Encrypt PDFs
Encrypts one or more PDF files with a user and/or owner password, and optionally restricts document permissions.
See the PDF Engines module configuration for engine selection flags.
Set passwords and permissions to control PDF access. The user password is required to open the PDF. The owner password grants full access and lifts the permission restrictions; when empty, it defaults to the user password.
Since 8.34.0, an owner password alone produces an owner-only PDF: it opens without a password, but the document permissions apply. Permission restrictions require a userPassword or an ownerPassword, otherwise Gotenberg returns 400 Bad Request. Restrictions are advisory: viewers honor them, but they are not cryptographically enforced once the document opens.
Encryption strength (e.g., AES-256) and permission handling depend on the active PDF engine: QPDF honors each permission individually, pdfcpu restricts all permissions if any one is denied, and PDFtk supports neither owner-only encryption nor permission restrictions. See PDF Engines module configuration.
Basics
truetruetruetruetruetruecurl \
--request POST http://localhost:3000/forms/pdfengines/encrypt \
--form files=@/path/to/file.pdf \
--form userPassword=open \
--form ownerPassword=manage \
--form allowCopying=false \
-o my.pdf
- 200
- 400
- 503
Content-Disposition: attachment; filename={output-filename.ext}
Content-Type: {content-type}
Content-Length: {content-length}
Gotenberg-Trace: {trace}
Body: {output-file}
Content-Type: text/plain; charset=UTF-8
Gotenberg-Trace: {trace}
Body: {error}
Content-Type: text/plain; charset=UTF-8
Gotenberg-Trace: {trace}
Body: {error}
What's Next?
Monitor your instance with the health check, or deliver results asynchronously with webhooks.