[Solved] Accessing a secure page with a URL endpoint

February 4th, 2019 / by api2pdf /

We sometimes receive support requests asking how API2PDF can access a secure a page on your website when using the wkhtmltopdf/url or chrome/url endpoints as shown below.

A secure page means that it is behind some kind of login wall. When using a URL to PDF endpoint, API2PDF will take your URL that you provided, visit the page, and then render a PDF of the result. However, you run into a problem because API2PDF is not “logged in” to your website. What to do?

Well there isn’t much you can do at this time. Our recommendations are one of the following approaches.

  1. (best approach). Switch to using a /html endpoint. In your code, you can pass the HTML that you would normally render on the secure page, but send that HTML directly to API2PDF and we would render it just the same. This is the most secure method.
  2. Provide some hidden mechanism to bypass the login wall by including a query string parameter with a secret key that only API2PDF has. For example if your page is at some route yourwebsite.com/super-secure-page, you can have API2PDF go to yourwebsite.com/super-secure-page?pdfOnly=58320023434, where if the pdfOnly query parameter matches your secret key, it is clear to show the page. You can make it more secure by generating new keys on the fly, storing them, and only making them valid for a brief amount of time, like one minute. There are similar techniques you can employ here, none of them are as good as the first approach in my opinion.

Hope that helps!

Comments are closed.