PDF Metadata Check

Endpoint Overview

POST /api/v1/pdf-metadata-check/upload

Description

The PDF Metadata Check API analyzes uploaded PDF files to extract metadata and identify potential security risks. This endpoint examines PDF document properties, creation and modification timestamps, encryption status, and detects signs of document manipulation. The service provides a comprehensive risk assessment to help verify document authenticity and integrity.

Key Benefits

Detect potentially manipulated or tampered PDF documents

Extract comprehensive metadata for document verification

Identify security risks with detailed warning indicators

Assess overall document risk level for informed decision-making

Use Cases

Financial Services

Legal & Compliance

HR & Recruitment

Verify authenticity of loan application documents

Validate financial statements for signs of manipulation

Screen submitted invoices and contracts for fraud prevention

Technical Implementation

Authentication

All API requests require authentication using a JWT Bearer token. Authentication follows these steps:

Obtain API Credentials: Register with Surepass to receive your API key.

Generate JWT Token: Use your API key to generate a JWT token.

Include in Requests: Add the token to the Authorization header as Bearer TOKEN.

Different authentication tokens are used for sandbox and production environments:

Sandbox: https://sandbox.surepass.io

Production: https://kyc-api.surepass.io

Request Parameters

Request Headers

Header	Required	Description
Authorization	Yes	Bearer token for authentication (JWT format)
Content-Type	Yes	Must be set to `multipart/form-data`

Request Body

Parameter	Type	Required	Description
file	File (PDF)	Yes	The PDF file to be analyzed

Example Request

POST /api/v1/pdf-metadata-check/upload HTTP/1.1
Host: sandbox.surepass.io
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="file"; filename="document.pdf"
Content-Type: application/pdf

[PDF file binary data]
------WebKitFormBoundary7MA4YWxkTrZu0gW--

Process Response

Response Parameters

Parameter	Type	Description
data	Object	Container for the response data
data.client_id	String	Unique identifier for the PDF metadata check request
data.file_size	String	Size of the PDF file in kilobytes
data.pdf_version	String	PDF version of the uploaded file
data.title	String	Title metadata of the PDF
data.author	String	Author metadata of the PDF
data.creator	String	Application or tool used to create the PDF
data.producer	String	Software that produced the PDF
data.creation_date	String	Date and time when the PDF was created
data.modification_date	String	Date and time when the PDF was last modified
data.is_encrypted	Boolean	Indicates if the PDF is password protected or encrypted
data.risk_level	String	Overall risk level detected for the PDF (low, medium, high)
data.warnings	Array	List of warning objects related to the PDF file
data.warnings[].indicator_id	String	Warning type identifier
data.warnings[].description	String	Warning message details
status_code	Integer	HTTP status code of the response
success	Boolean	Indicates if the request was successful
message	String	Human-readable status message
message_code	String	Machine-readable status code

Example Successful Response

{
    "data": {
        "client_id": "pdf_metadata_check_coaqdGbHeOvdmUdjfpLR",
        "file_size": "656.83",
        "pdf_version": "1.4",
        "title": "",
        "author": "",
        "creator": "",
        "producer": "iText® 5.5.10 ©2000-2015 iText Group NV (AGPL-version)",
        "creation_date": "2021-04-08T12:04:40",
        "modification_date": "2021-04-08T12:07:03",
        "is_encrypted": false,
        "risk_level": "high",
        "warnings": [
            {
                "indicator_id": "modified_metadata",
                "description": "This document was modified after it was created. This could be a sign of manipulation with a PDF editor"
            },
            {
                "indicator_id": "modified_document",
                "description": "This document has been incrementally updated. This is highly atypical for this type of document. This document is likely manipulated"
            }
        ]
    },
    "status_code": 200,
    "success": true,
    "message": "Success",
    "message_code": "success"
}

Possible Error Responses

Authentication Error

Invalid File

File Too Large

{
    "status_code": 401,
    "success": false,
    "message": "Invalid or expired token",
    "message_code": "unauthorized"
}

This error occurs when the JWT token is missing, invalid, or expired.

Integration Best Practices

Security Recommendations

Store JWT tokens securely and never expose them in client-side code

Implement proper error handling for authentication failures

Set appropriate timeouts for API requests to handle network issues

Validate PDF files on the client-side before uploading to improve user experience

User Experience Guidelines

Provide clear feedback to users when a document has a high risk level

Implement a progress indicator during file upload and processing

Display warning messages in a user-friendly format with explanations

Allow users to retry with a different document if issues are detected

Code Samples

cURL

Python

Node.js

Related APIs

Document Verification API: Verify document authenticity with OCR and advanced validation

Document Classification API: Automatically identify document types and extract relevant information

Document Tampering Detection API: Advanced analysis to detect digital and physical document tampering

Compliance and Legal Considerations

When implementing PDF metadata checks, be aware of data privacy regulations such as GDPR, CCPA, or other regional privacy laws. Ensure you have proper consent for document processing and maintain appropriate data retention policies. The metadata extracted may contain personally identifiable information (PII) that requires secure handling and storage.

Provide your bearer token in the

Authorization

header when making requests to protected resources.

Example:

Authorization: Bearer ********************

{ "data": { "client_id": "pdf_metadata_check_coaqdGbHeOvdmUdjfpLR", "file_size": "656.83", "pdf_version": "1.4", "title": "", "author": "", "creator": "", "producer": "iText® 5.5.10 ©2000-2015 iText Group NV (AGPL-version)", "creation_date": "2021-04-08T12:04:40", "modification_date": "2021-04-08T12:07:03", "is_encrypted": false, "risk_level": "high", "warnings": [ { "indicator_id": "modified_metadata", "description": "This document was modified after it was created. This could be a sign of manipulation with a PDF editor" }, { "indicator_id": "modified_document", "description": "This document has been incrementally updated. This is highly atypical for this type of document. This document is likely manipulated" } ] }, "status_code": 200, "success": true, "message": "Success", "message_code": "success" }

PDF Metadata Check

PDF Metadata Check#

Description#

Use Cases#

Technical Implementation#

Request Headers#

Request Body#

Example Request#

Response Parameters#

Example Successful Response#

Possible Error Responses#

Integration Best Practices#

Code Samples#

Request

Responses

PDF Metadata Check

Description

Use Cases

Technical Implementation

Request Headers

Request Body

Example Request

Response Parameters

Example Successful Response

Possible Error Responses

Integration Best Practices

Code Samples