Authentication
Required headers
All endpoints (except /health and this page) require the API key. Session endpoints additionally require X-Session-Token (returned on session create). For encrypted PDFs pass X-Pdf-Key.
curl -H "X-Api-Key: your-key" \ -H "X-Pdf-Key: pdf-password" \ -H "X-Session-Token: <token>" \ https://formsonfire.corncreeker.com/...
Input formats
Every endpoint accepts both multipart/form-data and application/json with base64-encoded PDFs. Encrypted PDFs are auto-decrypted via X-Pdf-Key or PDF_KEY_DEFAULT.
# multipart file=@document.pdf # JSON base64 "pdf": "JVBERi0x..." "password": "optional"
Endpoints
Extract metadata from a PDF — title, author, page count, creation date and more.
Inspect all form fields in a PDF — name, type, current value and options.
Fill form fields by name. Supports text, checkboxes, radio buttons and dropdowns. Optional formulas object for server-side calculations (topological sort, no eval). Optional overrideReadOnly to write XFA computed fields. Returns calculatedFields when formulas used.
Flatten a filled PDF — converts form fields into static content, making the document non-editable.
Create a blank PDF, optionally with custom text content. Returns a new PDF document.
Merge multiple PDFs into a single document. Send multiple files or a base64 array.
Generate a structured PDF form from a JSON schema — define pages, fields, layout and types declaratively.
Set PDF document metadata fields (title, author, subject, keywords, creator, producer). Partial updates supported — only provided fields are changed. Works on encrypted PDFs via auto-decrypt.
Embed a JSON object as XMP metadata into a PDF using a custom namespace. Non-destructive — content is untouched.
Read back the embedded JSON metadata from a PDF's XMP stream. Returns the original JSON object.
Check which signature fields in a PDF are signed. Returns per-field status and an allSigned boolean. Optional ?fieldPattern= query param to match custom field names.
Render a PDF page as a PNG image. Returns the image as base64. Optional ?page= query param (default: 1).
List all embedded file attachments in a PDF — returns filename and size for each. Attachments are separate from XMP metadata.
Read a named embedded file attachment from a PDF. Returns the file content as base64. Required: filename.
Embed a file as a PDF attachment (upsert — replaces if name already exists). Mime-type is guessed from file extension. Returns updated PDF.
Health check endpoint. No API key required. Returns {"status":"ok"}.
Session Pipeline — stateful multi-step workflow
Load a PDF once, fill in multiple steps, finalize at the end — no base64 ping-pong. Every session is tenant-isolated via a one-time X-Session-Token.
Upload a PDF to create a new session. Returns a unique sessionId and a one-time sessionToken — keep it, it's your key to this session.
Read all form fields from the current session PDF. Same response as /pdf/fields.
Fill fields in the session PDF. Supports formulas and overrideReadOnly. Can be called multiple times. Returns calculatedFields. Does NOT flatten.
Flatten the session PDF (fields → static content) and return the final base64 PDF. Session becomes read-only after this.
Get session status, op history and current PDF. Useful for debugging multi-step workflows.
Discard a session and free its memory. Good practice after finalize.
Ops & Monitoring
In-memory structured operation log with suspicious-pattern detection. Resets on restart. Max 500 entries (configurable via OP_LOG_MAX_ENTRIES).
Aggregated stats: total ops, count by operation type, suspicious call count and the last 10 suspicious entries.
Filterable operation log. Query params: ?op=fill, ?suspicious=true, ?limit=20, ?since=ISO.
Clear the in-memory log store. Useful before a test run to get a clean baseline.