Skip to main content

De-identify PDF

Use this guide to upload a PDF and download a de-identified PDF.

PDF de-identification works best when the PDF contains extractable text. Scanned image-only PDFs are not covered by the current file workflow.

Before You Start

You need:

  • A Custodian Labs API key.
  • The API base URL for your environment.
  • A PDF with selectable or extractable text.
export CUSTODIAN_API_KEY="your_api_key_here"
export CUSTODIAN_API_BASE_URL="<your_api_base_url>"

Upload the PDF

curl -X POST "$CUSTODIAN_API_BASE_URL/api/v1/deidentify/text/proprietary/outputs/pdf" \
-H "X-API-Key: $CUSTODIAN_API_KEY" \
-F "file=@report.pdf" \
-F "domain=General" \
-F "masking_type=transform" \
-F "pii_entities=ALL" \
--output deid_report.pdf

The response is a processed PDF saved as deid_report.pdf.

Use Redaction Instead

curl -X POST "$CUSTODIAN_API_BASE_URL/api/v1/deidentify/text/proprietary/outputs/pdf" \
-H "X-API-Key: $CUSTODIAN_API_KEY" \
-F "file=@report.pdf" \
-F "masking_type=redact" \
--output deid_report.pdf

Use redact when reviewers should clearly see that sensitive values were hidden.

If the Output Does Not Change

Check whether:

  • The PDF contains selectable text.
  • The file is actually a .pdf.
  • The sensitive data categories are supported.
  • pii_entities is too narrow.
  • Your API key has enough remaining usage.

Next Steps