Skip to main content
Version: 1.7.1

PDF Security

The 1099/W-2 PDFs contain PII (Personally Identifiable Information) data of the recipients/employees. To make sure that the PII data involved is completely secured, TaxBandits has added additional security to the form PDFs.

The PDF links you get in the Response of RequestDraftPdfUrl and RequestPDFURLs are encrypted, and you will have to decrypt them before downloading.

Decrypt the PDF URLs​

To decrypt the URL, you will need the following parameters.

  1. AWS AccessKey
  2. AWS SecretKey
  3. Base64Key
  4. S3 Bucket Name

All the above values will be available on your TaxBandits console site. Log in to the console site and navigate to Settings >> PDF Credentials

API Credentials

  1. S3 file path - This is the file path you received in the RequestPdfUrls endpoint Response.

    Sample PDF Path you will get in the Response ->


    In the above example, remove the main domain from the file path and include part that starts with “pdfs/ac5df3…..”

Sample Code:

Send the above-listed parameters using a code to decrypt the PDF URL for download. Here is a sample code for NodeJs.

const AWS = require("aws-sdk");// reference library
AWS.config.update({region:"us-east-1"}); // don't change this US-East-01
const s3 = new AWS.S3({
accessKeyId: "<<AWS AccessKey>>",
secretAccessKey: "<<AWS SecretKey>>"
const ssecKey = Buffer.alloc(32, "<<Base64Key>>",'base64') // you can get the key from Taxbandits API Console
var params = {
Key: "<<S3 file path>>",// File path without main domain URL.
Bucket: "<<Bucket Name>>",// Get the Bucket Name from the URL given in the response
SSECustomerAlgorithm: "AES256",
SSECustomerKey: ssecKey
var file = require('fs').createWriteStream('<<samplepdfname.pdf>>');// save the pdf in local