What’s new
POST /api/v1/pdf/render now accepts a settings.security object that
turns on PDF standard-security-handler encryption on the output PDF.
This is the first time gPdf produces an encrypted PDF — previous
releases only emitted plain (or PDF/A) documents.
The shape
{
"settings": {
"security": {
"algorithm": "aes_256",
"open_password": "***",
"owner_password": "***",
"permissions": {
"print": true,
"modify": false,
"copy": false,
"annotate": false,
"fill_forms": true,
"extract_accessibility": true,
"assemble": false,
"print_high_quality": true
}
}
},
"pages": []
}
algorithm—aes_128(default; PDF 1.7 standard-security-handler revision 4, V=4, AESV2 crypt filter) oraes_256(PDF 2.0 revision 6, V=5, AESV3).open_password— required to open the PDF. Omitting it (or sendingnull, empty string, or whitespace-only) means the document isn’t encrypted.owner_password— separate fromopen_password(must differ if both supplied). Provides full owner rights; required whenpermissionsrestricts anything. Enterprise only.permissions— 8 booleans, defaulttrue. Setting any tofalserequiresowner_password. Enterprise only.
Tier policy
| Pro | Enterprise | |
|---|---|---|
| Algorithms | AES-128 only | AES-128 or AES-256 |
open_password |
✓ | ✓ |
owner_password |
— | ✓ |
permissions |
— | ✓ |
Mutual exclusions
settings.security cannot combine with:
settings.profile(PDF/A) — encryption is incompatible with the PDF/A archival contract by spec. Mixing them returnsAPI-002.settings.e_invoice— Factur-X / ZUGFeRD PDFs must remain machine-readable for the embedded XML pipeline. Mixing returnsAPI-002.
Error surface
The new API-002 triggers for invalid settings.security:
- unrecognized
algorithmvalue →API-001with explicit message - password longer than 32 UTF-8 bytes
permissionsprovided withoutowner_password- current token’s xAdmin PDF Policy doesn’t allow the requested algorithm
- combined with
settings.profileorsettings.e_invoice
See the error codes section for the full enumeration.
Where this shows up on the site
/capabilities/— card 10, with an expandable list of all 8 permission bits./pricing/— Pro and Enterprise feature lists each gained one row describing the new security capability./docs/api-reference/—settings.securityis documented under the request reference with the full sub-field table.
Compatibility
settings.security is purely additive — requests that don’t include
it produce exactly the same output bytes as before. Existing
integrations need no changes.