Guide: Securing access to HTML documents

ND
Last updated 6 months ago

Tips for securing access to your source HTML documents.

Paperplane needs to access your source web pages at a publicly accessible URL in order to fetch and convert the web page to a PDF document.

However, your source web pages may contain private or sensitive data. There are two recommended solutions to this problem.

Option 1 - Provide a secret key as a query parameter

The simplest solution is to create a secret key, append this as a query parameter to the URLs you send to Paperplane, and then only allow access if the secret key is correct.

For example, a URL that provides a secret key parameter might look like this:

https://myexampleapp.com/invoices/12345?key=9bbfbbb1-dc29-42eb-bf06-86a95e2cd9da

Option 2 - Use URLs that include a random string

Alternatively you can make the page available at a URL that includes an unguessable random string such as a UUID v4. UUID generators are available for all popular languages. This is similar to the schemes that services like Google Drive and Dropbox use to create secure shareable links.

For example, a URL that includes a random UUID might look like this:

https://myexampleapp.com/invoices/53304a6a-2bf4-4028-b8af-aeb7250b4e56

In the future it is likely that Paperplane will also support username and password authentication as a way of securing your pages. Please contact us if you’re interested in this feature.