How can I limit source file access to approved users only

You can upload the source pdf document or store it on your server and then pass the link as input into /pdf/docparser or other API endpoint. You can generate one time link for input or protect the link with http username/password, see https://apidocs.pdf.co/ for more information about parameters.

When you upload files to PDF.co the source file is uploaded as temporary file stored under highly randomized name. You can also enable encrypt parameter to enable additional encryption at rest for the file so the link will be more encrypted and signed with a unique signature (consider it as a form of password).

In both ways files are auto removed after 1 hour or you can remove it right away using /file/delete endpoint.