Password Protecting PDF Files using Power Automate For Desktop and PDF.co

Power Automate For Desktop is a great tool for automating mundane tasks and improving productivity. It comes inbuilt with Windows 11 and can be installed for Windows 10 from Windows Store.

Power Automate comes with many in-built features to work with Files, Email, Text, etc. It also contains basic features to work with PDFs such as Extracting various information from PDFs, Merging PDFs, etc.

Power Automate Tutorial

What Do We Want to Build Here?

In this sample, we will automate password-protecting PDF files from one folder. We’ll have input PDF files in one folder named “Input PDF” and an output folder named “Password Protected PDF”. As the name suggests we would like to store the resulting password-protected files in this folder.

Power Automate Guide

Logically we should be doing the following:

  1. Loop through all PDF files in the “Input PDF” folder
  2. Password Protect each file
  3. Store the resulting file in the “Password-Protected PDF” folder

Here, we have inbuilt actions which enable us to get all files from a specific folder and loop through its contents. However, we don’t have any native action to password protect PDF.

Hence, coming to the next question.

How Will We Add a Password to PDF?

Well, we can’t do it natively; hence we need to find an out-of-box solution for it. Unlike cloud-based Power Automate (previously flow), desktop solutions don’t have connectors.

That leaves us with only one solution, to use an external Web API. We’ll be using PDF.co here. PDF.co provides excellent API Endpoints for PDF-related functionality. Please refer to the documentation for more details.

PDF.co Endpoints requires an API Key passed in the header for authentication purposes. Upon signing up with PDF.co, we’ll receive this API Key.

Interesting, right? Let’s get started!

Step-by-Step Guide

  1. Create New Flow
  2. Get Files in Folder
  3. Loop through All Files
  4. Declare Input Variables
  5. Invoke PDF.co Web Service to Get Presigned URL for File Upload
  6. Perform Actual File Upload to the Returned Presigned URL
  7. PDF.co API Call to Password Protect This File
  8. Download Returned URL

Step 1: Create New Flow

We’ll start with creating a new flow named “PDF Password Protect”.

Power Automate Password-Protection

Step 2: Get Files in Folder

Our first step is to get all PDF files from the source folder. For this, we’ll be adding the “Get files in folder” action.

Get Files in Folder

Here, we’ve done the following configurations.

Folder Source folder path
File Format *.pdf
Output Variable Named as “Files”

After the execution of this step, we’ll have a collection of all PDF files. Just like we wanted!

Step 3: Loop through All Files

Now that we have all PDF Files, we’ll be iterating through each file for further processing. For this purpose, we’ll add the “For each” loop. This can be found under the “Loops” folder.

For Each Loop

This “For each” loop will look like this.

Power Automate Execution

The configuration for this “For each” loop is as follows.

Automation Tutorial

We’re selecting the parameter “Value to iterate”, with the variable “Files” (the result of the previous action). This can be done by adding the “{x}” icon on the right.

Also, we’re storing an output variable named “CurrentItem”. This “CurrentItem” will refer to the current file iteration.

Here onwards, we’ll be adding all actions within the “For each” loop itself. This variable “CurrentItem” will be used to reference the current file.

Step 4: Declare Input Variables

We’ll create two input variables.

Input Variables

PDF_Password Will be used as the password for output files.
PDFcoAPIKey Refers to PDF.co API Key. This API key is essential for authenticating PDF.co requests.

Variables can be created by clicking the round-plus icon right from the panel title.

Adding Password to PDF

Step 5: Invoke PDF.co Web Service to Get Presigned URL for File Upload

In this step, we’ll be calling PDF.co Endpoint “get-presigned-url” which will return the URL to file upload as well output URL. PDF.co requires a public URL of an input file in order to process them.

Since we need local PDF files to be processed, we’ll be uploading them to the PDF.co cloud. Files will be there only for a short duration and will be deleted afterward.

The action to call the rest web service is “Invoke web Service”, which is under the “HTTP” side menu.

Invoke Web Service

We’ve configured this web service as below.

Power Automate Integration

This is a GET request with an endpoint URL as “https://api.pdf.co/v1/file/upload/get-presigned-url”. This URL also contains a query string parameter for the file name.

Along with this, we’re passing custom header information with PDF.co API Key. Here, we’re using the input variable `PDFcoAPIKey`.

x-api-key: %PDFcoAPIKey%

Apart from this, we’re saving response to a variable named “presigned_output”.

Output stored in this variable will be in JSON format, as shown below. Output parameter “presignedUrl” contains a URL where the actual file needs to be uploaded. Whereas, the “URL” parameter refers to the PDF.co cloud public URL of the uploaded file.

{
    "presignedUrl": "https://pdf-temp-files.s3.us-west-2.amazonaws.com/d3cfc1a155964e8495fe93a05afa0570/test.pdf?X-Amz-Expires=900&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIZJDPLX6D7EHVCKA/20220406/us-west-2/s3/aws4_request&X-Amz-Date=20220406T095510Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b922b20c61ed12d6fc1049ad44beb103c116462b36ac09de652d850220f74243",
    "url": "https://pdf-temp-files.s3.amazonaws.com/d3cfc1a155964e8495fe93a05afa0570/test.pdf",
    "error": false,
    "status": 200,
    "name": "test.pdf",
    "credits": 7,
    "duration": 285,
    "remainingCredits": 830573
}

Since the response stored in “presigned_output” is in JSON string format, we need to convert it to a custom object.

For that, we need to add a new action named “Convert JSON to custom object”.

Convert JSON to Custom Object

In this action, we’re configuring the JSON parameter with the variable “presigned_output”.

JSON Output

Also, the output variable “PresignedJsonAsCustomObject” is generated.

Now, whenever we need to access a pre-signed URL response; we only need to refer to this variable. For example, to access the URL property of JSON, we can use the “PresignedJsonAsCustomObject.url” property.

Step 6: Perform Actual File Upload to the Returned Presigned URL

Now that we have the presigned URL from PDF.co, it’s time to upload the actual file to it with a PUT request. Unfortunately, Power Automate Desktop has no native action, to upload byte-array to PUT request. Hence, we need to execute the PowerShell script action which will perform file upload.

We’ll be using the “Run PowerShell script” action here, as shown below.

This action is configured to execute the following PowerShell code.

# 2. UPLOAD THE FILE TO CLOUD.
$r = Invoke-WebRequest -Method Put -Headers @{ "x-api-key" ="%PDFcoAPIKey%"; "content-type" = "application/octet-stream" } -InFile '%CurrentItem%' -Uri '%PresignedJsonAsCustomObject.presignedUrl%'

Run PowerShell Script

This code does file upload to a pre-signed URL using a PUT request. Interesting and powerful stuff, right?

Step 7: PDF.co API Call to Password Protect This File

Until this step, we have our input PDF file uploaded to the PDF.co server; and we already have its temporary public URL when we called GET request for a pre-signed URL. It’s time to call another PDF.co endpoint to password protect this file.

For this, we’ll be configuring another “Invoke web service” action.
PDF.co API Call to Password Protect This File

Let’s see the configuration of this action.
Action Configuration

The URL parameter is set to “https://api.pdf.co/v1/pdf/security/add”. This pdf.co endpoint adds password and other security to an input PDF document.

The method is set to “POST”, and it has accepted as well content-type parameter set to “application/json”.

We’re passing the PDF.co API key in the custom header with the following value.

x-api-key: %PDFcoAPIKey%

The request body is set to the following.

{
    "url": "%PresignedJsonAsCustomObject.url%",
    "ownerPassword": "%PDF_Password%",
    "userPassword": "%PDF_Password%",
    "EncryptionAlgorithm": "AES_128bit",
    "AllowPrintDocument": false,
    "AllowFillForms": false,
    "AllowModifyDocument": false,
    "AllowContentExtraction": false,
    "AllowModifyAnnotations": false,
    "PrintQuality": "LowResolution",
    "encrypt": false,
    "name": "output-protected.pdf",
    "async": false
}

Please note, we’re setting the “URL” parameter with a pre-signed JSON object’s variable “PresignedJsonAsCustomObject.url”. Also, “ownerPassword” and “userPassword” are set to the “PDF_Password” variable.

Rest are the additional parameters such as encryption algorithm, print quality, etc. Please refer to PDF.co documentation for more information.

The important thing to note here, we’re turning off the “Encode request body” switch in advanced settings.

Encode Request Body

We’re storing the output of this action to the variable, “PasswordProtect_Response”.

Password Protect Response

This variable will contain a JSON string. The response will be in the following format.

{
    "url": "https://pdf-temp-files.s3.amazonaws.com/f4ba970299d64ccfaac74fe8c72faa21/output-protected.pdf",
    "pageCount": 1,
    "error": false,
    "status": 200,
    "name": "output-protected.pdf",
    "credits": 3,
    "duration": 562,
    "remainingCredits": 830570
}

In this response, “URL” parameter refers to the protected output file.

Next, we’ll be creating an action “Convert JSON to custom object” and create a JSON object for this variable “PasswordProtect_Response”. It’ll look like this.

Convert JSON

Password Protect Parameters

Now that we’ve configured the JSON object; we can refer to the password-protected file URL with the parameter “PasswordProtect_Response_Object.url”.

Step 8: Download Returned URL

In this last step, we’ll be simply downloading the file from the output URL. We’ll be using the “Download from web” action for this.
Download File

Let’s see its configuration.

Web Configuration

“URL” parameter is set to the variable “PasswordProtect_Response_Object.url”, which in turn contains a protected file URL.

This response is being saved to disk, and also the destination folder is specified. Upon execution of this action, it’ll save the output PDF to the destination folder.

Demo Video

For a more interactive learning session, please refer to the following video.

Summary

As we have observed, it’s that easy to consume PDF.co web API with Power Automate for desktop. PDF.co offers many more endpoints, and they can be configured in a similar way.

I hope this article is useful. Please try this on your machine! Thank you!