Paperplane Docs
  • Welcome to Paperplane
  • Quickstart
  • Setting up an S3 bucket
  • Destinations & API keys
  • API reference
  • Customizing the PDF
  • Webhooks
  • Restricting AWS permissions
  • Guide: Header and footer templates
  • Guide: Styling documents for PDF and printing
  • Guide: Development workflow tips
  • Guide: Securing access to HTML documents
  • Guide: Serving PDFs to users from Amazon S3
  • Code samples
  • Rendering environment info
  • Legacy Docs
    • Setting up an S3 bucket (Legacy API Keys)
Powered by GitBook
On this page
  • Option 1 - HTTP Basic Auth
  • Option 2 - Provide a secret key as a query parameter
  • Option 3 - Use URLs that include a random string

Guide: Securing access to HTML documents

Tips for securing access to your source HTML documents.

PreviousGuide: Development workflow tipsNextGuide: Serving PDFs to users from Amazon S3

Last updated 4 years ago

Paperplane needs to access your source web pages at a publicly accessible URL in order to fetch and convert the web page to a PDF document.

However, your source web pages may contain private or sensitive data. There are three recommended solutions to this problem - you can choose the option that best fits your circumstances.

Option 1 - HTTP Basic Auth

Paperplane can request pages and other assets that use to protect access. To use HTTP Basic Auth, set a username and optionally a password parameter when creating a job.

See the for more information.

Option 2 - Provide a secret key as a query parameter

Another option is to create a secret key, append this as a query parameter to the URLs you send to Paperplane, and then only allow access if the secret key is correct.

If it's not convenient for you to set up HTTP Basic Auth, this is a good alternative method of securing access.

For example, a URL that provides a secret key parameter might look like this:

https://myexampleapp.com/invoices/12345?key=9bbfbbb1-dc29-42eb-bf06-86a95e2cd9da

Option 3 - Use URLs that include a random string

Alternatively you can make the page available at a URL that includes an unguessable random string such as a . UUID generators are available for all popular languages. This is similar to the schemes that services like Google Drive and Dropbox use to create secure shareable links.

For example, a URL that includes a random UUID might look like this:

https://myexampleapp.com/invoices/53304a6a-2bf4-4028-b8af-aeb7250b4e56

HTTP Basic Authentication
full set of job parameters
UUID v4