guideExport to PDF On-Premises authorization

Export to PDF On-Premises can be run in two modes:

  • private – with authorization – the requests must have a header with a JWT (JSON Web Token)
  • public – without authorization – the requests don’t need to have a token

By default the public mode without authorization is enabled.

# Private

In this mode all requests must have a header with a token signed by the SECRET_KEY.
The token should be passed as a value of the Authorization header for each request sent to the PDF Converter REST API.

To enable authorization, set SECRET_KEY environment variable during the installation.

Plugins for CKEditor 4 and CKEditor 5 will automatically set the Authorization header. To configure the plugin you should set the address to the a token endpoint. You can find an example of a token endpoint here.
Tokens for the PDF Converter don’t require any additional claims like environment ID (which is specific for CKEditor Cloud Services On-Premises) so you can create the token with empty payload.

# Public

In this mode, the requests do not need to have a token, so it does not require any additional mechanisms. However, we recommend using this mode only when running Export to PDF On-Premises in a private network.