks.com/v1.0/pdf/task-status?taskId=04a06cd5-158d-4191-a45b-6f58249c599d" \ -H "X-apikey: YOUR_API_KEY"
Once the task status shows “completed”, download your decrypted PDF using the File Download API with the outputFileId from the task status response.
curl -X GET "https://api.apifreaks.com/v1.0/pdf/download?fileId=9b2e7f3a-5c8d-4e1b-a6f9-0d3c8e7b2a5f" \ -H "X-apikey: YOUR_API_KEY" \ --output output.pdf
Remove permission restrictions from your PDF while optionally setting new passwords by uploading a file directly or using a stored file_id. This keeps the PDF encrypted but removes restrictions like copy protection, print blocking, or edit prevention.
# Standard Response { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d", "inputIds": [ "7a9e4b12-f3c8-4d56-b7e1-8c2f9d0a3e6f" ] } # Response with destroy=true (No File IDs as they are deleted right away) { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d" }curl -X 'POST' \ 'https://api.apifreaks.com/v1.0/pdf/unrestrict?file_password=CurrentPassword123&user_password=NewUserPass456&owner_password=NewOwnerPass789&output=unrestricted_document' \ -H 'X-apiKey: YOUR_API_KEY' \ -F 'file=@/path/to/restricted.pdf'
Notes:
file_password parameter is required to unlock the protected PDFuser_password or owner_password must be provided for the output PDF (both cannot be absent)owner_password is provided, it will be used as both owner and user passworddestroy=true parameter to delete input file after processing completes (returns only taskId)Get automatic notifications when your task completes instead of polling the task status endpoint. Good for event-driven applications and real-time document processing.
Add webhook_url to your request. We'll send a POST request to this URL when the task finishes (either completed or failed).
Example Request:
# Response { "taskId": "04a06cd5-158d-4191-a45b-6f58249c599d", "inputIds": [ "566dc743-d8fe-4943-8cef-61e5d3d6096c" ] }curl -X 'POST' \ 'https://api.apifreaks.com/v1.0/pdf/decrypt?webhook_url=https://yourdomain.com/webhook/pdf-decrypt&webhook_failure_notification=true&file_password=CurrentPassword123&output=unlocked_document' \ -H 'X-apiKey: YOUR_API_KEY' \ -F 'file=@/path/to/protected.pdf'
Webhook delivery will be attempted up to 3 times. If all retries fail and webhook_failure_notification is enabled, we'll send an email notification to the requesting user or their organization admin.
Use X-Webhook-Authorization to add a custom header to webhook requests for endpoint security.
Format: Key:Value
Example: If you send Authorization:Bearer token123, the webhook request will include: Authorization: Bearer token123
Example with custom authorization:
curl -X 'POST' \ 'https://api.apifreaks.com/v1.0/pdf/decrypt?webhook_url=https://yourdomain.com/webhook/pdf-decrypt&webhook_failure_notification=true' \ -H 'X-apiKey: YOUR_API_KEY' \ -H 'X-Webhook-Authorization: Authorization:Bearer token123' \ -F 'file=@/path/to/document.pdf'
When your task completes, we send a POST request to your webhook_url with these headers:
| Header | Description | Example |
|---|---|---|
Content-Type | Always application/json | application/json |
X-Signature | HMAC-SHA256 signature of the request body using your API key. Use this to verify the payload is authentic. | 4a7d1ed414474e4033ac29ccb8653d9b |
| Custom Header | (If provided) Your custom header from X-Webhook-Authorization | Authorization: Bearer token123 |
The webhook payload contains the same response structure as the Task Status API endpoint when checked for the task ID. For a comprehensive view of the webhook response structure and detailed field descriptions, explore the interactive Response Table.
Use the X-Signature header to verify webhook requests actually came from API Freaks and weren't tampered with.
How the signature works:
X-Signature header valueTo verify the webhook:
X-Signature header valueImportant: Don't transform or process the raw request body before verification. Adding whitespace or other formatting creates a different signature and verification will fail.
To use the Unlock PDF APIs, API credits are required. Charges apply only for successful queries, defined by a 2xx status code. If a request results in a 4xx or 5xx status code, no credits will be deducted, and any credits already charged will be refunded.
For each successful request, 200 credit will be charged. 1 extra credit will be charged per MB beyond 50 MB.
Utilize the Credits Usage API to efficiently monitor your recent consumption of both one-off and subscription credits. This API provides a streamlined way to track and manage your credit usage, ensuring you stay informed about your remaining balance and can optimize your resource allocation effectively.