Link Search Menu Expand Document

PDF.co response links are broken

After 15 June 2022 to improve the security of the platform, output links will become much longer by default. New links are longer but provide additional layer of the security.

Please review the information below to make sure that your app or integration will continue to run properly after this change:

Note: If you use Zapier, Integromat, UiPath or another plugin then in most cases you won’t notice this change.

Old - highly randomized output link (with encrypt=false, up to 150 characters in most cases):

https:// pdf-temp-files.s3.us-west-2.amazonaws.com/AVOAW8SKCG2KO8X8Y7HTFSRZRYPLCNZ2/result.pdf

New - highly randomized and signed output link (2,000+ chars length, equal to encrypt=true):

https:// pdf-temp-files.s3.us-west-2.amazonaws.com/AVOAW8SKCG2KO8X8Y7HTFSRZRYPLCNZ2/result.pdf?X-Amz-Expires=3600&X-Amz-Security-Token=FwoGZXIvYXdzEHMaDL61FzxjG0uSGVGBlSKBAaTI5leR6n0GpK7rZPnqDsuMCX7jj6T%2FfMqMhRjlXGTHk1NWNARHt%2
B%2B6IZXjwmT%2FsH3deSLD%2FDLU4p4P6JLQk68Fn%2BHmnPX%2F3rQWU0iLiYpyGUDksjXzgI%2B2dymSr7UyF2IIsKOh3F9uwQCM
s8TsQz9GQoM5wBNblZ%2FSp7nvw8N1FSjZiOKUBjIoTIWor5F7AmClCtMLw%2BL7TfF9dOB3DPCgZkKAaTJ4AkTd7wWjTkP23A%3D%3D&X
Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA4NRRSZPHOWNDWVHG/20220602/us-west-2/s3/aws4_request&X-Amz
Date=20220602T093521Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f2e384b056bdd5a6c1afd91c1d6961b11a9751e02980e986392b19985b6cd815

You can test new long links by setting encrypt parameter to true in your app or script. New long links are similar to having encrypt parameter always set to true.

Why we need to change this?

  • Signed links provide additional layer of protection, new embedded signatures for links are powered by SHA 256-bit algorithm and Amazon AWS powered security mechanism for links expiration;
  • Expiration for output links can be controlled more precisely up to 1 minute (for example, you can set expiration=1 to expire output link in just 1 minute);

Following are the other common reasons for broken output links.

By default PDF.co response links are accessible for 1 hour. After that duration, the file is removed from PDF.co cloud and links are expired.

However, one can adjust expiration parameters on request as per requirement.

Async Job is created and it’s success status is not checked

All PDF.co requests can be executed in asynchronous mode by setting async parameter value to true. This asynchronous request returns a jobId as well as an output URL in response.

Now, This URL won’t be ready and publicly accessible unless the job is checked by job/check request and it has success status.

API response does not pass through JSON parser/decoder

Most of the request clients have a built-in JSON parser/decoder. For security reasons, PDF.co response by-default contains the encrypted file url link this.

{
    "url": "https://pdf-temp-files.s3.us-west-2.amazonaws.com/D0VXAHON7B4WALKOVR2NIUM2ERRPPYI3/sample2.pdf?X-Amz-Expires=3600&X-Amz-Security-Token=FwoGZXIvYXdzEK%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDEbAXxnsfmdl03uy1SKCAR%2B1xIlLYex45jB2WWJvynVJZ8l3dQWfQEmMxKIJJWsBexPViHm8HHD5X6zxCTaw7kmtJjfiKwp6QclRO%2BGa9%2B5VYLWEVP5n88%2B1YPeGwHVkD%2F%2FtUUdJ7jZuFJ6TUurGS%2FIdklxFnC2c9XBcEUunp5bnf5PuNLde38SnndtuCK%2B%2B9UAo6bqIlwYyKBbUA7YQZAFVN6XkG%2ByGzjmvq1UI149EBOdhilHaR6EaZlMYnfV1V4s%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA4NRRSZPHPS55AP5S/20220728/us-west-2/s3/aws4_request&X-Amz-Date=20220728T053316Z&X-Amz-SignedHeaders=host&X-Amz-Signature=0c16c754e310e8229f0b5a31f928cc6e432b53ed7d9957dd59b23d4b187c9dfd",

For most scenarios, this URL will be accessible without issue as it’ll be through JSON parser/decoder.

However, when a request is made by clients which does not have built-in JSON parser/decoder (example cURL), it’ll show a raw response and the user might be confused with a link appearing as broken.

For example, a cURL response would be like the following.

{"url":"https://pdf-temp-files.s3.us-west-2.amazonaws.com/D0VXAHON7B4WALKOVR2NIUM2ERRPPYI3/sample2.pdf?X-Amz-Expires=3600\u0026X-Amz-Security-Token=FwoGZXIvYXdzEK%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaDEbAXxnsfmdl03uy1SKCAR%2B1xIlLYex45jB2WWJvynVJZ8l3dQWfQEmMxKIJJWsBexPViHm8HHD5X6zxCTaw7kmtJjfiKwp6QclRO%2BGa9%2B5VYLWEVP5n88%2B1YPeGwHVkD%2F%2FtUUdJ7jZuFJ6TUurGS%2FIdklxFnC2c9XBcEUunp5bnf5PuNLde38SnndtuCK%2B%2B9UAo6bqIlwYyKBbUA7YQZAFVN6XkG%2ByGzjmvq1UI149EBOdhilHaR6EaZlMYnfV1V4s%3D\u0026X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=ASIA4NRRSZPHPS55AP5S/20220728/us-west-2/s3/aws4_request\u0026X-Amz-Date=20220728T053316Z\u0026X-Amz-SignedHeaders=host\u0026X-Amz-Signature=0c16c754e310e8229f0b5a31f928cc6e432b53ed7d9957dd59b23d4b187c9dfd"

Please notice the character ‘\u0026’ in response. Normally after JSON decoding this would be replaced with ‘&’. Now, cURL does not have a built-in JSON parser/decoder and it shows raw responses.If this un-parsed raw link is directly utilized it’ll appear as broken.