DEV Community: Iurii Rogulia The latest articles on DEV Community by Iurii Rogulia (@iurii_rogulia). https://dev.to/iurii_rogulia https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3561015%2Fd1b53175-2e87-4fa8-9c54-90f6b713141b.jpg DEV Community: Iurii Rogulia https://dev.to/iurii_rogulia en PDF Tamper Detection API for Node.js: Complete Integration Guide Iurii Rogulia Fri, 12 Jun 2026 10:00:37 +0000 https://dev.to/iurii_rogulia/pdf-tamper-detection-api-for-nodejs-complete-integration-guide-5dln https://dev.to/iurii_rogulia/pdf-tamper-detection-api-for-nodejs-complete-integration-guide-5dln <blockquote> <p>Originally published at <a href="https://htpbe.tech/blog/pdf-verification-nodejs-integration-guide" rel="noopener noreferrer">htpbe.tech</a>. The version on htpbe.tech stays in sync with the latest detection algorithm — refer to it for the canonical text.</p> </blockquote> <p>PDF fraud is a backend problem. The fraud happens before your business logic runs — at the moment a user uploads a document your system treats as trustworthy. By the time a human reviewer looks at a bank statement, invoice, or diploma, the data from that document may already have influenced a decision.</p> <p>This guide walks through integrating the <a href="https://htpbe.tech/api" rel="noopener noreferrer">PDF tamper detection API</a> into a Node.js application: from the first curl command to a production-ready TypeScript client with retry logic, typed errors, and an Express middleware layer. All code is complete and working — no pseudocode. (If you want the conceptual overview first, start with <a href="https://htpbe.tech/blog/detect-pdf-tampering-programmatically" rel="noopener noreferrer">How to Detect PDF Tampering Programmatically</a>. If you are using Python instead of Node.js, see the <a href="https://htpbe.tech/blog/pdf-verification-api-python-integration-guide" rel="noopener noreferrer">Python integration guide</a>.)</p> <h2> Prerequisites </h2> <ul> <li>Node.js 18+ (for native <code>fetch</code>)</li> <li>An HTPBE API key (<a href="https://htpbe.tech/api" rel="noopener noreferrer">sign up</a> → Dashboard → copy key)</li> <li>TypeScript 5.0+ (optional but recommended)</li> </ul> <h2> Step 1: Test the API with curl </h2> <p>Before writing any code, confirm your key works. The API uses a two-step flow: POST /analyze submits a PDF URL and returns a check ID, then GET /result/{id} retrieves the full verdict. (For a language-agnostic overview of what the API detects, see <a href="https://htpbe.tech/how" rel="noopener noreferrer">how PDF tamper detection works</a>.)</p> <p><strong>Step 1a — submit for analysis:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST https://api.htpbe.tech/v1/analyze <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer YOUR_API_KEY"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"url": "https://api.htpbe.tech/v1/test/clean.pdf"}'</span> </code></pre> </div> <p>You will receive: <code>{"id": "some-uuid-here"}</code></p> <p><strong>Step 1b — retrieve the result:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl https://api.htpbe.tech/v1/result/YOUR_CHECK_ID <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer YOUR_API_KEY"</span> </code></pre> </div> <p>You will receive a flat JSON object with <code>"status": "intact"</code> and all analysis fields. This confirms authentication works and your network can reach the API.</p> <p>The URL <code>https://api.htpbe.tech/v1/test/clean.pdf</code> is a test mock URL — it returns a predictable response without consuming quota. We will cover all available test URLs in the testing section below.</p> <h2> Step 2: Define Types </h2> <p>Start with the TypeScript interfaces that match the API response structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// POST /analyze response — just the check ID</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">HTPBEAnalyzeResponse</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// GET /result/{id} response — flat object with all analysis fields</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">HTPBEResult</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">filename</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">check_date</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">file_size</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">page_count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Algorithm version tracking</span> <span class="nl">algorithm_version</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">current_algorithm_version</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">outdated_warning</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// Primary verdict</span> <span class="nl">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">intact</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">modified</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">inconclusive</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Only present when status === 'inconclusive' — tells you WHY</span> <span class="nl">status_reason</span><span class="p">?:</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">consumer_software_origin</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">online_editor_origin</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">scanned_document</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">html_renderer_origin</span><span class="dl">'</span><span class="p">;</span> <span class="nl">origin</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">consumer_software</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">institutional</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">unknown</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">online_editor</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">scanned</span><span class="dl">'</span><span class="p">;</span> <span class="nl">software</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="p">};</span> <span class="c1">// Detection results</span> <span class="nl">modification_confidence</span><span class="p">:</span> <span class="dl">'</span><span class="s1">certain</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">high</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">none</span><span class="dl">'</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// Metadata</span> <span class="nl">creator</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">producer</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">creation_date</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// Unix timestamp</span> <span class="nl">modification_date</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// Unix timestamp</span> <span class="nl">pdf_version</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// Metadata analysis</span> <span class="nl">date_sequence_valid</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">metadata_completeness_score</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Structure analysis</span> <span class="nl">xref_count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">has_incremental_updates</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">update_chain_length</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Signature analysis</span> <span class="nl">has_digital_signature</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">signature_count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">signature_removed</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">modifications_after_signature</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="c1">// Content analysis</span> <span class="nl">object_count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">has_javascript</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">has_embedded_files</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="c1">// Findings — stable HTPBE_* marker ids, e.g. ["HTPBE_SIGNATURE_REMOVED"]</span> <span class="nl">modification_markers</span><span class="p">:</span> <span class="kr">string</span><span class="p">[];</span> <span class="p">}</span> <span class="c1">// GET /checks response item — summary with fewer fields than full result</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">HTPBECheckSummary</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">filename</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">check_date</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">intact</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">modified</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">inconclusive</span><span class="dl">'</span><span class="p">;</span> <span class="nl">metadata_completeness_score</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">creator</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">producer</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">file_size</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">page_count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">pdf_version</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">creation_date</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">modification_date</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">has_javascript</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">has_digital_signature</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">has_embedded_files</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">has_incremental_updates</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">update_chain_length</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">object_count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">HTPBEErrorResponse</span> <span class="p">{</span> <span class="nl">error</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">code</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">details</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Two fields deserve a closer look. <code>status_reason</code> is only present when <code>status</code> is <code>inconclusive</code>, and it has four possible values — not one. The difference matters: <code>scanned_document</code> and <code>consumer_software_origin</code> are benign for user-generated content, but <code>html_renderer_origin</code> (a tool like wkhtmltopdf) is used by both legitimate payroll systems and forgery operations producing fake payslips from scratch. Branch on the specific reason, not just on <code>inconclusive</code>.</p> <p><code>modification_markers</code> returns stable machine-readable ids prefixed <code>HTPBE_</code> — for example <code>HTPBE_SIGNATURE_REMOVED</code>, <code>HTPBE_DATES_DISAGREE</code>, <code>HTPBE_MULTIPLE_REVISION_LAYERS</code>, <code>HTPBE_POST_SIGNATURE_EDIT</code>. Branch your integration logic on the id; render the human-readable label from the dictionary published on <a href="https://htpbe.tech/how" rel="noopener noreferrer">htpbe.tech/how</a>. These ids are part of the public contract and never change once shipped.</p> <h2> Step 3: Build the Client Class </h2> <p>Here is a complete <code>HTPBEClient</code> implementation with exponential backoff retry logic, timeout handling, and typed error responses. The client handles the two-step flow internally — callers call <code>verify()</code> and get back the full result:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">class</span> <span class="nc">HTPBEError</span> <span class="kd">extends</span> <span class="nc">Error</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span> <span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="k">public</span> <span class="k">readonly</span> <span class="nx">statusCode</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="k">public</span> <span class="k">readonly</span> <span class="nx">code</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">(</span><span class="nx">message</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">name</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">HTPBEError</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">sleep</span><span class="p">(</span><span class="nx">ms</span><span class="p">:</span> <span class="kr">number</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setTimeout</span><span class="p">(</span><span class="nx">resolve</span><span class="p">,</span> <span class="nx">ms</span><span class="p">));</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">HTPBEClient</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">apiKey</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">baseUrl</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">https://api.htpbe.tech/v1</span><span class="dl">'</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">timeoutMs</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">apiKey</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">options</span><span class="p">:</span> <span class="p">{</span> <span class="nl">timeoutMs</span><span class="p">?:</span> <span class="kr">number</span> <span class="p">}</span> <span class="o">=</span> <span class="p">{})</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">apiKey</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">HTPBE API key is required</span><span class="dl">'</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">apiKey</span> <span class="o">=</span> <span class="nx">apiKey</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">timeoutMs</span> <span class="o">=</span> <span class="nx">options</span><span class="p">.</span><span class="nx">timeoutMs</span> <span class="o">??</span> <span class="mi">30</span><span class="nx">_000</span><span class="p">;</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">verify</span><span class="p">(</span><span class="nx">pdfUrl</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">retries</span> <span class="o">=</span> <span class="mi">3</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">HTPBEResult</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="na">lastError</span><span class="p">:</span> <span class="nx">HTPBEError</span> <span class="o">|</span> <span class="kc">null</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">attempt</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">attempt</span> <span class="o">&lt;</span> <span class="nx">retries</span><span class="p">;</span> <span class="nx">attempt</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">attempt</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Exponential backoff: 1s, 2s, 4s</span> <span class="k">await</span> <span class="nf">sleep</span><span class="p">(</span><span class="nb">Math</span><span class="p">.</span><span class="nf">pow</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="nx">attempt</span> <span class="o">-</span> <span class="mi">1</span><span class="p">)</span> <span class="o">*</span> <span class="mi">1</span><span class="nx">_000</span><span class="p">);</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Step 1: submit the PDF URL, get back a check ID</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">id</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">submitAnalysis</span><span class="p">(</span><span class="nx">pdfUrl</span><span class="p">);</span> <span class="c1">// Step 2: retrieve the full flat result</span> <span class="k">return</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">getResult</span><span class="p">(</span><span class="nx">id</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="p">(</span><span class="nx">err</span> <span class="k">instanceof</span> <span class="nx">HTPBEError</span><span class="p">))</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="c1">// Retry on 5xx and on 429 (server at capacity); never on other 4xx.</span> <span class="c1">// A 402/401/422 will fail identically on retry.</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">statusCode</span> <span class="o">&lt;</span> <span class="mi">500</span> <span class="o">&amp;&amp;</span> <span class="nx">err</span><span class="p">.</span><span class="nx">statusCode</span> <span class="o">!==</span> <span class="mi">429</span><span class="p">)</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="nx">lastError</span> <span class="o">=</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">throw</span> <span class="nx">lastError</span><span class="o">!</span><span class="p">;</span> <span class="p">}</span> <span class="k">private</span> <span class="k">async</span> <span class="nf">submitAnalysis</span><span class="p">(</span><span class="nx">pdfUrl</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">HTPBEAnalyzeResponse</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">controller</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">AbortController</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">timer</span> <span class="o">=</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">controller</span><span class="p">.</span><span class="nf">abort</span><span class="p">(),</span> <span class="k">this</span><span class="p">.</span><span class="nx">timeoutMs</span><span class="p">);</span> <span class="kd">let</span> <span class="na">response</span><span class="p">:</span> <span class="nx">Response</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">baseUrl</span><span class="p">}</span><span class="s2">/analyze`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">apiKey</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="nx">pdfUrl</span> <span class="p">}),</span> <span class="na">signal</span><span class="p">:</span> <span class="nx">controller</span><span class="p">.</span><span class="nx">signal</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">((</span><span class="nx">err</span> <span class="k">as</span> <span class="nb">Error</span><span class="p">).</span><span class="nx">name</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">AbortError</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="s2">`Request timed out after </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">timeoutMs</span><span class="p">}</span><span class="s2">ms`</span><span class="p">,</span> <span class="mi">408</span><span class="p">,</span> <span class="dl">'</span><span class="s1">TIMEOUT</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nf">clearTimeout</span><span class="p">(</span><span class="nx">timer</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">handleErrorResponse</span><span class="p">(</span><span class="nx">response</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">as</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">HTPBEAnalyzeResponse</span><span class="o">&gt;</span><span class="p">;</span> <span class="p">}</span> <span class="k">private</span> <span class="k">async</span> <span class="nf">getResult</span><span class="p">(</span><span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">HTPBEResult</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">controller</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">AbortController</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">timer</span> <span class="o">=</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">controller</span><span class="p">.</span><span class="nf">abort</span><span class="p">(),</span> <span class="k">this</span><span class="p">.</span><span class="nx">timeoutMs</span><span class="p">);</span> <span class="kd">let</span> <span class="na">response</span><span class="p">:</span> <span class="nx">Response</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">baseUrl</span><span class="p">}</span><span class="s2">/result/</span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">apiKey</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="na">signal</span><span class="p">:</span> <span class="nx">controller</span><span class="p">.</span><span class="nx">signal</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">((</span><span class="nx">err</span> <span class="k">as</span> <span class="nb">Error</span><span class="p">).</span><span class="nx">name</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">AbortError</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="s2">`Request timed out after </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">timeoutMs</span><span class="p">}</span><span class="s2">ms`</span><span class="p">,</span> <span class="mi">408</span><span class="p">,</span> <span class="dl">'</span><span class="s1">TIMEOUT</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nf">clearTimeout</span><span class="p">(</span><span class="nx">timer</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">handleErrorResponse</span><span class="p">(</span><span class="nx">response</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">as</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">HTPBEResult</span><span class="o">&gt;</span><span class="p">;</span> <span class="p">}</span> <span class="k">private</span> <span class="k">async</span> <span class="nf">handleErrorResponse</span><span class="p">(</span><span class="nx">response</span><span class="p">:</span> <span class="nx">Response</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">never</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="na">body</span><span class="p">:</span> <span class="nx">HTPBEErrorResponse</span> <span class="o">=</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">response</span><span class="p">.</span><span class="nx">statusText</span><span class="p">,</span> <span class="na">code</span><span class="p">:</span> <span class="dl">'</span><span class="s1">UNKNOWN</span><span class="dl">'</span> <span class="p">};</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">body</span> <span class="o">=</span> <span class="p">(</span><span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="k">as</span> <span class="nx">HTPBEErrorResponse</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="c1">// Body is not JSON — use statusText</span> <span class="p">}</span> <span class="k">switch </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="mi">400</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="s2">`Bad request: </span><span class="p">${</span><span class="nx">body</span><span class="p">.</span><span class="nx">error</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="mi">400</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BAD_REQUEST</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="k">case</span> <span class="mi">401</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Invalid API key. Check your HTPBE_API_KEY environment variable.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">401</span><span class="p">,</span> <span class="dl">'</span><span class="s1">UNAUTHORIZED</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="k">case</span> <span class="mi">402</span><span class="p">:</span> <span class="c1">// No credit source: out of monthly quota, no paid batch, no welcome</span> <span class="c1">// credits — or no active plan on a live key. Top up or subscribe.</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Payment required. No credits available for this key. See htpbe.tech/pricing.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">402</span><span class="p">,</span> <span class="dl">'</span><span class="s1">PAYMENT_REQUIRED</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="k">case</span> <span class="mi">403</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Access forbidden. Your API key may not have permission for this resource.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">403</span><span class="p">,</span> <span class="dl">'</span><span class="s1">FORBIDDEN</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="k">case</span> <span class="mi">404</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Check not found.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">404</span><span class="p">,</span> <span class="dl">'</span><span class="s1">NOT_FOUND</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="k">case</span> <span class="mi">413</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">PDF exceeds the 10 MB size limit.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">413</span><span class="p">,</span> <span class="dl">'</span><span class="s1">FILE_TOO_LARGE</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="k">case</span> <span class="mi">422</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">The URL did not return a valid PDF file.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">422</span><span class="p">,</span> <span class="dl">'</span><span class="s1">INVALID_PDF</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="k">case</span> <span class="mi">429</span><span class="p">:</span> <span class="c1">// Server-wide capacity, not per-key rate limiting. Respect Retry-After.</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Server is at analysis capacity. Retry after the Retry-After interval.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">429</span><span class="p">,</span> <span class="dl">'</span><span class="s1">SERVER_AT_CAPACITY</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="k">case</span> <span class="mi">500</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">HTPBE server error. The request will be retried.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">500</span><span class="p">,</span> <span class="dl">'</span><span class="s1">SERVER_ERROR</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="nl">default</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="s2">`Unexpected error </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">: </span><span class="p">${</span><span class="nx">body</span><span class="p">.</span><span class="nx">error</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">,</span> <span class="nx">body</span><span class="p">.</span><span class="nx">code</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">UNKNOWN</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The retry logic only fires on 5xx responses. A <code>401</code> means your key is wrong — retrying it would not help. Two status codes deserve explicit handling in your own code:</p> <ul> <li> <strong><code>402 PAYMENT_REQUIRED</code></strong> — the key has no credit source left. Credits are universal: a subscription’s monthly quota, a one-time top-up batch, and the welcome credits all draw from one pool. A 402 means all three are exhausted (or there is no active plan on a live key). Surface this to your billing logic rather than retrying — retrying will fail identically until the account is topped up at <a href="https://htpbe.tech/pricing" rel="noopener noreferrer">the pricing page</a>.</li> <li> <strong><code>429 SERVER_AT_CAPACITY</code></strong> — this is server-wide concurrency, not per-key rate limiting. The response carries a <code>Retry-After</code> header (in seconds). Wait that long, then retry the same request. The retry loop below treats 429 like a transient failure, but reading <code>Retry-After</code> instead of fixed backoff is more polite under sustained load.</li> </ul> <h2> Step 4: Production Integration Pattern </h2> <p>The typical flow in any backend application that accepts document uploads:</p> <ol> <li>User uploads PDF to your backend</li> <li>You store it in S3, GCS, Vercel Blob, or similar — getting a publicly accessible URL</li> <li>You call the HTPBE API with that URL</li> <li>You route the request based on the verdict </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">HTPBEClient</span><span class="p">,</span> <span class="nx">HTPBEResult</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./htpbe-client</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Placeholder — replace with your actual storage upload logic</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">uploadToStorage</span><span class="p">(</span><span class="nx">file</span><span class="p">:</span> <span class="nx">Buffer</span><span class="p">,</span> <span class="nx">filename</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Returns a publicly accessible URL, e.g. from S3 presigned URL or Vercel Blob</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Implement uploadToStorage for your storage provider</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">type</span> <span class="nx">DocumentAction</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">accept</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">reject</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">manual_review</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">DocumentVerificationResult</span> <span class="p">{</span> <span class="nl">action</span><span class="p">:</span> <span class="nx">DocumentAction</span><span class="p">;</span> <span class="nl">result</span><span class="p">:</span> <span class="nx">HTPBEResult</span><span class="p">;</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">handleDocumentUpload</span><span class="p">(</span> <span class="nx">file</span><span class="p">:</span> <span class="nx">Buffer</span><span class="p">,</span> <span class="nx">filename</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">DocumentVerificationResult</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">uploadToStorage</span><span class="p">(</span><span class="nx">file</span><span class="p">,</span> <span class="nx">filename</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HTPBEClient</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">HTPBE_API_KEY</span><span class="o">!</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">url</span><span class="p">);</span> <span class="k">switch </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">status</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">intact</span><span class="dl">'</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span> <span class="na">action</span><span class="p">:</span> <span class="dl">'</span><span class="s1">accept</span><span class="dl">'</span><span class="p">,</span> <span class="nx">result</span> <span class="p">};</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">modified</span><span class="dl">'</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span> <span class="na">action</span><span class="p">:</span> <span class="dl">'</span><span class="s1">reject</span><span class="dl">'</span><span class="p">,</span> <span class="nx">result</span> <span class="p">};</span> <span class="k">case</span> <span class="dl">'</span><span class="s1">inconclusive</span><span class="dl">'</span><span class="p">:</span> <span class="c1">// Consumer software origin — flag for manual review</span> <span class="k">return</span> <span class="p">{</span> <span class="na">action</span><span class="p">:</span> <span class="dl">'</span><span class="s1">manual_review</span><span class="dl">'</span><span class="p">,</span> <span class="nx">result</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The <code>inconclusive</code> verdict means the document was created with consumer software, an online editor, an HTML renderer, or a scanner rather than institutional document management software. For a deeper explanation, see <a href="https://htpbe.tech/blog/what-inconclusive-means-pdf-verification-results" rel="noopener noreferrer">what “inconclusive” really means</a>. For documents that claim institutional origin — bank statements, diplomas, contracts — <code>inconclusive</code> warrants the same treatment as <code>modified</code>: do not accept automatically, route to a human reviewer.</p> <h2> Step 4b: Giving the API a Reachable URL </h2> <p>The API does not accept file uploads. It downloads the PDF from a URL you supply, so the file must live somewhere publicly reachable for the duration of the analysis (typically 2–5 seconds). The cleanest pattern is a short-lived presigned URL from your object store. You never expose the bucket, and the link expires minutes later.</p> <p>Here is the full round-trip with AWS S3: store the upload, mint a presigned <code>GET</code> URL valid for five minutes, hand it to the client, then let the link expire.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">S3Client</span><span class="p">,</span> <span class="nx">PutObjectCommand</span><span class="p">,</span> <span class="nx">GetObjectCommand</span><span class="p">,</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/client-s3</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getSignedUrl</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/s3-request-presigner</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">randomUUID</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">node:crypto</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">HTPBEClient</span><span class="p">,</span> <span class="nx">HTPBEResult</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./htpbe-client</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">s3</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">S3Client</span><span class="p">({</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">AWS_REGION</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">htpbe</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HTPBEClient</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">HTPBE_API_KEY</span><span class="o">!</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">BUCKET</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">UPLOAD_BUCKET</span><span class="o">!</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">verifyUploadedPdf</span><span class="p">(</span> <span class="nx">file</span><span class="p">:</span> <span class="nx">Buffer</span><span class="p">,</span> <span class="nx">originalFilename</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">HTPBEResult</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="s2">`incoming/</span><span class="p">${</span><span class="nf">randomUUID</span><span class="p">()}</span><span class="s2">.pdf`</span><span class="p">;</span> <span class="c1">// 1. Store the upload privately — no public ACL needed.</span> <span class="k">await</span> <span class="nx">s3</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span> <span class="k">new</span> <span class="nc">PutObjectCommand</span><span class="p">({</span> <span class="na">Bucket</span><span class="p">:</span> <span class="nx">BUCKET</span><span class="p">,</span> <span class="na">Key</span><span class="p">:</span> <span class="nx">key</span><span class="p">,</span> <span class="na">Body</span><span class="p">:</span> <span class="nx">file</span><span class="p">,</span> <span class="na">ContentType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/pdf</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">);</span> <span class="c1">// 2. Mint a presigned GET URL valid for 5 minutes.</span> <span class="kd">const</span> <span class="nx">presignedUrl</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getSignedUrl</span><span class="p">(</span> <span class="nx">s3</span><span class="p">,</span> <span class="k">new</span> <span class="nc">GetObjectCommand</span><span class="p">({</span> <span class="na">Bucket</span><span class="p">:</span> <span class="nx">BUCKET</span><span class="p">,</span> <span class="na">Key</span><span class="p">:</span> <span class="nx">key</span> <span class="p">}),</span> <span class="p">{</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="mi">300</span> <span class="p">},</span> <span class="p">);</span> <span class="c1">// 3. Hand the temporary URL to the API. The original filename is</span> <span class="c1">// preserved in the result instead of the opaque UUID key.</span> <span class="k">return</span> <span class="nx">htpbe</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">presignedUrl</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The <code>original_filename</code> parameter on <code>POST /analyze</code> is worth setting whenever your storage key is an opaque UUID like the one above — without it, the result’s <code>filename</code> field is derived from the last URL segment (<code>a1b2c3d4.pdf</code>), which is useless in an audit trail. Pass the human-readable name and it is stored and returned instead. To use it, extend the client’s <code>submitAnalysis</code> body to <code>JSON.stringify({ url: pdfUrl, original_filename: originalFilename })</code>.</p> <p>The same pattern works with Google Cloud Storage (<code>getSignedUrl</code> on a <code>File</code>), Cloudflare R2 (S3-compatible — reuse the snippet above with the R2 endpoint), or Vercel Blob (already public, so skip the presigning step).</p> <h2> A Note on Synchronous Analysis and Webhooks </h2> <p>The API runs analysis synchronously. <code>POST /analyze</code> blocks until the verdict is computed, then returns the check ID; the response also carries a <code>Location</code> header pointing at the full result URL. There is no job queue to poll and no webhook callback to register — by the time <code>analyze</code> returns, the result is already retrievable from <code>GET /result/{id}</code>. The <code>verify()</code> method above chains both calls, so a single <code>await</code> gives you the full verdict.</p> <p>If your own architecture is event-driven, wrap <code>verify()</code> in your job runner (BullMQ, a Lambda, a queue consumer) and emit your own internal webhook once the verdict lands. The detection call itself is a plain request/response — treat it as one step inside your worker, not as an external async service you wait on.</p> <h2> Step 5: Express Middleware </h2> <p>If you are using Express, the cleanest pattern is a middleware that runs before your upload handler and attaches the detection result to the request object:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">Response</span><span class="p">,</span> <span class="nx">NextFunction</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">HTPBEClient</span><span class="p">,</span> <span class="nx">HTPBEError</span><span class="p">,</span> <span class="nx">HTPBEResult</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./htpbe-client</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Extend Express Request type</span> <span class="kr">declare</span> <span class="nb">global</span> <span class="p">{</span> <span class="k">namespace</span> <span class="nx">Express</span> <span class="p">{</span> <span class="kr">interface</span> <span class="nx">Request</span> <span class="p">{</span> <span class="nl">documentVerification</span><span class="p">?:</span> <span class="nx">HTPBEResult</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">htpbeClient</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HTPBEClient</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">HTPBE_API_KEY</span><span class="o">!</span><span class="p">);</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">verifyDocument</span><span class="p">(</span> <span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">,</span> <span class="nx">next</span><span class="p">:</span> <span class="nx">NextFunction</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">documentUrl</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span> <span class="k">as</span> <span class="p">{</span> <span class="nx">documentUrl</span><span class="p">?:</span> <span class="kr">string</span> <span class="p">};</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">documentUrl</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">documentUrl is required</span><span class="dl">'</span> <span class="p">});</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">htpbeClient</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">documentUrl</span><span class="p">);</span> <span class="nx">req</span><span class="p">.</span><span class="nx">documentVerification</span> <span class="o">=</span> <span class="nx">result</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span> <span class="k">instanceof</span> <span class="nx">HTPBEError</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">code</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">UNAUTHORIZED</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Configuration error — do not expose key details to client</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">HTPBE API key is invalid or missing</span><span class="dl">'</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Document verification service misconfigured</span><span class="dl">'</span> <span class="p">});</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">code</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">INVALID_PDF</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">422</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">The provided URL is not a valid PDF</span><span class="dl">'</span> <span class="p">});</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">code</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">FILE_TOO_LARGE</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">413</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">PDF must be under 10 MB</span><span class="dl">'</span> <span class="p">});</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">next</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Route handler that uses the middleware</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">documentUploadHandler</span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">):</span> <span class="k">void</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">verification</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">documentVerification</span><span class="o">!</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">verification</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">modified</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">422</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Document appears to have been modified after creation</span><span class="dl">'</span><span class="p">,</span> <span class="na">modification_markers</span><span class="p">:</span> <span class="nx">verification</span><span class="p">.</span><span class="nx">modification_markers</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">verification</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">inconclusive</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Queue for manual review instead of rejecting outright</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">202</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Document accepted for manual review</span><span class="dl">'</span><span class="p">,</span> <span class="na">reason</span><span class="p">:</span> <span class="nx">verification</span><span class="p">.</span><span class="nx">modification_markers</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">Consumer software origin detected</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// status === 'intact' — proceed</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Document accepted</span><span class="dl">'</span><span class="p">,</span> <span class="na">id</span><span class="p">:</span> <span class="nx">verification</span><span class="p">.</span><span class="nx">id</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Wire these up in your Express app:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">verifyDocument</span><span class="p">,</span> <span class="nx">documentUploadHandler</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./document-middleware</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="dl">'</span><span class="s1">/api/documents</span><span class="dl">'</span><span class="p">,</span> <span class="nx">verifyDocument</span><span class="p">,</span> <span class="nx">documentUploadHandler</span><span class="p">,</span> <span class="p">);</span> </code></pre> </div> <p>The middleware runs the HTPBE check and attaches the result to <code>req.documentVerification</code>. The route handler then reads the verdict. This separation keeps fraud detection logic out of your business layer.</p> <h2> Step 6: Test Mode </h2> <p>All HTPBE plans — including free — include a test API key. Test API keys use mock URLs that return predefined responses, similar to Stripe test cards. They are designed for integration testing without consuming production quota or requiring real documents.</p> <p><strong>Test URL format:</strong> <code>https://api.htpbe.tech/v1/test/{filename}.pdf</code></p> <p>The available test fixtures and what they return:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>URL</th> <th><code>status</code></th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code>clean.pdf</code></td> <td><code>intact</code></td> <td>Clean document, institutional origin</td> </tr> <tr> <td><code>clean-no-dates.pdf</code></td> <td><code>intact</code></td> <td>Clean, unknown origin, no date metadata</td> </tr> <tr> <td><code>modified-low.pdf</code></td> <td><code>modified</code></td> <td>Single incremental update</td> </tr> <tr> <td><code>modified-medium.pdf</code></td> <td><code>modified</code></td> <td>Consumer software origin, multiple updates</td> </tr> <tr> <td><code>modified-high.pdf</code></td> <td><code>modified</code></td> <td>Different producer, 5-link update chain</td> </tr> <tr> <td><code>modified-critical.pdf</code></td> <td><code>modified</code></td> <td>Signature removed, JavaScript, Excel origin</td> </tr> <tr> <td><code>signature-removed.pdf</code></td> <td><code>modified</code></td> <td>Digital signature stripped</td> </tr> <tr> <td><code>signature-valid.pdf</code></td> <td><code>intact</code></td> <td>Valid digital signature, no modifications</td> </tr> <tr> <td><code>inconclusive.pdf</code></td> <td><code>inconclusive</code></td> <td>Excel origin, no structural modifications</td> </tr> <tr> <td><code>dates-mismatch.pdf</code></td> <td><code>modified</code></td> <td>Modification date 14 days after creation</td> </tr> </tbody> </table></div> <p>Use these in your test suite to cover all decision branches:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">describe</span><span class="p">,</span> <span class="nx">it</span><span class="p">,</span> <span class="nx">expect</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">vitest</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">HTPBEClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./htpbe-client</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">TEST_BASE</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">https://api.htpbe.tech/v1/test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HTPBEClient</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">HTPBE_TEST_API_KEY</span><span class="o">!</span><span class="p">);</span> <span class="nf">describe</span><span class="p">(</span><span class="dl">'</span><span class="s1">HTPBEClient</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">it</span><span class="p">(</span><span class="dl">'</span><span class="s1">returns intact for a clean document</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">TEST_BASE</span><span class="p">}</span><span class="s2">/clean.pdf`</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">status</span><span class="p">).</span><span class="nf">toBe</span><span class="p">(</span><span class="dl">'</span><span class="s1">intact</span><span class="dl">'</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">modification_markers</span><span class="p">).</span><span class="nf">toHaveLength</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="p">});</span> <span class="nf">it</span><span class="p">(</span><span class="dl">'</span><span class="s1">returns modified for a high-risk document</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">TEST_BASE</span><span class="p">}</span><span class="s2">/modified-high.pdf`</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">status</span><span class="p">).</span><span class="nf">toBe</span><span class="p">(</span><span class="dl">'</span><span class="s1">modified</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="nf">it</span><span class="p">(</span><span class="dl">'</span><span class="s1">returns inconclusive with a status_reason</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">TEST_BASE</span><span class="p">}</span><span class="s2">/inconclusive.pdf`</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">status</span><span class="p">).</span><span class="nf">toBe</span><span class="p">(</span><span class="dl">'</span><span class="s1">inconclusive</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// status_reason explains WHY: consumer_software_origin, online_editor_origin,</span> <span class="c1">// scanned_document, or html_renderer_origin. Always branch on it.</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">status_reason</span><span class="p">).</span><span class="nf">toBeDefined</span><span class="p">();</span> <span class="p">});</span> <span class="nf">it</span><span class="p">(</span><span class="dl">'</span><span class="s1">handles signature-removed scenario</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">TEST_BASE</span><span class="p">}</span><span class="s2">/signature-removed.pdf`</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">status</span><span class="p">).</span><span class="nf">toBe</span><span class="p">(</span><span class="dl">'</span><span class="s1">modified</span><span class="dl">'</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">signature_removed</span><span class="p">).</span><span class="nf">toBe</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Keep your test API key in a <code>.env.test</code> file (separate from production) and never commit either key to version control.</p> <h2> Step 7: Reviewing Past Checks </h2> <p>The <code>GET /api/v1/checks</code> endpoint returns a paginated list of all analysis results for your API key. Use it to audit past checks, filter by verdict, or pull a history for a specific date range.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kr">interface</span> <span class="nx">HTPBEChecksResponse</span> <span class="p">{</span> <span class="nl">data</span><span class="p">:</span> <span class="nx">HTPBECheckSummary</span><span class="p">[];</span> <span class="nl">total</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">limit</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">offset</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">has_more</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getRecentModified</span><span class="p">(</span><span class="nx">apiKey</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">HTPBECheckSummary</span><span class="p">[]</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">params</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">({</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">modified</span><span class="dl">'</span><span class="p">,</span> <span class="na">limit</span><span class="p">:</span> <span class="dl">'</span><span class="s1">50</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="s2">`https://api.htpbe.tech/v1/checks?</span><span class="p">${</span><span class="nx">params</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">apiKey</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">},</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Failed to fetch checks: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="p">(</span><span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="k">as</span> <span class="nx">HTPBEChecksResponse</span><span class="p">;</span> <span class="k">return</span> <span class="nx">body</span><span class="p">.</span><span class="nx">data</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Monitor your quota consumption via the HTPBE dashboard. When you reach your monthly quota, further requests return <code>402 PAYMENT_REQUIRED</code> until it resets — add a one-time credit pack or move to a higher tier to keep going, and handle the 402 so a quota boundary never silently drops a check.</p> <h2> Step 8: Knowing When to Upgrade </h2> <p>The practical signals that a plan upgrade is warranted:</p> <p><strong>Starter ($15/month, 30 checks):</strong> Suitable for low-volume workflows — up to one document per day. If you are hitting quota before mid-month, or if your use case processes more than a handful of documents per week, move to Growth.</p> <p><strong>Growth ($149/month, 350 checks):</strong> The right tier for most production applications — handles roughly 12 documents per day. This is the recommended starting point for any application with real users.</p> <p><strong>Pro ($499/month, 1,500 checks):</strong> For platforms processing 40–50 documents per day consistently. The per-check cost drops to $0.33, a 23% saving over Growth.</p> <p><strong>Enterprise (custom):</strong> For 1,500+ checks per month. Per-check pricing drops to $0.10–$0.20 at high volume.</p> <p>The clearest indicator to watch is your quota consumption measured at the same point each month — visible in the HTPBE dashboard. If you are consistently below 20% remaining with more than a week left in the billing cycle, you are sized for the next tier.</p> <h2> Complete Client File </h2> <p>For reference, the full <code>htpbe-client.ts</code> module in one place:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// POST /analyze response — just the check ID</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">HTPBEAnalyzeResponse</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// GET /result/{id} response — flat object with all analysis fields</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">HTPBEResult</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">filename</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">check_date</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">file_size</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">page_count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Algorithm version tracking</span> <span class="nl">algorithm_version</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">current_algorithm_version</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">outdated_warning</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// Primary verdict</span> <span class="nl">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">intact</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">modified</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">inconclusive</span><span class="dl">'</span><span class="p">;</span> <span class="nl">status_reason</span><span class="p">?:</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">consumer_software_origin</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">online_editor_origin</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">scanned_document</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">html_renderer_origin</span><span class="dl">'</span><span class="p">;</span> <span class="nl">origin</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">consumer_software</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">institutional</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">unknown</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">online_editor</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">scanned</span><span class="dl">'</span><span class="p">;</span> <span class="nl">software</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="p">};</span> <span class="c1">// Detection results</span> <span class="nl">modification_confidence</span><span class="p">:</span> <span class="dl">'</span><span class="s1">certain</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">high</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">none</span><span class="dl">'</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// Metadata</span> <span class="nl">creator</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">producer</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">creation_date</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// Unix timestamp</span> <span class="nl">modification_date</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// Unix timestamp</span> <span class="nl">pdf_version</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// Metadata analysis</span> <span class="nl">date_sequence_valid</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">metadata_completeness_score</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Structure analysis</span> <span class="nl">xref_count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">has_incremental_updates</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">update_chain_length</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Signature analysis</span> <span class="nl">has_digital_signature</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">signature_count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">signature_removed</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">modifications_after_signature</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="c1">// Content analysis</span> <span class="nl">object_count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">has_javascript</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">has_embedded_files</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="c1">// Findings</span> <span class="nl">modification_markers</span><span class="p">:</span> <span class="kr">string</span><span class="p">[];</span> <span class="p">}</span> <span class="c1">// GET /checks response item — summary with fewer fields than full result</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">HTPBECheckSummary</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">filename</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">check_date</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">intact</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">modified</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">inconclusive</span><span class="dl">'</span><span class="p">;</span> <span class="nl">metadata_completeness_score</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">creator</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">producer</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">file_size</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">page_count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">pdf_version</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">creation_date</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">modification_date</span><span class="p">:</span> <span class="kr">number</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">has_javascript</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">has_digital_signature</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">has_embedded_files</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">has_incremental_updates</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">update_chain_length</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">object_count</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kr">interface</span> <span class="nx">HTPBEErrorResponse</span> <span class="p">{</span> <span class="nl">error</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">code</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">HTPBEError</span> <span class="kd">extends</span> <span class="nc">Error</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span> <span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="k">public</span> <span class="k">readonly</span> <span class="nx">statusCode</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="k">public</span> <span class="k">readonly</span> <span class="nx">code</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">(</span><span class="nx">message</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">name</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">HTPBEError</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">sleep</span><span class="p">(</span><span class="nx">ms</span><span class="p">:</span> <span class="kr">number</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">setTimeout</span><span class="p">(</span><span class="nx">resolve</span><span class="p">,</span> <span class="nx">ms</span><span class="p">));</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">HTPBEClient</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">apiKey</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">baseUrl</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">https://api.htpbe.tech/v1</span><span class="dl">'</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">timeoutMs</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">apiKey</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">options</span><span class="p">:</span> <span class="p">{</span> <span class="nl">timeoutMs</span><span class="p">?:</span> <span class="kr">number</span> <span class="p">}</span> <span class="o">=</span> <span class="p">{})</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">apiKey</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">HTPBE API key is required</span><span class="dl">'</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">apiKey</span> <span class="o">=</span> <span class="nx">apiKey</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">timeoutMs</span> <span class="o">=</span> <span class="nx">options</span><span class="p">.</span><span class="nx">timeoutMs</span> <span class="o">??</span> <span class="mi">30</span><span class="nx">_000</span><span class="p">;</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">verify</span><span class="p">(</span><span class="nx">pdfUrl</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">retries</span> <span class="o">=</span> <span class="mi">3</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">HTPBEResult</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="na">lastError</span><span class="p">:</span> <span class="nx">HTPBEError</span> <span class="o">|</span> <span class="kc">null</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">attempt</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">attempt</span> <span class="o">&lt;</span> <span class="nx">retries</span><span class="p">;</span> <span class="nx">attempt</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">attempt</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">sleep</span><span class="p">(</span><span class="nb">Math</span><span class="p">.</span><span class="nf">pow</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="nx">attempt</span> <span class="o">-</span> <span class="mi">1</span><span class="p">)</span> <span class="o">*</span> <span class="mi">1</span><span class="nx">_000</span><span class="p">);</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">id</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">submitAnalysis</span><span class="p">(</span><span class="nx">pdfUrl</span><span class="p">);</span> <span class="k">return</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">getResult</span><span class="p">(</span><span class="nx">id</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="p">(</span><span class="nx">err</span> <span class="k">instanceof</span> <span class="nx">HTPBEError</span><span class="p">))</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">statusCode</span> <span class="o">&lt;</span> <span class="mi">500</span> <span class="o">&amp;&amp;</span> <span class="nx">err</span><span class="p">.</span><span class="nx">statusCode</span> <span class="o">!==</span> <span class="mi">429</span><span class="p">)</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="nx">lastError</span> <span class="o">=</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">throw</span> <span class="nx">lastError</span><span class="o">!</span><span class="p">;</span> <span class="p">}</span> <span class="k">private</span> <span class="k">async</span> <span class="nf">submitAnalysis</span><span class="p">(</span><span class="nx">pdfUrl</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">HTPBEAnalyzeResponse</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">controller</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">AbortController</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">timer</span> <span class="o">=</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">controller</span><span class="p">.</span><span class="nf">abort</span><span class="p">(),</span> <span class="k">this</span><span class="p">.</span><span class="nx">timeoutMs</span><span class="p">);</span> <span class="kd">let</span> <span class="na">response</span><span class="p">:</span> <span class="nx">Response</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">baseUrl</span><span class="p">}</span><span class="s2">/analyze`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">apiKey</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="nx">pdfUrl</span> <span class="p">}),</span> <span class="na">signal</span><span class="p">:</span> <span class="nx">controller</span><span class="p">.</span><span class="nx">signal</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">((</span><span class="nx">err</span> <span class="k">as</span> <span class="nb">Error</span><span class="p">).</span><span class="nx">name</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">AbortError</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="s2">`Request timed out after </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">timeoutMs</span><span class="p">}</span><span class="s2">ms`</span><span class="p">,</span> <span class="mi">408</span><span class="p">,</span> <span class="dl">'</span><span class="s1">TIMEOUT</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nf">clearTimeout</span><span class="p">(</span><span class="nx">timer</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">handleErrorResponse</span><span class="p">(</span><span class="nx">response</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">as</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">HTPBEAnalyzeResponse</span><span class="o">&gt;</span><span class="p">;</span> <span class="p">}</span> <span class="k">private</span> <span class="k">async</span> <span class="nf">getResult</span><span class="p">(</span><span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">HTPBEResult</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">controller</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">AbortController</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">timer</span> <span class="o">=</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">controller</span><span class="p">.</span><span class="nf">abort</span><span class="p">(),</span> <span class="k">this</span><span class="p">.</span><span class="nx">timeoutMs</span><span class="p">);</span> <span class="kd">let</span> <span class="na">response</span><span class="p">:</span> <span class="nx">Response</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">baseUrl</span><span class="p">}</span><span class="s2">/result/</span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">apiKey</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="na">signal</span><span class="p">:</span> <span class="nx">controller</span><span class="p">.</span><span class="nx">signal</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">((</span><span class="nx">err</span> <span class="k">as</span> <span class="nb">Error</span><span class="p">).</span><span class="nx">name</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">AbortError</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="s2">`Request timed out after </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">timeoutMs</span><span class="p">}</span><span class="s2">ms`</span><span class="p">,</span> <span class="mi">408</span><span class="p">,</span> <span class="dl">'</span><span class="s1">TIMEOUT</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="k">throw</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nf">clearTimeout</span><span class="p">(</span><span class="nx">timer</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nf">handleErrorResponse</span><span class="p">(</span><span class="nx">response</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">as</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">HTPBEResult</span><span class="o">&gt;</span><span class="p">;</span> <span class="p">}</span> <span class="k">private</span> <span class="k">async</span> <span class="nf">handleErrorResponse</span><span class="p">(</span><span class="nx">response</span><span class="p">:</span> <span class="nx">Response</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">never</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">let</span> <span class="na">body</span><span class="p">:</span> <span class="nx">HTPBEErrorResponse</span> <span class="o">=</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="nx">response</span><span class="p">.</span><span class="nx">statusText</span><span class="p">,</span> <span class="na">code</span><span class="p">:</span> <span class="dl">'</span><span class="s1">UNKNOWN</span><span class="dl">'</span> <span class="p">};</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">body</span> <span class="o">=</span> <span class="p">(</span><span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="k">as</span> <span class="nx">HTPBEErrorResponse</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="c1">// non-JSON body</span> <span class="p">}</span> <span class="k">switch </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="mi">400</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span><span class="s2">`Bad request: </span><span class="p">${</span><span class="nx">body</span><span class="p">.</span><span class="nx">error</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="mi">400</span><span class="p">,</span> <span class="dl">'</span><span class="s1">BAD_REQUEST</span><span class="dl">'</span><span class="p">);</span> <span class="k">case</span> <span class="mi">401</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Invalid API key. Check your HTPBE_API_KEY environment variable.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">401</span><span class="p">,</span> <span class="dl">'</span><span class="s1">UNAUTHORIZED</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="k">case</span> <span class="mi">402</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Payment required. No credits available for this key. See htpbe.tech/pricing.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">402</span><span class="p">,</span> <span class="dl">'</span><span class="s1">PAYMENT_REQUIRED</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="k">case</span> <span class="mi">403</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Access forbidden. Your API key may not have permission for this resource.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">403</span><span class="p">,</span> <span class="dl">'</span><span class="s1">FORBIDDEN</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="k">case</span> <span class="mi">404</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span><span class="dl">'</span><span class="s1">Check not found.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">404</span><span class="p">,</span> <span class="dl">'</span><span class="s1">NOT_FOUND</span><span class="dl">'</span><span class="p">);</span> <span class="k">case</span> <span class="mi">413</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span><span class="dl">'</span><span class="s1">PDF exceeds the 10 MB size limit.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">413</span><span class="p">,</span> <span class="dl">'</span><span class="s1">FILE_TOO_LARGE</span><span class="dl">'</span><span class="p">);</span> <span class="k">case</span> <span class="mi">422</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span><span class="dl">'</span><span class="s1">The URL did not return a valid PDF file.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">422</span><span class="p">,</span> <span class="dl">'</span><span class="s1">INVALID_PDF</span><span class="dl">'</span><span class="p">);</span> <span class="k">case</span> <span class="mi">429</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Server is at analysis capacity. Retry after the Retry-After interval.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">429</span><span class="p">,</span> <span class="dl">'</span><span class="s1">SERVER_AT_CAPACITY</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="k">case</span> <span class="mi">500</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="dl">'</span><span class="s1">HTPBE server error. The request will be retried.</span><span class="dl">'</span><span class="p">,</span> <span class="mi">500</span><span class="p">,</span> <span class="dl">'</span><span class="s1">SERVER_ERROR</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="nl">default</span><span class="p">:</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">HTPBEError</span><span class="p">(</span> <span class="s2">`Unexpected error </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">: </span><span class="p">${</span><span class="nx">body</span><span class="p">.</span><span class="nx">error</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">,</span> <span class="nx">body</span><span class="p">.</span><span class="nx">code</span> <span class="o">??</span> <span class="dl">'</span><span class="s1">UNKNOWN</span><span class="dl">'</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Decisions Before You Ship </h2> <p>The integration surface for HTPBE is intentionally small: one POST endpoint, one JSON response, three possible verdicts. The complexity is all on the integration side — retry logic, timeout handling, middleware architecture, test coverage — because those are the pieces that determine whether a third-party API call holds up in production.</p> <p>Three decisions to make before going live:</p> <ul> <li> <strong><code>inconclusive</code> routing</strong> — for documents that claim institutional origin, treat <code>inconclusive</code> the same as <code>modified</code>; for user-generated documents (forms, letters), it may be acceptable</li> <li> <strong>Quota policy</strong> — when you reach your monthly quota, further requests return <code>402 PAYMENT_REQUIRED</code> until it resets; add a one-time credit pack or upgrade to keep going, and handle the 402 so a quota boundary never silently drops a check</li> <li> <strong>Test key separation</strong> — keep test and production keys in separate env files; test keys return synthetic data and should never touch production flows</li> </ul> pdf tutorial api node Cloudflare WAF Free Plan: Block Bots Without Paying Iurii Rogulia Fri, 12 Jun 2026 10:00:35 +0000 https://dev.to/iurii_rogulia/cloudflare-waf-free-plan-block-bots-without-paying-2ief https://dev.to/iurii_rogulia/cloudflare-waf-free-plan-block-bots-without-paying-2ief <p>Open your server logs right now. I'll wait.</p> <p>If your site has been running for more than a week, you almost certainly have hundreds — probably thousands — of requests to paths like <code>/.env</code>, <code>/.git/config</code>, <code>/wp-admin/</code>, <code>/xmlrpc.php</code>, and <code>/phpmyadmin/</code>. Your app is almost certainly not WordPress. The bots don't care. They scan every IP on the internet looking for anything exposed.</p> <p>These requests don't break your app. But they pollute your logs, burn bandwidth, and add noise that makes real problems harder to spot. On a small VPS, a persistent scanner can also spike CPU enough to matter.</p> <p>Cloudflare's WAF solves this cleanly — and works on the free plan, with one operator constraint that took me longer than I'd like to admit to figure out.</p> <h2> What the Bots Are Looking For </h2> <p>Each path these scanners request corresponds to something specific they hope to exploit:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Path</th> <th>Target</th> </tr> </thead> <tbody> <tr> <td><code>/.env</code></td> <td>Environment file — API keys, database passwords, secrets</td> </tr> <tr> <td><code>/.git/config</code></td> <td>Git repository — sometimes contains credentials, always reveals codebase structure</td> </tr> <tr> <td><code>/.aws/credentials</code></td> <td>AWS credentials file — direct cloud access</td> </tr> <tr> <td><code>/actuator/</code></td> <td>Spring Boot management endpoints — often unauthenticated</td> </tr> <tr> <td><code>/wp-admin/</code></td> <td>WordPress admin panel — brute-force login target</td> </tr> <tr> <td><code>/wp-login.php</code></td> <td>WordPress login — credential stuffing</td> </tr> <tr> <td><code>/xmlrpc.php</code></td> <td>WordPress XML-RPC — amplification attacks, credential testing</td> </tr> <tr> <td><code>/phpmyadmin/</code></td> <td>Database management UI — direct database access</td> </tr> <tr> <td><code>/laravel/</code></td> <td>Laravel framework paths — debug mode exposure</td> </tr> <tr> <td><code>/backend/</code></td> <td>Generic admin paths — admin panel probing</td> </tr> <tr> <td><code>/config.php</code></td> <td>Configuration files — credentials</td> </tr> <tr> <td><code>/server-status</code></td> <td>Apache server status — internal metrics exposure</td> </tr> </tbody> </table></div> <p>None of this is targeted at you specifically. It's automated, opportunistic, and constant. The scanner tries every IP it finds. Your site being a Next.js app with none of these paths is irrelevant — the bot doesn't know that until it gets a response.</p> <h2> The Cloudflare WAF Rule </h2> <p> slug="fractional-cto"<br> text="Infrastructure security, deployment pipelines, and production monitoring — if you need an experienced technical lead who owns these layers end-to-end, let's talk."<br> /&gt;</p> <p>Cloudflare lets you write custom WAF rules using its Ruleset Language — a boolean expression that evaluates against request properties. When the expression matches, you choose an action: <code>block</code>, <code>challenge</code>, <code>log</code>, etc.</p> <p>Here's the rule that covers the most common scanner paths:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>(http.request.uri.path contains "/.env") or (http.request.uri.path contains "/.git/") or (http.request.uri.path contains "/.aws/") or (http.request.uri.path contains "/actuator/") or (http.request.uri.path contains "/wp-admin/") or (http.request.uri.path contains "/wp-login") or (http.request.uri.path contains "/xmlrpc") or (http.request.uri.path contains "/phpmyadmin/") or (http.request.uri.path contains "/laravel/") or (http.request.uri.path contains "/backend/") or (http.request.uri.path eq "/config.php") or (http.request.uri.path eq "/server-status") </code></pre> </div> <p>Action: <strong>Block</strong>.</p> <p>Notice I'm using <code>contains</code> for most paths and <code>eq</code> for two of them. That's deliberate — and it connects directly to the free plan limitation below.</p> <h2> The Operator Gotcha: Why <code>starts_with</code> Breaks on the Free Plan </h2> <p>This is the part nobody documents clearly. When I first wrote this rule, I used <code>starts_with</code> — it's the semantically correct operator for "path begins with <code>/wp-admin/</code>". It immediately threw a parse error in the Cloudflare dashboard.</p> <p>Here's what's available on each plan tier:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Operator</th> <th>Free</th> <th>Pro</th> <th>Business</th> <th>Notes</th> </tr> </thead> <tbody> <tr> <td><code>eq</code></td> <td>Yes</td> <td>Yes</td> <td>Yes</td> <td>Exact match</td> </tr> <tr> <td><code>contains</code></td> <td>Yes</td> <td>Yes</td> <td>Yes</td> <td>Substring match</td> </tr> <tr> <td><code>starts_with</code></td> <td>No</td> <td>No</td> <td>No</td> <td>Parse error — not supported in custom rules</td> </tr> <tr> <td><code>ends_with</code></td> <td>No</td> <td>No</td> <td>No</td> <td>Same</td> </tr> <tr> <td><code>matches</code></td> <td>No</td> <td>No</td> <td>Yes</td> <td>Regex — requires Business or WAF Advanced</td> </tr> </tbody> </table></div> <p><code>starts_with</code> is not a plan limitation in the sense of "you need to upgrade" — it simply doesn't exist as a supported operator in WAF custom rules. The Cloudflare docs mention it in the context of other products (Transform Rules, Page Rules), but in the custom WAF ruleset, your options are <code>eq</code>, <code>ne</code>, <code>contains</code>, <code>in</code>, <code>lt</code>, <code>le</code>, <code>gt</code>, <code>ge</code>, and a few type-specific ones.</p> <p><code>contains</code> works fine as a substitute because scanner bots always use the full path anyway — <code>/.env</code> is always <code>/.env</code>, not <code>/.environment</code> or anything else. The substring match catches everything <code>starts_with</code> would have caught, plus any path that has the string anywhere, which is actually more thorough.</p> <p>The two exceptions — <code>/config.php</code> and <code>/server-status</code> — use <code>eq</code> because these are exact paths. Using <code>contains</code> for <code>/config.php</code> would block any path that has "config.php" in it, which could catch legitimate admin tools if you have <code>/admin/config.php</code> as an internal path. If your app doesn't have anything like that, <code>contains</code> works equally well.</p> <h2> Deploying via the Dashboard </h2> <p>This is the simpler option. Takes about two minutes.</p> <ol> <li>Log into the Cloudflare dashboard and select your zone</li> <li>Go to <strong>Security → WAF → Custom rules</strong> </li> <li>Click <strong>Create rule</strong> </li> <li>Give it a name ("Block scanner bots" works fine)</li> <li>Switch the expression editor to <strong>Edit expression</strong> (text mode) and paste the rule above as a single line</li> <li>Set action to <strong>Block</strong> </li> <li>Save and deploy</li> </ol> <p>The rule is active immediately. No propagation delay.</p> <h2> Deploying via API </h2> <p>If you manage infrastructure as code or want to script this, the Cloudflare API works cleanly. You'll need two things:</p> <ul> <li> <strong>Zone ID</strong> — found on the right sidebar of your zone's Overview page in the dashboard</li> <li> <strong>API Token</strong> — create one at dash.cloudflare.com/profile/api-tokens with <code>Zone:Edit</code> permission scoped to your specific zone </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> PUT <span class="se">\</span> <span class="s2">"https://api.cloudflare.com/client/v4/zones/</span><span class="nv">$CF_ZONE_ID</span><span class="s2">/rulesets/phases/http_request_firewall_custom/entrypoint"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$CF_AUTH_TOKEN</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{ "rules": [ { "description": "Block bots", "expression": "(http.request.uri.path contains \"/.env\") or (http.request.uri.path contains \"/.git/\") or (http.request.uri.path contains \"/.aws/\") or (http.request.uri.path contains \"/actuator/\") or (http.request.uri.path contains \"/wp-admin/\") or (http.request.uri.path contains \"/wp-login\") or (http.request.uri.path contains \"/xmlrpc\") or (http.request.uri.path contains \"/phpmyadmin/\") or (http.request.uri.path contains \"/laravel/\") or (http.request.uri.path contains \"/backend/\") or (http.request.uri.path eq \"/config.php\") or (http.request.uri.path eq \"/server-status\")", "action": "block" } ] }'</span> </code></pre> </div> <p>This uses the <code>PUT</code> method on the phase entrypoint — which <strong>replaces</strong> the entire custom ruleset. If you already have other custom WAF rules, add them to the <code>rules</code> array rather than making a separate API call, or you'll overwrite them.</p> <p>If you want to check what rules are currently set before writing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="s2">"https://api.cloudflare.com/client/v4/zones/</span><span class="nv">$CF_ZONE_ID</span><span class="s2">/rulesets/phases/http_request_firewall_custom/entrypoint"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$CF_AUTH_TOKEN</span><span class="s2">"</span> | jq <span class="s1">'.result.rules'</span> </code></pre> </div> <p>A successful <code>PUT</code> returns HTTP 200 with the created ruleset. A 400 usually means a malformed expression — double-check the escaping in the JSON string.</p> <h2> Verifying It Works </h2> <p>After deploying, the easiest check is to curl one of the blocked paths from your terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-I</span> https://yourdomain.com/.env <span class="c"># HTTP/2 403</span> </code></pre> </div> <p>Cloudflare returns 403 for blocked requests. You should also see the blocked request show up in <strong>Security → Events</strong> in the dashboard, with the custom rule listed as the match reason.</p> <p>Give it 24 hours and then check Security → Events. On any public-facing site, you'll see the rule firing repeatedly — not because someone is targeting you, but because the scanners are continuous and indiscriminate.</p> <h2> What This Does Not Cover </h2> <p>A few things worth being explicit about:</p> <p><strong>It doesn't replace proper secrets management.</strong> If <code>/.env</code> is actually accessible on your server because you committed it or deployed it to the wrong directory, this rule masks the symptom. Fix the root cause — <code>.env</code> should never be web-accessible regardless of WAF rules.</p> <p><strong>It doesn't protect against sophisticated attacks.</strong> A targeted attacker can easily rotate IPs, use different paths, or probe your application logic directly. This rule is noise reduction, not a security perimeter.</p> <p><strong>It doesn't cover API abuse or DDoS.</strong> For that you need rate limiting at the application layer — sliding window counters in Redis, or Cloudflare's rate limiting rules (also available on the free plan, separately from WAF). I cover the Redis implementation in detail in the <a href="https://iurii.rogulia.fi/blog/redis-rate-limiting-api" rel="noopener noreferrer">Redis rate limiting</a> article.</p> <p><strong>The <code>/backend/</code> and <code>/laravel/</code> paths might be too broad</strong> depending on your app. If you have a legitimate <code>/backend/</code> route in your Next.js app, remove that clause. Review each path against your actual route structure before deploying.</p> <h2> Extending the Rule </h2> <p>The free plan allows up to 5 custom WAF rules, with expressions up to a certain length. The rule above is well within both limits. If you want to add more paths — for example, probes specific to PHP frameworks, Java servlet containers, or cloud metadata endpoints — you can extend the same expression with additional <code>or</code> clauses.</p> <p>Common additions I consider for projects with more exposure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>or (http.request.uri.path contains "/.ssh/") or (http.request.uri.path contains "/etc/passwd") or (http.request.uri.path contains "/proc/self/") or (http.request.uri.path contains "/.DS_Store") or (http.request.uri.path contains "/wp-content/") or (http.request.uri.path eq "/.htaccess") </code></pre> </div> <p>The <code>.DS_Store</code> one is worth including — macOS creates these files automatically and developers sometimes commit them, leaking directory structure. Scanner bots know this.</p> <p>This is a 10-minute setup with permanent noise reduction. I add it to every project I deploy behind Cloudflare — it costs nothing on the free plan and makes the Security Events log actually useful instead of 95% bot scanner noise. For the full <a href="https://iurii.rogulia.fi/blog/self-hosting-caddy-docker-vps" rel="noopener noreferrer">self-hosting stack with Caddy and Docker</a>, these WAF rules are one layer of a broader <a href="https://iurii.rogulia.fi/services/fractional-cto" rel="noopener noreferrer">infrastructure setup</a>.</p> <p>If you're building a SaaS or e-commerce platform for the EU market and want the full infrastructure layer handled properly — security, rate limiting, observability, deployment — <a href="https://iurii.rogulia.fi/contact" rel="noopener noreferrer">get in touch</a>. I'm available for freelance projects and long-term engagements.</p> <p><strong>Further reading:</strong></p> <ul> <li> <a href="https://gist.github.com/rogulia/5ae4d9fd39b2994303a1a8b6e2b226ce" rel="noopener noreferrer">GitHub Gist — ready-to-use script and expression</a> — copy the expression or run <code>block-bots.sh</code> directly</li> <li> <a href="https://developers.cloudflare.com/waf/custom-rules/" rel="noopener noreferrer">Cloudflare WAF Custom Rules documentation</a> — official reference for the ruleset language</li> <li> <a href="https://developers.cloudflare.com/ruleset-engine/rules-language/fields/" rel="noopener noreferrer">Cloudflare Ruleset Language field reference</a> — all available fields including <code>http.request.uri.path</code> </li> <li> <a href="https://developers.cloudflare.com/waf/rate-limiting-rules/" rel="noopener noreferrer">Cloudflare Rate Limiting Rules</a> — complementary to WAF, also available on the free plan</li> </ul> cloudflare security devops infrastructure Caching VIES Responses Without Breaking Compliance Iurii Rogulia Fri, 12 Jun 2026 09:00:36 +0000 https://dev.to/iurii_rogulia/caching-vies-responses-without-breaking-compliance-5f5a https://dev.to/iurii_rogulia/caching-vies-responses-without-breaking-compliance-5f5a <blockquote> <p>Originally published at <a href="https://vatnode.dev/blog/caching-vies-responses-compliance" rel="noopener noreferrer">vatnode.dev</a>. The version on vatnode.dev is the canonical source — refer to it for the latest content.</p> </blockquote> <p>Caching VIES is easy. Defending the cache during an audit is harder. A single SOAP round-trip to VIES takes 1–3 seconds on a good day and 10+ seconds when a national node is under load, so if your checkout calls VIES synchronously for every B2B customer, you are leaving a lot of latency on the table. Caching is the obvious fix — but VAT validation is not the kind of cache you set to 24 hours and forget about. Get the TTL wrong and your audit trail stops being defensible.</p> <p>This post walks through what you can safely cache, for how long, and how to keep the consultation number trail intact when you do.</p> <h2> Why caching VIES is different from caching anything else </h2> <p>A normal cache trades freshness for latency. VAT validation has a third axis: <strong>evidence</strong>. When a tax authority asks "did you check this customer's VAT number at the moment you reverse-charged the invoice?", you need to point at a timestamped record. A response you served from cache is a response you did not actually re-fetch from VIES — which is fine, as long as the cached record still represents what VIES would have said at the time of the transaction.</p> <p>In practice this means two things:</p> <ul> <li> <strong>The cached entry must include the original VIES timestamp and consultation number</strong>, not the cache-write time. If you re-serve a 6-hour-old response, the audit log must say it came from a check performed 6 hours ago — not "now".</li> <li> <strong>The TTL must be short enough that you can defend it.</strong> There is no statute that says "you must re-check every N hours", but tax authorities will push back on caches measured in days when the underlying status can change overnight.</li> </ul> <h2> What VIES actually returns and what changes </h2> <p>A VIES response contains the validity flag, optional name and address, the request timestamp, and — if you pass a requester VAT ID — a consultation number that proves a specific party performed the check on a specific date. The validity flag is the only field that can flip without warning: a company can deregister, a number can be invalidated by the issuing authority, and there is no notification channel.</p> <p>For SaaS billing, this matters at three moments:</p> <ol> <li> <strong>Signup / first invoice</strong> — you must check before applying reverse-charge for the first time.</li> <li> <strong>Recurring renewals</strong> — a number that was valid in January can be invalid by March.</li> <li> <strong>Audit reconstruction</strong> — months or years later, you must show that the check supporting each invoice was real.</li> </ol> <p>The same axes apply outside SaaS — marketplaces, ERP integrations, bulk invoicing, and accounting platforms each have their own invoice-timing expectations, but the underlying "check, evidence, re-check" loop is the same.</p> <h2> A defensible TTL ladder </h2> <p>There is no single right number, but the pattern that holds up across EU tax authorities is a tiered TTL with explicit revalidation on the events that matter:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Tiered cache strategy</span> <span class="kd">const</span> <span class="nx">TTL</span> <span class="o">=</span> <span class="p">{</span> <span class="c1">// Same request inside one checkout flow / page load</span> <span class="na">HOT</span><span class="p">:</span> <span class="mi">15</span> <span class="o">*</span> <span class="mi">60</span><span class="p">,</span> <span class="c1">// 15 minutes</span> <span class="c1">// Same customer interacting with your app the same day</span> <span class="na">WARM</span><span class="p">:</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span><span class="p">,</span> <span class="c1">// 24 hours</span> <span class="c1">// Hard ceiling — re-check before issuing the next invoice</span> <span class="na">INVOICE_REVALIDATE</span><span class="p">:</span> <span class="mi">30</span> <span class="o">*</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span><span class="p">,</span> <span class="c1">// 30 days</span> <span class="p">}</span> </code></pre> </div> <p>The 15-minute hot tier covers retries and the multi-page checkout pattern (cart → address → payment) without hammering VIES. The 24-hour warm tier covers same-day dashboard interactions. The 30-day ceiling is the one that matters for compliance: there is no single statutory rule here, but many compliance teams treat ~30 days as a practical upper bound between the supporting VIES check and the issued B2B reverse-charge invoice. Re-validate before that horizon, store the new consultation number against the new invoice, and start the TTL again. See the <a href="https://vatnode.dev/blog/vies-consultation-number-explained" rel="noopener noreferrer">VIES consultation number guide</a> for the audit storage shape.</p> <h3> Negative caching: invalid IDs need a different TTL </h3> <p>The TTL ladder above assumes a <code>valid: true</code> response. Invalid results — <code>VAT_NOT_FOUND</code>, <code>INVALID_INPUT</code>, or a flat <code>valid: false</code> from VIES — should be cached more cautiously, often with a TTL closer to minutes than hours.</p> <p>It helps to keep the two cache paths conceptually separate: the <strong>positive cache is evidence reuse</strong> (you are deliberately replaying a known-good check, with its consultation number, to avoid re-asking VIES the same question), while the <strong>negative cache is temporary failure suppression</strong> (you are throttling repeated client retries against a known-bad input, without committing to that result as audit evidence). Different purposes, different TTL discipline.</p> <p>Two reasons. First, a freshly-registered taxable person may genuinely become valid within hours of their initial registration appearing in the national database; aggressive negative caching will repeatedly reject a legitimate customer who is trying again after registering. Second, an invalid result is rarely an invoice-critical event in the same way a positive result is — you are not building audit evidence for a transaction that did not happen, so the trade-off is mostly UX, not compliance. A reasonable default is 5–15 minutes for invalid, 24 hours for valid, with the 30-day re-validation ceiling applying only to the positive path.</p> <h2> Redis pattern: cache the response, not the decision </h2> <p>The wrong way to cache: store a boolean <code>isValid: true</code> keyed by VAT ID. The right way: store the full response object, including the original timestamp and consultation number, so that when you re-read it you reconstruct the full audit context.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">redis</span><span class="dl">'</span> <span class="kd">const</span> <span class="nx">redis</span> <span class="o">=</span> <span class="nf">createClient</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REDIS_URL</span> <span class="p">})</span> <span class="kd">type</span> <span class="nx">CachedVies</span> <span class="o">=</span> <span class="p">{</span> <span class="na">vatId</span><span class="p">:</span> <span class="kr">string</span> <span class="na">valid</span><span class="p">:</span> <span class="nx">boolean</span> <span class="nx">name</span><span class="p">?:</span> <span class="kr">string</span> <span class="nx">address</span><span class="p">?:</span> <span class="kr">string</span> <span class="nx">consultationNumber</span><span class="p">?:</span> <span class="kr">string</span> <span class="na">checkedAt</span><span class="p">:</span> <span class="kr">string</span> <span class="c1">// ISO timestamp of the original VIES call</span> <span class="na">source</span><span class="p">:</span> <span class="dl">'</span><span class="s1">VIES</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">BZST</span><span class="dl">'</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getValidatedVat</span><span class="p">(</span><span class="nx">vatId</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">CachedVies</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="s2">`vat:</span><span class="p">${</span><span class="nx">vatId</span><span class="p">.</span><span class="nf">toUpperCase</span><span class="p">()}</span><span class="s2">`</span> <span class="kd">const</span> <span class="nx">cached</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">redis</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">key</span><span class="p">)</span> <span class="k">if </span><span class="p">(</span><span class="nx">cached</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">entry</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">cached</span><span class="p">)</span> <span class="k">as</span> <span class="nx">CachedVies</span> <span class="c1">// Refuse stale entries for invoice-critical paths</span> <span class="kd">const</span> <span class="nx">ageMs</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">-</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nx">entry</span><span class="p">.</span><span class="nx">checkedAt</span><span class="p">).</span><span class="nf">getTime</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="nx">ageMs</span> <span class="o">&lt;</span> <span class="mi">30</span> <span class="o">*</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">entry</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="s2">`https://api.vatnode.dev/v1/vat/</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="nx">vatId</span><span class="p">)}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VATNODE_API_KEY</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">},</span> <span class="p">)</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">res</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`VAT check failed: </span><span class="p">${</span><span class="nx">res</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="kd">const</span> <span class="na">entry</span><span class="p">:</span> <span class="nx">CachedVies</span> <span class="o">=</span> <span class="p">{</span> <span class="na">vatId</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">vatId</span><span class="p">,</span> <span class="na">valid</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">valid</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">address</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">address</span><span class="p">,</span> <span class="na">consultationNumber</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">consultationNumber</span><span class="p">,</span> <span class="na">checkedAt</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">checkedAt</span><span class="p">,</span> <span class="na">source</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">source</span><span class="p">,</span> <span class="p">}</span> <span class="c1">// Positive results: 24-hour Redis TTL with the 30-day ceiling enforced above.</span> <span class="c1">// Negative results: short TTL, just enough to suppress retry storms.</span> <span class="kd">const</span> <span class="nx">ttl</span> <span class="o">=</span> <span class="nx">entry</span><span class="p">.</span><span class="nx">valid</span> <span class="p">?</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="p">:</span> <span class="mi">10</span> <span class="o">*</span> <span class="mi">60</span> <span class="k">await</span> <span class="nx">redis</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">key</span><span class="p">,</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">entry</span><span class="p">),</span> <span class="p">{</span> <span class="na">EX</span><span class="p">:</span> <span class="nx">ttl</span> <span class="p">})</span> <span class="k">return</span> <span class="nx">entry</span> <span class="p">}</span> </code></pre> </div> <p>Two details that are easy to miss:</p> <ul> <li> <strong>Key on the normalised VAT ID</strong> (uppercase, no spaces). <code>de123456789</code>, <code>DE 123 456 789</code>, and <code>DE123456789</code> are the same number — different cache keys is a memory leak and a correctness bug.</li> <li> <strong>Persist the cached entry to your database too</strong>, not just Redis. Redis is for latency; PostgreSQL is for the audit trail. The two have different retention needs — the operational cache exists to make the next request fast and can be flushed at any time, while the evidence snapshot (the row tied to the invoice, with its consultation number and original VIES timestamp) is the artefact you must still be able to produce years later. Treat them as separate systems with separate lifecycles, even if they happen to start out with the same payload.</li> </ul> <h2> When to bypass the cache no matter what </h2> <p>Some events should always trigger a fresh VIES call, regardless of how warm the cache is:</p> <ul> <li> <strong>Issuing a B2B reverse-charge invoice.</strong> The consultation number on that invoice must reflect a check performed close to the invoice date.</li> <li> <strong>Customer-initiated VAT ID change.</strong> A new VAT ID always means a new check — never inherit validity from a previous number.</li> <li> <strong>Subscription renewal that crosses a tax year.</strong> This is a best-practice heuristic rather than a written rule, but year-end is when most tax authorities reconcile filings — a check that sits cleanly inside the same reporting period as the invoice is easier to defend than one that straddles two.</li> <li> <strong>The cached entry is missing a consultation number.</strong> If your previous check did not pass a requester VAT ID and you now need audit-grade evidence, the old entry is not good enough — re-run it.</li> </ul> <p>The cleanest way to express this in code is to make the cache opt-in per call site, not the default:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Fast paths — cache is fine</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getValidatedVat</span><span class="p">(</span><span class="nx">vatId</span><span class="p">)</span> <span class="c1">// Compliance-critical paths — force a fresh check</span> <span class="kd">const</span> <span class="nx">fresh</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getValidatedVat</span><span class="p">(</span><span class="nx">vatId</span><span class="p">,</span> <span class="p">{</span> <span class="na">bypassCache</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})</span> </code></pre> </div> <h2> Rate limits: a cache is not a license to hammer </h2> <p>Even with a healthy cache hit rate, you will still hit VIES often enough that rate limits matter. There is no published per-IP limit, but national nodes throttle aggressively under load — Germany's BZSt-backed node especially. Two patterns help:</p> <ul> <li> <strong>Coalesce concurrent requests for the same VAT ID.</strong> If 50 parallel checkout sessions all want to validate <code>DE123456789</code> and your cache is cold, you want exactly one outbound VIES call, not 50. A simple in-memory promise map per process is enough for a single instance; for horizontally scaled deployments, lift the same idea to a short-lived Redis lock (or any singleflight primitive) so the de-duplication holds across instances.</li> <li> <strong>Queue background revalidations.</strong> Renewal checks, scheduled re-validations, and admin-triggered audits should never run on the request path. Use a job queue with concurrency capped at 2–4 to stay polite to VIES.</li> </ul> <p>If you are already hitting <code>VIES_UNAVAILABLE</code> regularly, caching alone will not save you — the <a href="https://vatnode.dev/blog/vies-downtime-guide" rel="noopener noreferrer">VIES downtime guide</a> covers the retry-and-queue pattern that complements this one.</p> <h2> Stale-if-error and partial outages </h2> <p>VIES is not a single service — it is a thin EC gateway in front of national tax-authority nodes. At any given moment one or two country nodes may be unreachable while the rest respond normally. That asymmetry matters for cache design:</p> <ul> <li> <strong>Stale-if-error.</strong> When VIES (or the relevant national node) is down, a recent cached response is usually preferable to a hard failure on checkout. Allow reads from a slightly-older cache during an outage — but log the stale serve explicitly and never reuse a stale entry as the audit-grade check for a freshly issued invoice. Stale-if-error is a UX safety net for the request path, not a compliance shortcut.</li> <li> <strong>Country-scoped failure modes.</strong> If your retry/backoff logic treats every error the same, a single down country will spam your queue while the rest of the EU is healthy. Tracking the failure rate per country prefix lets you cool off only the affected nodes.</li> <li> <strong>Proactive revalidation.</strong> For long-running subscriptions, do not wait for the cache to expire on the customer's next invoice — schedule a background re-check a few days before renewal. If the number is still valid, the cache is warm when the invoice runs. If it has gone invalid, you get a quiet email-the-customer window instead of a billing-time failure.</li> </ul> <h2> Summary </h2> <p>Cache VIES responses, but cache the <strong>full response with its original timestamp and consultation number</strong>, not a boolean. Keep the TTL short enough to be defensible (24 hours warm, 30 days hard ceiling), and bypass the cache on the events where evidence actually matters: invoice issuance, VAT ID changes, year boundaries. Coalesce in-flight requests, queue background work, and store the audit trail in your database — Redis is not where compliance lives. The goal is not to avoid VIES calls entirely; it is to minimise unnecessary calls without weakening the evidentiary chain behind the invoices that matter.</p> <blockquote> <h3> vatnode handles the cache layer for you </h3> <p>vatnode caches VIES responses internally with compliance-oriented TTL handling, exposes the consultation number on every response, and returns structured error codes so your app can implement the patterns above without re-implementing the SOAP client. Free plan, 100 requests/month.</p> <p><a href="https://vatnode.dev/register" rel="noopener noreferrer">Get Free API Key</a> · <a href="https://vatnode.dev/docs/errors" rel="noopener noreferrer">Error Code Reference</a></p> </blockquote> tax webdev PostNord API and Zoho Desk Automation: Production Gotchas Iurii Rogulia Thu, 11 Jun 2026 10:00:35 +0000 https://dev.to/iurii_rogulia/postnord-api-and-zoho-desk-automation-production-gotchas-4eog https://dev.to/iurii_rogulia/postnord-api-and-zoho-desk-automation-production-gotchas-4eog <p>I've written before about <a href="https://iurii.rogulia.fi/blog/ecommerce-order-automation" rel="noopener noreferrer">the overall automation pipeline at pikkuna.fi</a> — the high-level flow from Stripe webhook to customer confirmation in under 2 minutes. This article is the deep cut: specifically PostNord and Zoho Desk, the parts that required the most trial and error to get right in production.</p> <p>If you're integrating with PostNord's API or building automated Zoho Desk ticket creation, you'll hit the same walls. This is everything I learned.</p> <h2> PostNord: The API That Returns 200 for Errors </h2> <p> slug="automation-workflows"<br> text="Integrating PostNord, Zoho CRM, and Zoho Desk into a single fulfillment pipeline? I've built and debugged this in production — service codes, EU data centers, token caching, and all."<br> /&gt;</p> <p>PostNord's API looks normal on the surface — REST endpoints, JSON, API key authentication. The first surprise comes when you make a successful-looking request and get back this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"httpStatusCode"</span><span class="p">:</span><span class="w"> </span><span class="mi">200</span><span class="p">,</span><span class="w"> </span><span class="nl">"CompositeShipmentData"</span><span class="p">:</span><span class="w"> </span><span class="p">[]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>HTTP 200. Empty shipment array. No error field. No message.</p> <p>This is PostNord's way of telling you that the service code you requested is unavailable for the destination country. If you're checking <code>response.ok</code> and moving on, you just silently failed to create a shipping label. The order will proceed through your pipeline — Zoho CRM updated, accounting updated, confirmation email sent — with no tracking number and no label.</p> <p>The correct implementation: always check that <code>CompositeShipmentData</code> is non-empty and treat an empty array as a hard error that should retry:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/shipping/postnord.ts</span> <span class="kr">interface</span> <span class="nx">PostNordShipmentResponse</span> <span class="p">{</span> <span class="nl">httpStatusCode</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">CompositeShipmentData</span><span class="p">:</span> <span class="nx">PostNordShipmentData</span><span class="p">[];</span> <span class="p">}</span> <span class="kr">interface</span> <span class="nx">PostNordShipmentData</span> <span class="p">{</span> <span class="nl">parcels</span><span class="p">:</span> <span class="nb">Array</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">parcelNumber</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">pdfs</span><span class="p">:</span> <span class="nb">Array</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">pdf</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="c1">// base64-encoded PDF</span> <span class="nl">fileName</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">;</span> <span class="p">}</span><span class="o">&gt;</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">createPostNordShipment</span><span class="p">(</span> <span class="nx">order</span><span class="p">:</span> <span class="nx">Order</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="p">{</span> <span class="na">trackingNumber</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">labelPdf</span><span class="p">:</span> <span class="nx">Buffer</span> <span class="p">}</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://api2.postnord.com/rest/shipment/v5/shipment</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">x-api-key</span><span class="dl">"</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">POSTNORD_API_KEY</span><span class="o">!</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="na">Accept</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nf">buildShipmentPayload</span><span class="p">(</span><span class="nx">order</span><span class="p">)),</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">errorText</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">text</span><span class="p">();</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`PostNord API error </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">: </span><span class="p">${</span><span class="nx">errorText</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="p">(</span><span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="k">as</span> <span class="nx">PostNordShipmentResponse</span><span class="p">;</span> <span class="c1">// This is the critical check — HTTP 200 does NOT mean success</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">data</span><span class="p">.</span><span class="nx">CompositeShipmentData</span> <span class="o">||</span> <span class="nx">data</span><span class="p">.</span><span class="nx">CompositeShipmentData</span><span class="p">.</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span> <span class="s2">`PostNord returned 200 but no shipment data. `</span> <span class="o">+</span> <span class="s2">`Service code may be unavailable for country: </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">shippingAddress</span><span class="p">.</span><span class="nx">country</span><span class="p">}</span><span class="s2">`</span> <span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">shipmentData</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">CompositeShipmentData</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">parcel</span> <span class="o">=</span> <span class="nx">shipmentData</span><span class="p">.</span><span class="nx">parcels</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">parcel</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">PostNord returned shipment data with no parcels</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">trackingNumber</span> <span class="o">=</span> <span class="nx">parcel</span><span class="p">.</span><span class="nx">parcelNumber</span><span class="p">;</span> <span class="c1">// Label is base64-encoded PDF</span> <span class="kd">const</span> <span class="nx">labelPdf</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">parcel</span><span class="p">.</span><span class="nx">pdfs</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">pdf</span><span class="p">,</span> <span class="dl">"</span><span class="s2">base64</span><span class="dl">"</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">trackingNumber</span><span class="p">,</span> <span class="nx">labelPdf</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h2> Building the Shipment Payload </h2> <p>PostNord's payload structure is verbose. Here's the production version with all the fields that matter:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/shipping/postnord.ts</span> <span class="kd">function</span> <span class="nf">buildShipmentPayload</span><span class="p">(</span><span class="nx">order</span><span class="p">:</span> <span class="nx">Order</span><span class="p">):</span> <span class="nx">PostNordShipmentRequest</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">shipmentServiceCode</span><span class="p">:</span> <span class="nf">getServiceCode</span><span class="p">(</span><span class="nx">order</span><span class="p">.</span><span class="nx">shippingAddress</span><span class="p">.</span><span class="nx">country</span><span class="p">),</span> <span class="na">shipmentDate</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">().</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2">T</span><span class="dl">"</span><span class="p">)[</span><span class="mi">0</span><span class="p">],</span> <span class="c1">// YYYY-MM-DD</span> <span class="na">sender</span><span class="p">:</span> <span class="p">{</span> <span class="na">quickId</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">POSTNORD_SENDER_QUICK_ID</span><span class="o">!</span><span class="p">,</span> <span class="c1">// Your registered sender ID</span> <span class="na">name</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">POSTNORD_SENDER_NAME</span><span class="o">!</span><span class="p">,</span> <span class="na">address</span><span class="p">:</span> <span class="p">{</span> <span class="na">street1</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">POSTNORD_SENDER_STREET</span><span class="o">!</span><span class="p">,</span> <span class="na">city</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">POSTNORD_SENDER_CITY</span><span class="o">!</span><span class="p">,</span> <span class="na">stateOrProvinceCode</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">POSTNORD_SENDER_STATE</span><span class="o">!</span><span class="p">,</span> <span class="na">postalCode</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">POSTNORD_SENDER_POSTAL</span><span class="o">!</span><span class="p">,</span> <span class="na">countryCode</span><span class="p">:</span> <span class="dl">"</span><span class="s2">FI</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="na">receiver</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">customerName</span><span class="p">,</span> <span class="na">address</span><span class="p">:</span> <span class="p">{</span> <span class="na">street1</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">shippingAddress</span><span class="p">.</span><span class="nx">line1</span><span class="p">,</span> <span class="na">street2</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">shippingAddress</span><span class="p">.</span><span class="nx">line2</span> <span class="o">||</span> <span class="kc">undefined</span><span class="p">,</span> <span class="na">city</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">shippingAddress</span><span class="p">.</span><span class="nx">city</span><span class="p">,</span> <span class="na">postalCode</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">shippingAddress</span><span class="p">.</span><span class="nx">postalCode</span><span class="p">,</span> <span class="na">countryCode</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">shippingAddress</span><span class="p">.</span><span class="nx">country</span><span class="p">,</span> <span class="p">},</span> <span class="na">contact</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">customerEmail</span><span class="p">,</span> <span class="c1">// Mobile required for MyPack Home — PostNord sends delivery notifications</span> <span class="na">mobile</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">customerPhone</span> <span class="o">||</span> <span class="kc">undefined</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="na">parcels</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">weight</span><span class="p">:</span> <span class="nf">calculateTotalWeight</span><span class="p">(</span><span class="nx">order</span><span class="p">.</span><span class="nx">lineItems</span><span class="p">),</span> <span class="na">comment</span><span class="p">:</span> <span class="s2">`Order </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="c1">// Appears on the label</span> <span class="p">},</span> <span class="p">],</span> <span class="na">orderReference</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="c1">// Your internal reference — returned in webhook callbacks</span> <span class="na">printMedia</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">printMediaType</span><span class="p">:</span> <span class="dl">"</span><span class="s2">PDF</span><span class="dl">"</span><span class="p">,</span> <span class="na">mediaSize</span><span class="p">:</span> <span class="dl">"</span><span class="s2">A4</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">],</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">// Service code selection by destination country</span> <span class="kd">function</span> <span class="nf">getServiceCode</span><span class="p">(</span><span class="nx">countryCode</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="c1">// Finland domestic</span> <span class="k">if </span><span class="p">(</span><span class="nx">countryCode</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">FI</span><span class="dl">"</span><span class="p">)</span> <span class="k">return</span> <span class="dl">"</span><span class="s2">19</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// MyPack Home</span> <span class="c1">// Nordic countries</span> <span class="k">if </span><span class="p">([</span><span class="dl">"</span><span class="s2">SE</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">NO</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">DK</span><span class="dl">"</span><span class="p">].</span><span class="nf">includes</span><span class="p">(</span><span class="nx">countryCode</span><span class="p">))</span> <span class="k">return</span> <span class="dl">"</span><span class="s2">PD2</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Parcel Connect</span> <span class="c1">// EU</span> <span class="k">return</span> <span class="dl">"</span><span class="s2">PD2</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Parcel Connect covers most EU destinations</span> <span class="c1">// If you ship to specific countries that need different services,</span> <span class="c1">// add them here — this is where 200+empty often originates</span> <span class="p">}</span> </code></pre> </div> <p>The service code issue: PostNord has different service codes for different shipping products, and not every product ships to every country. <code>MyPack Home</code> (code <code>19</code>) is Finland domestic only. Using it for a German delivery returns <code>200 + empty array</code>. Map your destination countries to the correct service codes explicitly, and add the destination country to your error message so debugging is fast.</p> <h2> Storing the Label PDF </h2> <p>The label PDF needs to be stored somewhere accessible:</p> <ul> <li>The operations team needs to print it</li> <li>It should be attached to the Zoho Desk ticket (more on that below)</li> <li>It should survive if the VPS restarts</li> </ul> <p>I upload to Vercel Blob with the tracking number as the filename:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/shipping/store-label.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">put</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@vercel/blob</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">storeShippingLabel</span><span class="p">(</span> <span class="nx">labelPdf</span><span class="p">:</span> <span class="nx">Buffer</span><span class="p">,</span> <span class="nx">trackingNumber</span><span class="p">:</span> <span class="kr">string</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">blob</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">put</span><span class="p">(</span><span class="s2">`shipping-labels/</span><span class="p">${</span><span class="nx">trackingNumber</span><span class="p">}</span><span class="s2">.pdf`</span><span class="p">,</span> <span class="nx">labelPdf</span><span class="p">,</span> <span class="p">{</span> <span class="na">access</span><span class="p">:</span> <span class="dl">"</span><span class="s2">public</span><span class="dl">"</span><span class="p">,</span> <span class="na">contentType</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/pdf</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">blob</span><span class="p">.</span><span class="nx">url</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The URL is what I pass downstream — to Zoho CRM (stored on the Deal), to Zoho Desk (attached to the ticket), and to the customer email.</p> <h2> Zoho CRM: The EU Data Center Trap </h2> <p>Before the Zoho Desk integration, a quick note about Zoho CRM that trips up many EU developers: <strong>Zoho has separate data centers for EU and non-EU customers</strong>. If your Zoho account is in the EU data center (which it should be if you're an EU business), your API base URL is <code>zohoapis.eu</code>, not <code>zohoapis.com</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// WRONG — will produce auth errors that look like token problems</span> <span class="kd">const</span> <span class="nx">BASE_URL</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">https://www.zohoapis.com/crm/v3</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// CORRECT for EU data center accounts</span> <span class="kd">const</span> <span class="nx">BASE_URL</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">https://www.zohoapis.eu/crm/v3</span><span class="dl">"</span><span class="p">;</span> </code></pre> </div> <p>The error message you get with the wrong data center is something like <code>INVALID_TOKEN</code> — which leads you to debug your OAuth flow for an hour before you realize it's a URL issue.</p> <h2> Zoho Desk: Auto-Creating Logistics Tickets </h2> <p>After a PostNord shipment is created, I automatically create a Zoho Desk ticket with:</p> <ul> <li>The customer details</li> <li>The order number</li> <li>The tracking number</li> <li>The shipping label PDF attached (as a URL or file)</li> </ul> <p>This gives the operations team a single view: all logistics issues appear as Desk tickets, linked to the CRM deal, with the label ready to print.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/crm/zoho-desk.ts</span> <span class="kr">interface</span> <span class="nx">ZohoDeskTicketResult</span> <span class="p">{</span> <span class="nl">ticketId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">ticketNumber</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">createShipmentTicket</span><span class="p">(</span> <span class="nx">order</span><span class="p">:</span> <span class="nx">Order</span><span class="p">,</span> <span class="nx">trackingNumber</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">labelUrl</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">dealId</span><span class="p">:</span> <span class="kr">string</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">ZohoDeskTicketResult</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getZohoAccessToken</span><span class="p">();</span> <span class="c1">// Shared OAuth token cache with CRM</span> <span class="c1">// Create the ticket</span> <span class="kd">const</span> <span class="nx">ticketResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://desk.zoho.eu/api/v1/tickets</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Zoho-oauthtoken </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="na">orgId</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ZOHO_DESK_ORG_ID</span><span class="o">!</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">subject</span><span class="p">:</span> <span class="s2">`Shipment — Order </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2"> — </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">customerName</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="nf">buildTicketDescription</span><span class="p">(</span><span class="nx">order</span><span class="p">,</span> <span class="nx">trackingNumber</span><span class="p">,</span> <span class="nx">labelUrl</span><span class="p">),</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Open</span><span class="dl">"</span><span class="p">,</span> <span class="na">priority</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Medium</span><span class="dl">"</span><span class="p">,</span> <span class="na">channel</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Automated</span><span class="dl">"</span><span class="p">,</span> <span class="na">contactId</span><span class="p">:</span> <span class="k">await</span> <span class="nf">findOrCreateDeskContact</span><span class="p">(</span><span class="nx">order</span><span class="p">,</span> <span class="nx">token</span><span class="p">),</span> <span class="c1">// CRM Deal ID — links ticket to the deal in CRM</span> <span class="na">cf</span><span class="p">:</span> <span class="p">{</span> <span class="na">cf_crm_deal_id</span><span class="p">:</span> <span class="nx">dealId</span><span class="p">,</span> <span class="na">cf_tracking_number</span><span class="p">:</span> <span class="nx">trackingNumber</span><span class="p">,</span> <span class="na">cf_label_url</span><span class="p">:</span> <span class="nx">labelUrl</span><span class="p">,</span> <span class="p">},</span> <span class="na">departmentId</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ZOHO_DESK_LOGISTICS_DEPT_ID</span><span class="o">!</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">ticketResponse</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">error</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ticketResponse</span><span class="p">.</span><span class="nf">text</span><span class="p">();</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Zoho Desk ticket creation failed: </span><span class="p">${</span><span class="nx">error</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">ticket</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ticketResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">return</span> <span class="p">{</span> <span class="na">ticketId</span><span class="p">:</span> <span class="nx">ticket</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">ticketNumber</span><span class="p">:</span> <span class="nx">ticket</span><span class="p">.</span><span class="nx">ticketNumber</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">buildTicketDescription</span><span class="p">(</span><span class="nx">order</span><span class="p">:</span> <span class="nx">Order</span><span class="p">,</span> <span class="nx">trackingNumber</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">labelUrl</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="kr">string</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">` &lt;b&gt;Order:&lt;/b&gt; </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">&lt;br&gt; &lt;b&gt;Customer:&lt;/b&gt; </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">customerName</span><span class="p">}</span><span class="s2">&lt;br&gt; &lt;b&gt;Email:&lt;/b&gt; </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">customerEmail</span><span class="p">}</span><span class="s2">&lt;br&gt; &lt;b&gt;Shipping address:&lt;/b&gt; </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">shippingAddress</span><span class="p">.</span><span class="nx">line1</span><span class="p">}</span><span class="s2">, </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">shippingAddress</span><span class="p">.</span><span class="nx">city</span><span class="p">}</span><span class="s2">, </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">shippingAddress</span><span class="p">.</span><span class="nx">country</span><span class="p">}</span><span class="s2">&lt;br&gt; &lt;br&gt; &lt;b&gt;Tracking number:&lt;/b&gt; </span><span class="p">${</span><span class="nx">trackingNumber</span><span class="p">}</span><span class="s2">&lt;br&gt; &lt;b&gt;PostNord tracking:&lt;/b&gt; &lt;a href="https://tracking.postnord.com/en/?id=</span><span class="p">${</span><span class="nx">trackingNumber</span><span class="p">}</span><span class="s2">"&gt;Track parcel&lt;/a&gt;&lt;br&gt; &lt;b&gt;Shipping label:&lt;/b&gt; &lt;a href="</span><span class="p">${</span><span class="nx">labelUrl</span><span class="p">}</span><span class="s2">"&gt;Download PDF&lt;/a&gt;&lt;br&gt; &lt;br&gt; &lt;b&gt;Items:&lt;/b&gt;&lt;br&gt; </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">lineItems</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">i</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="s2">`• </span><span class="p">${</span><span class="nx">i</span><span class="p">.</span><span class="nx">name</span><span class="p">}</span><span class="s2"> × </span><span class="p">${</span><span class="nx">i</span><span class="p">.</span><span class="nx">quantity</span><span class="p">}</span><span class="s2">`</span><span class="p">).</span><span class="nf">join</span><span class="p">(</span><span class="dl">"</span><span class="s2">&lt;br&gt;</span><span class="dl">"</span><span class="p">)}</span><span class="s2"> `</span><span class="p">.</span><span class="nf">trim</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <h2> Zoho Desk Contact Lookup </h2> <p>Desk contacts are separate from CRM contacts. When creating a ticket, you need a Desk contact ID — not a CRM contact ID. This is a common source of confusion.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/crm/zoho-desk.ts</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">findOrCreateDeskContact</span><span class="p">(</span><span class="nx">order</span><span class="p">:</span> <span class="nx">Order</span><span class="p">,</span> <span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Search for existing Desk contact by email</span> <span class="kd">const</span> <span class="nx">searchResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="s2">`https://desk.zoho.eu/api/v1/contacts/search?email=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="nx">order</span><span class="p">.</span><span class="nx">customerEmail</span><span class="p">)}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Zoho-oauthtoken </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">orgId</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ZOHO_DESK_ORG_ID</span><span class="o">!</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">searchData</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">searchResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">existingContact</span> <span class="o">=</span> <span class="nx">searchData</span><span class="p">.</span><span class="nx">data</span><span class="p">?.[</span><span class="mi">0</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="nx">existingContact</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">existingContact</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Create new Desk contact</span> <span class="kd">const</span> <span class="nx">createResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://desk.zoho.eu/api/v1/contacts</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Zoho-oauthtoken </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="na">orgId</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ZOHO_DESK_ORG_ID</span><span class="o">!</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">lastName</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">customerName</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2"> </span><span class="dl">"</span><span class="p">).</span><span class="nf">slice</span><span class="p">(</span><span class="o">-</span><span class="mi">1</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="o">||</span> <span class="nx">order</span><span class="p">.</span><span class="nx">customerName</span><span class="p">,</span> <span class="na">firstName</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">customerName</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2"> </span><span class="dl">"</span><span class="p">).</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="o">-</span><span class="mi">1</span><span class="p">).</span><span class="nf">join</span><span class="p">(</span><span class="dl">"</span><span class="s2"> </span><span class="dl">"</span><span class="p">)</span> <span class="o">||</span> <span class="dl">""</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">customerEmail</span><span class="p">,</span> <span class="na">phone</span><span class="p">:</span> <span class="nx">order</span><span class="p">.</span><span class="nx">customerPhone</span> <span class="o">||</span> <span class="kc">undefined</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">createResponse</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Failed to create Desk contact: </span><span class="p">${</span><span class="k">await</span> <span class="nx">createResponse</span><span class="p">.</span><span class="nf">text</span><span class="p">()}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">newContact</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">createResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">return</span> <span class="nx">newContact</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> OAuth Token Management </h2> <p>Both Zoho CRM and Zoho Desk use the same OAuth token (if you requested both scopes during initial authorization). Tokens expire after one hour — the most common production failure mode is calling Zoho with an expired token and getting an <code>INVALID_TOKEN</code> error.</p> <p>The fix: cache the token with an expiry, refresh before expiry:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/crm/zoho-auth.ts</span> <span class="kr">interface</span> <span class="nx">CachedToken</span> <span class="p">{</span> <span class="nl">accessToken</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">expiresAt</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="c1">// Unix timestamp in ms</span> <span class="p">}</span> <span class="kd">let</span> <span class="nx">tokenCache</span><span class="p">:</span> <span class="nx">CachedToken</span> <span class="o">|</span> <span class="kc">null</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getZohoAccessToken</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Refresh if within 5 minutes of expiry</span> <span class="k">if </span><span class="p">(</span><span class="nx">tokenCache</span> <span class="o">&amp;&amp;</span> <span class="nx">tokenCache</span><span class="p">.</span><span class="nx">expiresAt</span> <span class="o">-</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">&gt;</span> <span class="mi">5</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">tokenCache</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://accounts.zoho.eu/oauth/v2/token</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/x-www-form-urlencoded</span><span class="dl">"</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">({</span> <span class="na">refresh_token</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ZOHO_REFRESH_TOKEN</span><span class="o">!</span><span class="p">,</span> <span class="na">client_id</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ZOHO_CLIENT_ID</span><span class="o">!</span><span class="p">,</span> <span class="na">client_secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ZOHO_CLIENT_SECRET</span><span class="o">!</span><span class="p">,</span> <span class="na">grant_type</span><span class="p">:</span> <span class="dl">"</span><span class="s2">refresh_token</span><span class="dl">"</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Zoho token refresh failed: </span><span class="p">${</span><span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">text</span><span class="p">()}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// Token is valid for 3600 seconds (1 hour)</span> <span class="nx">tokenCache</span> <span class="o">=</span> <span class="p">{</span> <span class="na">accessToken</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span><span class="p">,</span> <span class="na">expiresAt</span><span class="p">:</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">+</span> <span class="nx">data</span><span class="p">.</span><span class="nx">expires_in</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">,</span> <span class="p">};</span> <span class="k">return</span> <span class="nx">tokenCache</span><span class="p">.</span><span class="nx">accessToken</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Note: <code>accounts.zoho.eu</code> for EU data center accounts, not <code>accounts.zoho.com</code>. Same trap as the API URL.</p> <p>Zoho's token refresh endpoint is rate-limited at approximately 100 requests per minute. During a flash sale with high order volume, if every order job independently refreshes the token, you'll hit this limit. The module-level <code>tokenCache</code> solves this for a single process. If you run multiple worker processes, you'd want to store the token in Redis instead.</p> <h2> Full Pipeline in the Worker </h2> <p>Putting it together — the complete order fulfillment step in the BullMQ worker:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// workers/fulfillment.worker.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Worker</span><span class="p">,</span> <span class="nx">Job</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">bullmq</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">redis</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/lib/redis</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">fetchOrderFromStripe</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/lib/payments/stripe</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createPostNordShipment</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/lib/shipping/postnord</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">storeShippingLabel</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/lib/shipping/store-label</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createZohoDeal</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/lib/crm/zoho-crm</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createShipmentTicket</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/lib/crm/zoho-desk</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">sendOrderConfirmationWithInvoice</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/lib/email/send-order-confirmation</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">notifyTelegram</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/lib/monitoring/telegram</span><span class="dl">"</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">FulfillmentJobData</span> <span class="p">{</span> <span class="nl">paymentIntentId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">eventId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">worker</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Worker</span><span class="o">&lt;</span><span class="nx">FulfillmentJobData</span><span class="o">&gt;</span><span class="p">(</span> <span class="dl">"</span><span class="s2">fulfillment</span><span class="dl">"</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">job</span><span class="p">:</span> <span class="nx">Job</span><span class="o">&lt;</span><span class="nx">FulfillmentJobData</span><span class="o">&gt;</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetchOrderFromStripe</span><span class="p">(</span><span class="nx">job</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">paymentIntentId</span><span class="p">);</span> <span class="c1">// 1. CRM — non-blocking, runs first so deal ID is available</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">dealId</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">createZohoDeal</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="c1">// 2. Shipping label — the critical step</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">trackingNumber</span><span class="p">,</span> <span class="nx">labelPdf</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">createPostNordShipment</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">labelUrl</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">storeShippingLabel</span><span class="p">(</span><span class="nx">labelPdf</span><span class="p">,</span> <span class="nx">trackingNumber</span><span class="p">);</span> <span class="c1">// 3. Desk ticket — logistics team visibility</span> <span class="k">await</span> <span class="nf">createShipmentTicket</span><span class="p">(</span><span class="nx">order</span><span class="p">,</span> <span class="nx">trackingNumber</span><span class="p">,</span> <span class="nx">labelUrl</span><span class="p">,</span> <span class="nx">dealId</span><span class="p">);</span> <span class="c1">// 4. Customer email with invoice and tracking</span> <span class="k">await</span> <span class="nf">sendOrderConfirmationWithInvoice</span><span class="p">({</span> <span class="p">...</span><span class="nf">mapOrderToEmailData</span><span class="p">(</span><span class="nx">order</span><span class="p">),</span> <span class="na">trackingUrl</span><span class="p">:</span> <span class="s2">`https://tracking.postnord.com/en/?id=</span><span class="p">${</span><span class="nx">trackingNumber</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">dealId</span><span class="p">,</span> <span class="nx">trackingNumber</span><span class="p">,</span> <span class="nx">labelUrl</span> <span class="p">};</span> <span class="p">},</span> <span class="p">{</span> <span class="na">connection</span><span class="p">:</span> <span class="nx">redis</span><span class="p">,</span> <span class="na">concurrency</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span> <span class="p">}</span> <span class="p">);</span> <span class="nx">worker</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">failed</span><span class="dl">"</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">job</span><span class="p">,</span> <span class="nx">err</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">job</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">isLastAttempt</span> <span class="o">=</span> <span class="nx">job</span><span class="p">.</span><span class="nx">attemptsMade</span> <span class="o">&gt;=</span> <span class="p">(</span><span class="nx">job</span><span class="p">.</span><span class="nx">opts</span><span class="p">.</span><span class="nx">attempts</span> <span class="o">??</span> <span class="mi">1</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">isLastAttempt</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">notifyTelegram</span><span class="p">(</span> <span class="s2">`Fulfillment pipeline failed permanently\n`</span> <span class="o">+</span> <span class="s2">`PaymentIntent: </span><span class="p">${</span><span class="nx">job</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">paymentIntentId</span><span class="p">}</span><span class="s2">\n`</span> <span class="o">+</span> <span class="s2">`Error: </span><span class="p">${</span><span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">}</span><span class="s2">\n`</span> <span class="o">+</span> <span class="s2">`Attempts: </span><span class="p">${</span><span class="nx">job</span><span class="p">.</span><span class="nx">attemptsMade</span><span class="p">}</span><span class="s2">`</span> <span class="p">);</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <h2> Production Gotchas Summary </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Problem</th> <th>Symptom</th> <th>Fix</th> </tr> </thead> <tbody> <tr> <td>PostNord 200 + empty array</td> <td>Silently missing tracking numbers</td> <td>Always check <code>CompositeShipmentData.length &gt; 0</code> </td> </tr> <tr> <td>Wrong Zoho data center URL</td> <td> <code>INVALID_TOKEN</code> error on valid tokens</td> <td>Use <code>zohoapis.eu</code> and <code>accounts.zoho.eu</code> for EU accounts</td> </tr> <tr> <td>Token refresh on every request</td> <td>Rate limit errors during flash sales</td> <td>Cache token in module scope or Redis, refresh proactively</td> </tr> <tr> <td>Desk vs CRM contact IDs</td> <td>Ticket creation fails with <code>INVALID_CONTACT</code> </td> <td>Desk has separate contact storage — search/create in Desk specifically</td> </tr> <tr> <td>No phone in PostNord payload</td> <td>MyPack Home delivery notifications don't send</td> <td>Include <code>receiver.contact.mobile</code> when available</td> </tr> <tr> <td>Service code for wrong country</td> <td>PostNord 200 + empty array</td> <td>Map destination countries to correct service codes explicitly</td> </tr> </tbody> </table></div> <p>If you're building post-purchase automation for an EU e-commerce platform — shipping labels, CRM updates, logistics tickets — and you're hitting these exact issues, I've been through them in production at <a href="https://iurii.rogulia.fi/projects/pikkuna-ecommerce-platform" rel="noopener noreferrer">Pikkuna</a>. <a href="https://iurii.rogulia.fi/contact" rel="noopener noreferrer">Get in touch</a> for <a href="https://iurii.rogulia.fi/services/automation-workflows" rel="noopener noreferrer">automation workflows</a> and <a href="https://iurii.rogulia.fi/services/api-integrations" rel="noopener noreferrer">API integration</a> projects.</p> <p>I'm available for freelance projects and long-term engagements.</p> <p><strong>Related posts:</strong> <a href="https://iurii.rogulia.fi/blog/ecommerce-order-automation" rel="noopener noreferrer">How I Fully Automated E-commerce Order Processing</a> — the full pipeline overview. <a href="https://iurii.rogulia.fi/blog/stripe-webhooks-production" rel="noopener noreferrer">Stripe Webhooks Done Right</a> — the webhook architecture that drives this pipeline.</p> <p><strong>Related project:</strong> <a href="https://iurii.rogulia.fi/projects/pikkuna-ecommerce-platform" rel="noopener noreferrer">Pikkuna E-commerce Platform</a> — the system this pipeline runs in production.</p> typescript node bullmq stripe Contract Fraud: How Altered PDFs Bypass Legal Review Iurii Rogulia Thu, 11 Jun 2026 10:00:34 +0000 https://dev.to/iurii_rogulia/contract-fraud-how-altered-pdfs-bypass-legal-review-364c https://dev.to/iurii_rogulia/contract-fraud-how-altered-pdfs-bypass-legal-review-364c <blockquote> <p>Originally published at <a href="https://htpbe.tech/blog/contract-fraud-how-altered-pdfs-bypass-legal-review" rel="noopener noreferrer">htpbe.tech</a>. The version on htpbe.tech stays in sync with the latest detection algorithm — refer to it for the canonical text.</p> </blockquote> <p>A service agreement arrives by email. Legal reviews it, confirms the terms match the negotiated deal, and routes it for signature. Two weeks later, a dispute reveals that the payment terms in the executed copy differ from the version legal reviewed. The net-30 clause now reads net-60. The liability cap changed from $500,000 to $50,000. The bank account number in the payment instructions section points to a different institution.</p> <p>The contract was modified between review and execution — or between execution and filing. Nobody noticed because nobody checked the file itself. They checked the words on the page. This is how contract fraud through PDF alteration works: the document looks correct while the file contains a different record.</p> <h2> Why Contracts Are a Prime Target </h2> <p>Contracts are high-value documents processed under time pressure by people who read text, not file structure. This combination makes them one of the most effective targets for PDF-level fraud.</p> <p>The economics are straightforward. A single altered payment term on a $2 million service agreement can redirect hundreds of thousands of dollars. A changed liability clause can shift millions in exposure during a dispute. Unlike invoice fraud — where amounts are typically in the tens of thousands — contract fraud operates at the scale of the underlying deal.</p> <p>The detection gap is equally straightforward. Legal teams review contracts by reading them. They compare the current version against the last redline they remember, or against a summary of negotiated terms. What they do not do is inspect the PDF’s binary structure to determine whether the file was modified after the version they approved.</p> <p>According to the <a href="https://www.acfe.com/" rel="noopener noreferrer">Association of Certified Fraud Examiners’ 2024 Report to the Nations</a>, document alteration and forgery account for a significant share of occupational fraud cases, with a median loss of $150,000 per incident. Contract manipulation specifically — altering terms after agreement — falls into the highest-loss category because the altered document becomes the binding instrument. For a broader view of <a href="https://htpbe.tech/why" rel="noopener noreferrer">why PDF authenticity matters</a> across business operations, the problem extends well beyond legal.</p> <p>Three characteristics make contracts uniquely vulnerable:</p> <ul> <li> <strong>Time pressure.</strong> Deal closings have deadlines. Legal teams approve final versions under schedule pressure, reducing the likelihood of catching subtle changes between versions.</li> <li> <strong>Version proliferation.</strong> A typical contract goes through 5–15 drafts. By the final version, reviewers are fatigued and rely on tracked changes — which only reflect changes the editing party chose to track.</li> <li> <strong>Trust in the signature.</strong> Once a contract is signed, the assumption is that the signed version matches the agreed terms. Re-reading a signed contract line by line is rare. Re-checking its file integrity is rarer still.</li> </ul> <h2> Three Contract Fraud Scenarios </h2> <h3> Changed payment terms after signing </h3> <p>A vendor and a buyer execute a service agreement with net-30 payment terms. The vendor’s accounts receivable team files the signed PDF. Six months later, in a payment dispute, the vendor produces a copy of the “executed agreement” showing net-60 terms — giving them grounds to claim the buyer is in breach for late payment.</p> <p>The alteration: after the contract was signed and distributed, someone on the vendor side opened the PDF in an editing tool, changed “30” to “60” in the payment terms clause, and re-saved. The visual output is identical to the original in every other respect. If the buyer did not retain their own copy — or if their copy was also sourced from the vendor — the altered version becomes the only version of record.</p> <h3> Altered liability clauses </h3> <p>During M&amp;A due diligence, a target company provides executed contracts with key customers. One contract contains a limitation of liability clause capping exposure at $5 million. The acquirer relies on this cap in their valuation model. Post-acquisition, a dispute arises, and the customer produces the “original” contract showing a $50 million cap — or no cap at all.</p> <p>The alteration required changing a single number in one clause. The rest of the 40-page agreement is untouched. No one re-reads a 40-page contract in due diligence to check that every figure matches what was represented. The file structure, however, recorded the modification.</p> <h3> Modified bank details in service agreements </h3> <p>This pattern mirrors <a href="https://htpbe.tech/blog/invoice-fraud-how-criminals-modify-pdfs" rel="noopener noreferrer">invoice fraud</a> but at contract scale. An attacker intercepts a signed service agreement in transit — via compromised email or a man-in-the-middle attack on a document sharing platform — and changes the bank account number in the payment instructions section. The counterparty receives what appears to be the executed agreement and begins making payments to the altered account.</p> <p>Because service agreements often govern payment relationships lasting months or years, the fraud may not surface until a significant sum has been redirected. The mechanics of this attack are identical to <a href="https://htpbe.tech/blog/how-to-spot-fake-invoices-complete-guide" rel="noopener noreferrer">how criminals modify invoice PDFs</a> — but the dollar amounts are orders of magnitude larger.</p> <h2> How PDF Alteration Works: What Editing Leaves Behind </h2> <p>Every scenario above involves the same technical action: opening an existing PDF, changing content, and saving. The PDF specification makes this action structurally detectable regardless of how the visual output looks.</p> <h3> Cross-reference tables and incremental updates </h3> <p>When a PDF is created, the generating software writes a cross-reference (xref) table that maps every object in the file to its byte offset. When the file is subsequently edited and saved, the editing software appends a new xref section to the end of the file rather than rewriting the original. This is the PDF incremental update mechanism — designed for efficiency, but forensically significant.</p> <p>A contract generated once by a document management system has one xref section. The same contract opened in an editor and re-saved has at least two. The original content remains in the file; the appended section contains the modified objects and a new xref pointing to them.</p> <p>For a detailed breakdown of this structure, see <a href="https://htpbe.tech/blog/anatomy-of-modified-pdf-algorithm-detects" rel="noopener noreferrer">The Anatomy of a Modified PDF</a>.</p> <h3> Metadata divergence </h3> <p>The PDF Info dictionary stores a <code>Creator</code> field (the application that originally produced the document) and a <code>Producer</code> field (the software that last processed it). A contract generated by DocuSign’s signing platform shows a <code>Creator</code> and <code>Producer</code> consistent with DocuSign’s internal PDF generation library. If someone opens that file in iLovePDF or Smallpdf and re-saves it, the <code>Producer</code> field changes to reflect the editing tool.</p> <p>The <code>CreationDate</code> and <code>ModDate</code> fields show a similar divergence. A contract signed on March 1 with a modification date of March 15 was edited two weeks after signing. The 15-second tolerance built into forensic analysis accounts for normal software behavior during generation — a two-week gap does not fall within that tolerance. For a full breakdown of these fields and what they reveal, see the <a href="https://htpbe.tech/blog/pdf-metadata-fields-complete-reference" rel="noopener noreferrer">PDF metadata field reference</a>.</p> <h3> Post-signature modifications </h3> <p>This is the highest-confidence signal in contract forensics. When a PDF is digitally signed, the signature cryptographically binds to a specific byte range of the file. Content appended after the signature — via incremental update — exists outside the signed byte range. The file now contains both signed and unsigned content.</p> <p>HTPBE detects this pattern with <code>certain</code> confidence. A contract that was signed and then modified is reported with the <code>MODIFICATIONS_AFTER_SIGNATURE</code> marker. This is not a probabilistic assessment — it is a binary structural fact. The signed byte range does not extend to the end of the file.</p> <h2> The Two Highest-Confidence Signals </h2> <p>Not all modification markers carry equal weight. For contract fraud detection, two markers produce <code>certain</code> confidence — the highest level in HTPBE’s <a href="https://htpbe.tech/how" rel="noopener noreferrer">35-check forensic analysis</a>:</p> <h3> Modifications after digital signature </h3> <p><strong>Marker:</strong> <code>MODIFICATIONS_AFTER_SIGNATURE</code><br> <strong>Confidence:</strong> <code>certain</code></p> <p>The digital signature in a PDF covers a defined byte range. When content is appended after the signature, the new xref section and its objects sit outside that range. The signature itself remains cryptographically valid for the bytes it covers, but the document now contains unsigned content that was added after the signing event.</p> <p>This is the single most reliable signal in contract fraud detection. It is impossible to produce this pattern through normal document generation. It requires an explicit post-signature edit.</p> <h3> Signature removal </h3> <p><strong>Marker:</strong> <code>SIGNATURE_REMOVED</code><br> <strong>Confidence:</strong> <code>certain</code></p> <p>A more aggressive approach: the attacker removes the digital signature entirely before making changes, so the modified document does not show a broken or invalidated signature. The absence of a signature that was previously present is itself detectable — the file structure retains traces of the signature dictionary and its associated objects even after removal.</p> <p>Both signals are structural facts, not heuristic assessments. When either appears in a contract detection result, the appropriate response is immediate escalation — not additional review.</p> <p>For a deeper understanding of how digital signatures and metadata analysis complement each other, see <a href="https://htpbe.tech/blog/digital-signatures-vs-metadata-pdf-authenticity" rel="noopener noreferrer">Digital Signatures vs. Metadata: What Proves PDF Authenticity</a>.</p> <h2> API Integration in Legal Workflows </h2> <p>The practical integration point for contract fraud detection is between document receipt and human review — or between signing and filing. The pattern works with any contract management platform that supports webhooks or post-processing hooks.</p> <h3> DocuSign / contract management webhook pattern </h3> <p>When a signed contract is returned from an e-signature platform, the webhook payload includes a URL to the executed PDF. Before filing the document in your contract management system, send it through HTPBE:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="k">def</span> <span class="nf">verify_signed_contract</span><span class="p">(</span><span class="n">document_url</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">contract_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">dict</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Verify a signed contract PDF before filing. Called from a DocuSign/PandaDoc/Ironclad webhook handler. </span><span class="sh">"""</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://api.htpbe.tech/v1/analyze</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Bearer YOUR_API_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="n">document_url</span><span class="p">},</span> <span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">if</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">modified</span><span class="sh">"</span><span class="p">:</span> <span class="n">markers</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">modification_markers</span><span class="sh">"</span><span class="p">,</span> <span class="p">[])</span> <span class="n">certain_signals</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">"</span><span class="s">MODIFICATIONS_AFTER_SIGNATURE</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">SIGNATURE_REMOVED</span><span class="sh">"</span><span class="p">,</span> <span class="p">]</span> <span class="n">is_critical</span> <span class="o">=</span> <span class="nf">any</span><span class="p">(</span><span class="n">m</span> <span class="ow">in</span> <span class="n">certain_signals</span> <span class="k">for</span> <span class="n">m</span> <span class="ow">in</span> <span class="n">markers</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">contract_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">contract_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">escalate</span><span class="sh">"</span> <span class="k">if</span> <span class="n">is_critical</span> <span class="k">else</span> <span class="sh">"</span><span class="s">flag_for_review</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">check_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">markers</span><span class="sh">"</span><span class="p">:</span> <span class="n">markers</span><span class="p">,</span> <span class="sh">"</span><span class="s">confidence</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">modification_confidence</span><span class="sh">"</span><span class="p">),</span> <span class="p">}</span> <span class="k">if</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">inconclusive</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">contract_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">contract_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">flag_for_review</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">check_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">note</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Consumer software origin: </span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">producer</span><span class="sh">'</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="c1"># intact — file for the record </span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">contract_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">contract_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">file</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">check_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">],</span> <span class="p">}</span> </code></pre> </div> <p>The <code>check_id</code> is stored alongside the contract record. If a dispute arises months later, the forensic report is retrievable via <code>GET /api/v1/result/{check_id}</code> — providing a timestamped integrity record that was created at the moment of filing.</p> <h3> Decision matrix for legal ops </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Verdict</th> <th>Confidence</th> <th>Action</th> </tr> </thead> <tbody> <tr> <td><code>intact</code></td> <td>—</td> <td>File as executed. No further action.</td> </tr> <tr> <td><code>modified</code></td> <td><code>certain</code></td> <td>Halt execution. Escalate to legal and counterparty immediately.</td> </tr> <tr> <td><code>modified</code></td> <td><code>high</code></td> <td>Route to legal review queue. Compare against last approved draft.</td> </tr> <tr> <td><code>inconclusive</code></td> <td>—</td> <td>Flag for manual review. Consumer software origin on a contract is unusual.</td> </tr> </tbody> </table></div> <p>The <code>inconclusive</code> verdict deserves specific attention in the legal context. Contracts are institutional documents — generated by contract management platforms, e-signature tools, or law firm document systems. A contract PDF whose <code>Producer</code> field shows a consumer PDF editor is not necessarily fraudulent, but it is anomalous. Legitimate contracts do not typically pass through Smallpdf or iLovePDF during their lifecycle.</p> <h2> What This Approach Does Not Catch </h2> <p>Binary forensic analysis is not a complete contract fraud prevention system. The following are its boundaries:</p> <p><strong>Pre-signing alterations made in the same tool.</strong> If an attacker modifies contract terms in Microsoft Word before converting to PDF, the resulting PDF is a clean single-revision file. There are no incremental updates, no metadata divergence, no post-signature modifications. The file is structurally indistinguishable from a legitimate contract. This is why version control and redline comparison remain necessary for pre-execution review.</p> <p><strong>Contracts fabricated from scratch.</strong> If someone creates an entirely fake contract in the same software a legitimate party would use, with plausible metadata and consistent timestamps, structural analysis cannot distinguish it from a genuine document. Forensic analysis checks file integrity, not content truthfulness.</p> <p><strong>Password-protected PDFs.</strong> When a PDF is encrypted and the analysis tool cannot access its structure, the result is <code>inconclusive</code>. The file cannot be read, so its integrity cannot be assessed.</p> <p><strong>Edits made with forensically aware tools.</strong> An attacker who understands PDF structure could edit a document, reset metadata, and reconstruct the xref table to remove traces. This requires specialized knowledge beyond what standard PDF editors provide. It is theoretically possible but rare in practice.</p> <h2> Who Should Integrate Contract Fraud Detection </h2> <p><strong>Contract management platforms</strong> — Ironclad, Icertis, Agiloft, ContractPodAi — that store and manage executed contracts. Adding a fraud detection step at filing ensures that the stored version is structurally consistent with the version that was signed.</p> <p><strong>E-signature workflow providers</strong> that process signed documents on behalf of clients. Checking document integrity between the signing event and delivery to the requesting party closes a gap in the chain of custody. This is especially relevant because <a href="https://htpbe.tech/blog/pdf-forensics-without-original-file" rel="noopener noreferrer">forensic analysis works without the original file</a> — the received document carries its own modification history.</p> <p><strong>Legal ops teams</strong> running due diligence on contract portfolios — M&amp;A, audit, or compliance reviews where the integrity of hundreds or thousands of executed contracts needs fraud detection at scale.</p> <p><strong>In-house counsel</strong> receiving executed agreements from counterparties. A single API call before filing provides a permanent forensic record of the document’s state at the time of receipt.</p> <p>The <a href="https://htpbe.tech/api" rel="noopener noreferrer">API documentation</a> covers the full request/response specification. For a direct comparison of how HTPBE fits alongside KYC platforms and manual review for legal document workflows, see <a href="https://htpbe.tech/blog/htpbe-vs-idenfy-vs-manual-document-verification" rel="noopener noreferrer">HTPBE vs. iDenfy vs. Manual Review</a>. For a broader view of how PDF tamper detection fits into <a href="https://htpbe.tech/use-cases/contract-tamper-detection" rel="noopener noreferrer">legal workflows</a>, see the legal industry overview.</p> <p>Test API keys are available on all plans — including free — and return deterministic responses for integration testing without consuming quota.</p> pdf fintech fraud api PDF Tamper Detection API for Python: Complete Integration Guide Iurii Rogulia Wed, 10 Jun 2026 11:00:37 +0000 https://dev.to/iurii_rogulia/pdf-tamper-detection-api-for-python-complete-integration-guide-26f4 https://dev.to/iurii_rogulia/pdf-tamper-detection-api-for-python-complete-integration-guide-26f4 <blockquote> <p>Originally published at <a href="https://htpbe.tech/blog/pdf-verification-api-python-integration-guide" rel="noopener noreferrer">htpbe.tech</a>. The version on htpbe.tech stays in sync with the latest detection algorithm — refer to it for the canonical text.</p> </blockquote> <p>Every PDF your application accepts is a trust decision. An invoice triggers a payment. A bank statement determines a credit limit. A diploma qualifies a candidate. If the document was modified after creation, the decision it drives is based on false data — and your application made that decision automatically. For the business case, see <a href="https://htpbe.tech/why" rel="noopener noreferrer">why PDF tamper detection matters</a>.</p> <p>This guide walks through integrating the <a href="https://htpbe.tech/api" rel="noopener noreferrer">PDF tamper detection API</a> into a Python application: from the first <code>requests</code> call to a production-ready client class with retry logic, typed responses, Django/Flask webhook patterns, and batch processing over cloud storage. All code is complete and working. For Node.js, see the <a href="https://htpbe.tech/blog/pdf-verification-nodejs-integration-guide" rel="noopener noreferrer">Node.js integration guide</a>. For a language-agnostic overview of what the API detects, see <a href="https://htpbe.tech/blog/detect-pdf-tampering-programmatically" rel="noopener noreferrer">How to Detect PDF Tampering Programmatically</a>.</p> <h2> Prerequisites </h2> <ul> <li>Python 3.10+</li> <li> <code>requests</code> library (<code>pip install requests</code>)</li> <li>An HTPBE API key (<a href="https://htpbe.tech/api" rel="noopener noreferrer">sign up</a> → Dashboard → copy key)</li> </ul> <h2> Quick Start: Two API Calls </h2> <p>The HTPBE API uses a two-step flow. First, <code>POST /analyze</code> submits a publicly accessible PDF URL and returns a check ID. Then, <code>GET /result/{id}</code> retrieves the full verdict. Both steps use Bearer token authentication. (For a visual walkthrough of the <a href="https://htpbe.tech/how" rel="noopener noreferrer">35-check forensic analysis</a> that runs behind these endpoints, see the How It Works page.)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="n">API_KEY</span> <span class="o">=</span> <span class="sh">"</span><span class="s">YOUR_API_KEY</span><span class="sh">"</span> <span class="n">BASE_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://api.htpbe.tech/v1</span><span class="sh">"</span> <span class="n">HEADERS</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Bearer </span><span class="si">{</span><span class="n">API_KEY</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="c1"># Step 1: Submit the PDF URL for analysis </span><span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/analyze</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">HEADERS</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">https://api.htpbe.tech/v1/test/clean.pdf</span><span class="sh">"</span><span class="p">},</span> <span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="n">check_id</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># Step 2: Retrieve the full verdict </span><span class="n">result</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/result/</span><span class="si">{</span><span class="n">check_id</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">HEADERS</span><span class="p">,</span> <span class="p">).</span><span class="nf">json</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># "intact", "modified", or "inconclusive" </span><span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">modification_markers</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># e.g. ["INCREMENTAL_UPDATES", "PRODUCER_MISMATCH"] </span><span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">producer</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># e.g. "Adobe PDF Library 15.0" </span><span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">creator</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># e.g. "Microsoft Word" </span></code></pre> </div> <p>The URL <code>https://api.htpbe.tech/v1/test/clean.pdf</code> is a test mock — it returns a predictable <code>intact</code> response without consuming quota. We cover all test URLs in the testing section below.</p> <h2> Production Client Class </h2> <p>A production integration needs retry logic for transient failures, timeouts to prevent stalled connections, and typed responses so your IDE and type checker can assist you. Here is a complete client using <code>dataclasses</code> and <code>requests.Session</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">dataclasses</span> <span class="kn">import</span> <span class="n">dataclass</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Optional</span> <span class="kn">import</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">requests</span> <span class="nd">@dataclass</span> <span class="k">class</span> <span class="nc">HTPBEResult</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Typed representation of the GET /result/{id} response.</span><span class="sh">"""</span> <span class="nb">id</span><span class="p">:</span> <span class="nb">str</span> <span class="n">filename</span><span class="p">:</span> <span class="nb">str</span> <span class="n">status</span><span class="p">:</span> <span class="nb">str</span> <span class="c1"># "intact" | "modified" | "inconclusive" </span> <span class="n">modification_confidence</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="c1"># "certain" | "high" | "none" </span> <span class="n">modification_markers</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="n">creator</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="n">producer</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="n">creation_date</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="c1"># Unix timestamp </span> <span class="n">modification_date</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="c1"># Unix timestamp </span> <span class="n">xref_count</span><span class="p">:</span> <span class="nb">int</span> <span class="n">has_incremental_updates</span><span class="p">:</span> <span class="nb">bool</span> <span class="n">update_chain_length</span><span class="p">:</span> <span class="nb">int</span> <span class="n">has_digital_signature</span><span class="p">:</span> <span class="nb">bool</span> <span class="n">signature_removed</span><span class="p">:</span> <span class="nb">bool</span> <span class="n">modifications_after_signature</span><span class="p">:</span> <span class="nb">bool</span> <span class="n">file_size</span><span class="p">:</span> <span class="nb">int</span> <span class="n">page_count</span><span class="p">:</span> <span class="nb">int</span> <span class="n">pdf_version</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="nd">@classmethod</span> <span class="k">def</span> <span class="nf">from_dict</span><span class="p">(</span><span class="n">cls</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="nb">dict</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="sh">"</span><span class="s">HTPBEResult</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="nf">cls</span><span class="p">(</span> <span class="nb">id</span><span class="o">=</span><span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">],</span> <span class="n">filename</span><span class="o">=</span><span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">filename</span><span class="sh">"</span><span class="p">],</span> <span class="n">status</span><span class="o">=</span><span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">],</span> <span class="n">modification_confidence</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">modification_confidence</span><span class="sh">"</span><span class="p">),</span> <span class="n">modification_markers</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">modification_markers</span><span class="sh">"</span><span class="p">,</span> <span class="p">[]),</span> <span class="n">creator</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">creator</span><span class="sh">"</span><span class="p">),</span> <span class="n">producer</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">producer</span><span class="sh">"</span><span class="p">),</span> <span class="n">creation_date</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">creation_date</span><span class="sh">"</span><span class="p">),</span> <span class="n">modification_date</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">modification_date</span><span class="sh">"</span><span class="p">),</span> <span class="n">xref_count</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">xref_count</span><span class="sh">"</span><span class="p">,</span> <span class="mi">0</span><span class="p">),</span> <span class="n">has_incremental_updates</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">has_incremental_updates</span><span class="sh">"</span><span class="p">,</span> <span class="bp">False</span><span class="p">),</span> <span class="n">update_chain_length</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">update_chain_length</span><span class="sh">"</span><span class="p">,</span> <span class="mi">0</span><span class="p">),</span> <span class="n">has_digital_signature</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">has_digital_signature</span><span class="sh">"</span><span class="p">,</span> <span class="bp">False</span><span class="p">),</span> <span class="n">signature_removed</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">signature_removed</span><span class="sh">"</span><span class="p">,</span> <span class="bp">False</span><span class="p">),</span> <span class="n">modifications_after_signature</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sh">"</span><span class="s">modifications_after_signature</span><span class="sh">"</span><span class="p">,</span> <span class="bp">False</span> <span class="p">),</span> <span class="n">file_size</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">file_size</span><span class="sh">"</span><span class="p">,</span> <span class="mi">0</span><span class="p">),</span> <span class="n">page_count</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">page_count</span><span class="sh">"</span><span class="p">,</span> <span class="mi">0</span><span class="p">),</span> <span class="n">pdf_version</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">pdf_version</span><span class="sh">"</span><span class="p">),</span> <span class="p">)</span> <span class="k">class</span> <span class="nc">HTPBEError</span><span class="p">(</span><span class="nb">Exception</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Raised when the HTPBE API returns a non-2xx response.</span><span class="sh">"""</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">message</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">status_code</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">code</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="n">message</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">status_code</span> <span class="o">=</span> <span class="n">status_code</span> <span class="n">self</span><span class="p">.</span><span class="n">code</span> <span class="o">=</span> <span class="n">code</span> <span class="k">class</span> <span class="nc">HTPBEClient</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Production-ready HTPBE API client with retry and timeout.</span><span class="sh">"""</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span> <span class="n">self</span><span class="p">,</span> <span class="n">api_key</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">base_url</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://api.htpbe.tech/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">timeout</span><span class="p">:</span> <span class="nb">float</span> <span class="o">=</span> <span class="mf">30.0</span><span class="p">,</span> <span class="p">):</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">api_key</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">HTPBE API key is required</span><span class="sh">"</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">_session</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Session</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">_session</span><span class="p">.</span><span class="n">headers</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Bearer </span><span class="si">{</span><span class="n">api_key</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">_base_url</span> <span class="o">=</span> <span class="n">base_url</span> <span class="n">self</span><span class="p">.</span><span class="n">_timeout</span> <span class="o">=</span> <span class="n">timeout</span> <span class="k">def</span> <span class="nf">verify</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">pdf_url</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">retries</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">3</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">HTPBEResult</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Submit a PDF URL for analysis and return the typed result. Retries only on 5xx errors with exponential backoff. Client errors (4xx) raise immediately. </span><span class="sh">"""</span> <span class="n">last_error</span><span class="p">:</span> <span class="n">Optional</span><span class="p">[</span><span class="n">HTPBEError</span><span class="p">]</span> <span class="o">=</span> <span class="bp">None</span> <span class="k">for</span> <span class="n">attempt</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">retries</span><span class="p">):</span> <span class="k">if</span> <span class="n">attempt</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">:</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mi">2</span> <span class="o">**</span> <span class="p">(</span><span class="n">attempt</span> <span class="o">-</span> <span class="mi">1</span><span class="p">))</span> <span class="c1"># 1s, 2s, 4s </span> <span class="k">try</span><span class="p">:</span> <span class="n">check_id</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">_submit</span><span class="p">(</span><span class="n">pdf_url</span><span class="p">)</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="nf">_get_result</span><span class="p">(</span><span class="n">check_id</span><span class="p">)</span> <span class="k">except</span> <span class="n">HTPBEError</span> <span class="k">as</span> <span class="n">exc</span><span class="p">:</span> <span class="k">if</span> <span class="n">exc</span><span class="p">.</span><span class="n">status_code</span> <span class="o">&lt;</span> <span class="mi">500</span><span class="p">:</span> <span class="k">raise</span> <span class="c1"># Client error — do not retry </span> <span class="n">last_error</span> <span class="o">=</span> <span class="n">exc</span> <span class="k">raise</span> <span class="n">last_error</span> <span class="c1"># type: ignore[misc] </span> <span class="k">def</span> <span class="nf">_submit</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">pdf_url</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">_session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">_base_url</span><span class="si">}</span><span class="s">/analyze</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="n">pdf_url</span><span class="p">},</span> <span class="n">timeout</span><span class="o">=</span><span class="n">self</span><span class="p">.</span><span class="n">_timeout</span><span class="p">,</span> <span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="nf">_raise_for_error</span><span class="p">(</span><span class="n">resp</span><span class="p">)</span> <span class="k">return</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">()[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]</span> <span class="k">def</span> <span class="nf">_get_result</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">check_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">HTPBEResult</span><span class="p">:</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">_session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">_base_url</span><span class="si">}</span><span class="s">/result/</span><span class="si">{</span><span class="n">check_id</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="n">self</span><span class="p">.</span><span class="n">_timeout</span><span class="p">,</span> <span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="nf">_raise_for_error</span><span class="p">(</span><span class="n">resp</span><span class="p">)</span> <span class="k">return</span> <span class="n">HTPBEResult</span><span class="p">.</span><span class="nf">from_dict</span><span class="p">(</span><span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="nd">@staticmethod</span> <span class="k">def</span> <span class="nf">_raise_for_error</span><span class="p">(</span><span class="n">resp</span><span class="p">:</span> <span class="n">requests</span><span class="p">.</span><span class="n">Response</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="k">if</span> <span class="n">resp</span><span class="p">.</span><span class="n">ok</span><span class="p">:</span> <span class="k">return</span> <span class="k">try</span><span class="p">:</span> <span class="n">body</span> <span class="o">=</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">except</span> <span class="nb">ValueError</span><span class="p">:</span> <span class="n">body</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="n">resp</span><span class="p">.</span><span class="n">text</span><span class="p">,</span> <span class="sh">"</span><span class="s">code</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">UNKNOWN</span><span class="sh">"</span><span class="p">}</span> <span class="n">error_map</span> <span class="o">=</span> <span class="p">{</span> <span class="mi">400</span><span class="p">:</span> <span class="p">(</span><span class="sh">"</span><span class="s">BAD_REQUEST</span><span class="sh">"</span><span class="p">,</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Bad request: </span><span class="si">{</span><span class="n">body</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">error</span><span class="sh">'</span><span class="p">,</span> <span class="sh">''</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">),</span> <span class="mi">401</span><span class="p">:</span> <span class="p">(</span><span class="sh">"</span><span class="s">UNAUTHORIZED</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Invalid API key. Check your HTPBE_API_KEY.</span><span class="sh">"</span><span class="p">),</span> <span class="mi">402</span><span class="p">:</span> <span class="p">(</span><span class="sh">"</span><span class="s">SUBSCRIPTION_REQUIRED</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Subscription required. See htpbe.tech/pricing.</span><span class="sh">"</span><span class="p">),</span> <span class="mi">403</span><span class="p">:</span> <span class="p">(</span><span class="sh">"</span><span class="s">FORBIDDEN</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Access forbidden.</span><span class="sh">"</span><span class="p">),</span> <span class="mi">404</span><span class="p">:</span> <span class="p">(</span><span class="sh">"</span><span class="s">NOT_FOUND</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Check not found.</span><span class="sh">"</span><span class="p">),</span> <span class="mi">413</span><span class="p">:</span> <span class="p">(</span><span class="sh">"</span><span class="s">FILE_TOO_LARGE</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">PDF exceeds the 10 MB size limit.</span><span class="sh">"</span><span class="p">),</span> <span class="mi">422</span><span class="p">:</span> <span class="p">(</span><span class="sh">"</span><span class="s">INVALID_PDF</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">The URL did not return a valid PDF file.</span><span class="sh">"</span><span class="p">),</span> <span class="p">}</span> <span class="n">code</span><span class="p">,</span> <span class="n">message</span> <span class="o">=</span> <span class="n">error_map</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="n">resp</span><span class="p">.</span><span class="n">status_code</span><span class="p">,</span> <span class="p">(</span><span class="n">body</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">code</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">UNKNOWN</span><span class="sh">"</span><span class="p">),</span> <span class="n">body</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">,</span> <span class="sa">f</span><span class="sh">"</span><span class="s">HTTP </span><span class="si">{</span><span class="n">resp</span><span class="p">.</span><span class="n">status_code</span><span class="si">}</span><span class="sh">"</span><span class="p">)),</span> <span class="p">)</span> <span class="k">raise</span> <span class="nc">HTPBEError</span><span class="p">(</span><span class="n">message</span><span class="p">,</span> <span class="n">resp</span><span class="p">.</span><span class="n">status_code</span><span class="p">,</span> <span class="n">code</span><span class="p">)</span> </code></pre> </div> <p>The retry logic only applies to 5xx responses. A <code>401</code> means your key is wrong — retrying will not help. A <code>422</code> means the URL did not return a valid PDF. Only server-side transient failures warrant a retry.</p> <h2> Handling All Three Verdicts </h2> <p>The API returns exactly one of three statuses. Each maps to a different action in your application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">handle_document</span><span class="p">(</span><span class="n">client</span><span class="p">:</span> <span class="n">HTPBEClient</span><span class="p">,</span> <span class="n">pdf_url</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">result</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="n">pdf_url</span><span class="p">)</span> <span class="k">if</span> <span class="n">result</span><span class="p">.</span><span class="n">status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">intact</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># Document has not been modified since creation. </span> <span class="c1"># Safe to process automatically. </span> <span class="k">return</span> <span class="sh">"</span><span class="s">accept</span><span class="sh">"</span> <span class="k">if</span> <span class="n">result</span><span class="p">.</span><span class="n">status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">modified</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># Post-creation changes detected. </span> <span class="c1"># modification_markers tells you exactly what was found: </span> <span class="c1"># e.g. ["INCREMENTAL_UPDATES", "PRODUCER_MISMATCH", "DIFFERENT_DATES"] </span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Rejected: </span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">modification_markers</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Confidence: </span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">modification_confidence</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="sh">"</span><span class="s">reject</span><span class="sh">"</span> <span class="c1"># status == "inconclusive" </span> <span class="c1"># The document was created with consumer software (Word, Excel, </span> <span class="c1"># LibreOffice, Canva) rather than institutional document management </span> <span class="c1"># software. The API cannot verify its integrity because consumer </span> <span class="c1"># tools produce metadata patterns that overlap with editing tools. </span> <span class="c1"># This is NOT a failure — it is a specific, actionable finding. </span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Consumer origin detected: </span><span class="si">{</span><span class="n">result</span><span class="p">.</span><span class="n">producer</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="sh">"</span><span class="s">manual_review</span><span class="sh">"</span> </code></pre> </div> <p>The <code>inconclusive</code> verdict requires special attention. It does not mean the check failed or that something went wrong. It means the document was created with consumer software — Microsoft Word, Excel, LibreOffice, Canva — and those tools produce metadata patterns that are indistinguishable from documents that have been opened and re-saved. For documents that claim institutional origin (bank statements, diplomas, contracts from enterprise systems), <code>inconclusive</code> is itself a warning signal: why does a document from a bank look like it was created in Word? Route it to human review. For a deeper explanation, see <a href="https://htpbe.tech/blog/what-inconclusive-means-pdf-verification-results" rel="noopener noreferrer">what “inconclusive” really means</a>.</p> <h2> Django Integration: Document Upload Webhook </h2> <p>A common pattern in Django applications: a user uploads a PDF, your view stores it in S3 or another cloud provider, then checks it asynchronously before processing.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">django.http</span> <span class="kn">import</span> <span class="n">JsonResponse</span> <span class="kn">from</span> <span class="n">django.views.decorators.http</span> <span class="kn">import</span> <span class="n">require_POST</span> <span class="kn">from</span> <span class="n">django.views.decorators.csrf</span> <span class="kn">import</span> <span class="n">csrf_exempt</span> <span class="c1"># Initialize once at module level — reuses the TCP connection </span><span class="n">htpbe</span> <span class="o">=</span> <span class="nc">HTPBEClient</span><span class="p">(</span><span class="n">api_key</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">HTPBE_API_KEY</span><span class="sh">"</span><span class="p">])</span> <span class="nd">@csrf_exempt</span> <span class="nd">@require_POST</span> <span class="k">def</span> <span class="nf">upload_invoice</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Handle invoice upload, verify PDF, route by verdict.</span><span class="sh">"""</span> <span class="n">uploaded_file</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">FILES</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">invoice</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">uploaded_file</span><span class="p">:</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">({</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">No file provided</span><span class="sh">"</span><span class="p">},</span> <span class="n">status</span><span class="o">=</span><span class="mi">400</span><span class="p">)</span> <span class="c1"># 1. Upload to your storage and get a public URL </span> <span class="c1"># (replace with your actual storage logic) </span> <span class="n">pdf_url</span> <span class="o">=</span> <span class="nf">upload_to_s3</span><span class="p">(</span><span class="n">uploaded_file</span><span class="p">)</span> <span class="c1"># 2. Verify with HTPBE </span> <span class="k">try</span><span class="p">:</span> <span class="n">result</span> <span class="o">=</span> <span class="n">htpbe</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="n">pdf_url</span><span class="p">)</span> <span class="k">except</span> <span class="n">HTPBEError</span> <span class="k">as</span> <span class="n">exc</span><span class="p">:</span> <span class="k">if</span> <span class="n">exc</span><span class="p">.</span><span class="n">code</span> <span class="o">==</span> <span class="sh">"</span><span class="s">INVALID_PDF</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">({</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Not a valid PDF</span><span class="sh">"</span><span class="p">},</span> <span class="n">status</span><span class="o">=</span><span class="mi">422</span><span class="p">)</span> <span class="k">if</span> <span class="n">exc</span><span class="p">.</span><span class="n">code</span> <span class="o">==</span> <span class="sh">"</span><span class="s">FILE_TOO_LARGE</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">({</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">PDF must be under 10 MB</span><span class="sh">"</span><span class="p">},</span> <span class="n">status</span><span class="o">=</span><span class="mi">413</span><span class="p">)</span> <span class="c1"># Log unexpected errors, return a generic message </span> <span class="kn">import</span> <span class="n">logging</span> <span class="n">logging</span><span class="p">.</span><span class="nf">exception</span><span class="p">(</span><span class="sh">"</span><span class="s">HTPBE verification failed</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">(</span> <span class="p">{</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Verification temporarily unavailable</span><span class="sh">"</span><span class="p">},</span> <span class="n">status</span><span class="o">=</span><span class="mi">503</span> <span class="p">)</span> <span class="c1"># 3. Route based on verdict </span> <span class="k">if</span> <span class="n">result</span><span class="p">.</span><span class="n">status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">modified</span><span class="sh">"</span><span class="p">:</span> <span class="nf">flag_for_fraud_review</span><span class="p">(</span> <span class="n">pdf_url</span><span class="o">=</span><span class="n">pdf_url</span><span class="p">,</span> <span class="n">markers</span><span class="o">=</span><span class="n">result</span><span class="p">.</span><span class="n">modification_markers</span><span class="p">,</span> <span class="n">confidence</span><span class="o">=</span><span class="n">result</span><span class="p">.</span><span class="n">modification_confidence</span><span class="p">,</span> <span class="p">)</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">(</span> <span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">flagged</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">reason</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">.</span><span class="n">modification_markers</span><span class="p">},</span> <span class="n">status</span><span class="o">=</span><span class="mi">422</span><span class="p">,</span> <span class="p">)</span> <span class="k">if</span> <span class="n">result</span><span class="p">.</span><span class="n">status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">inconclusive</span><span class="sh">"</span><span class="p">:</span> <span class="nf">queue_for_manual_review</span><span class="p">(</span><span class="n">pdf_url</span><span class="o">=</span><span class="n">pdf_url</span><span class="p">,</span> <span class="n">result</span><span class="o">=</span><span class="n">result</span><span class="p">)</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">({</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">pending_review</span><span class="sh">"</span><span class="p">},</span> <span class="n">status</span><span class="o">=</span><span class="mi">202</span><span class="p">)</span> <span class="c1"># intact — proceed with normal processing </span> <span class="nf">process_invoice</span><span class="p">(</span><span class="n">pdf_url</span><span class="o">=</span><span class="n">pdf_url</span><span class="p">,</span> <span class="n">metadata</span><span class="o">=</span><span class="n">result</span><span class="p">)</span> <span class="k">return</span> <span class="nc">JsonResponse</span><span class="p">({</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">accepted</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">check_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">.</span><span class="nb">id</span><span class="p">})</span> </code></pre> </div> <p>The same pattern works in Flask — replace the Django decorators with Flask route decorators and <code>request.files</code> instead of <code>request.FILES</code>.</p> <h2> Flask Equivalent </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">jsonify</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="n">htpbe</span> <span class="o">=</span> <span class="nc">HTPBEClient</span><span class="p">(</span><span class="n">api_key</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">HTPBE_API_KEY</span><span class="sh">"</span><span class="p">])</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/api/documents</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">POST</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">upload_document</span><span class="p">():</span> <span class="n">uploaded_file</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">files</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">document</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">uploaded_file</span><span class="p">:</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">(</span><span class="n">error</span><span class="o">=</span><span class="sh">"</span><span class="s">No file provided</span><span class="sh">"</span><span class="p">),</span> <span class="mi">400</span> <span class="n">pdf_url</span> <span class="o">=</span> <span class="nf">upload_to_s3</span><span class="p">(</span><span class="n">uploaded_file</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">result</span> <span class="o">=</span> <span class="n">htpbe</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="n">pdf_url</span><span class="p">)</span> <span class="k">except</span> <span class="n">HTPBEError</span> <span class="k">as</span> <span class="n">exc</span><span class="p">:</span> <span class="k">if</span> <span class="n">exc</span><span class="p">.</span><span class="n">status_code</span> <span class="o">&lt;</span> <span class="mi">500</span><span class="p">:</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">(</span><span class="n">error</span><span class="o">=</span><span class="nf">str</span><span class="p">(</span><span class="n">exc</span><span class="p">)),</span> <span class="n">exc</span><span class="p">.</span><span class="n">status_code</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">(</span><span class="n">error</span><span class="o">=</span><span class="sh">"</span><span class="s">Verification unavailable</span><span class="sh">"</span><span class="p">),</span> <span class="mi">503</span> <span class="k">if</span> <span class="n">result</span><span class="p">.</span><span class="n">status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">modified</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">(</span> <span class="n">status</span><span class="o">=</span><span class="sh">"</span><span class="s">flagged</span><span class="sh">"</span><span class="p">,</span> <span class="n">markers</span><span class="o">=</span><span class="n">result</span><span class="p">.</span><span class="n">modification_markers</span><span class="p">,</span> <span class="p">),</span> <span class="mi">422</span> <span class="k">if</span> <span class="n">result</span><span class="p">.</span><span class="n">status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">inconclusive</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">(</span><span class="n">status</span><span class="o">=</span><span class="sh">"</span><span class="s">pending_review</span><span class="sh">"</span><span class="p">),</span> <span class="mi">202</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">(</span><span class="n">status</span><span class="o">=</span><span class="sh">"</span><span class="s">accepted</span><span class="sh">"</span><span class="p">,</span> <span class="n">check_id</span><span class="o">=</span><span class="n">result</span><span class="p">.</span><span class="nb">id</span><span class="p">)</span> </code></pre> </div> <h2> Batch Processing: S3 or GCS Bucket </h2> <p>For backfill scenarios — checking a bucket of existing documents — iterate over the objects and collect results. This example uses <code>boto3</code> for AWS S3, but the pattern applies to any storage provider that gives you presigned URLs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">boto3</span> <span class="kn">import</span> <span class="n">csv</span> <span class="kn">from</span> <span class="n">botocore.config</span> <span class="kn">import</span> <span class="n">Config</span> <span class="n">s3</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">"</span><span class="s">s3</span><span class="sh">"</span><span class="p">,</span> <span class="n">config</span><span class="o">=</span><span class="nc">Config</span><span class="p">(</span><span class="n">signature_version</span><span class="o">=</span><span class="sh">"</span><span class="s">s3v4</span><span class="sh">"</span><span class="p">))</span> <span class="n">htpbe</span> <span class="o">=</span> <span class="nc">HTPBEClient</span><span class="p">(</span><span class="n">api_key</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">HTPBE_API_KEY</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">batch_verify_bucket</span><span class="p">(</span><span class="n">bucket</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">prefix</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">""</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">]:</span> <span class="sh">"""</span><span class="s">Verify all PDFs in an S3 bucket prefix. Returns a summary list.</span><span class="sh">"""</span> <span class="n">paginator</span> <span class="o">=</span> <span class="n">s3</span><span class="p">.</span><span class="nf">get_paginator</span><span class="p">(</span><span class="sh">"</span><span class="s">list_objects_v2</span><span class="sh">"</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">page</span> <span class="ow">in</span> <span class="n">paginator</span><span class="p">.</span><span class="nf">paginate</span><span class="p">(</span><span class="n">Bucket</span><span class="o">=</span><span class="n">bucket</span><span class="p">,</span> <span class="n">Prefix</span><span class="o">=</span><span class="n">prefix</span><span class="p">):</span> <span class="k">for</span> <span class="n">obj</span> <span class="ow">in</span> <span class="n">page</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">Contents</span><span class="sh">"</span><span class="p">,</span> <span class="p">[]):</span> <span class="n">key</span> <span class="o">=</span> <span class="n">obj</span><span class="p">[</span><span class="sh">"</span><span class="s">Key</span><span class="sh">"</span><span class="p">]</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">key</span><span class="p">.</span><span class="nf">lower</span><span class="p">().</span><span class="nf">endswith</span><span class="p">(</span><span class="sh">"</span><span class="s">.pdf</span><span class="sh">"</span><span class="p">):</span> <span class="k">continue</span> <span class="c1"># Generate a presigned URL (valid for 5 minutes) </span> <span class="n">presigned_url</span> <span class="o">=</span> <span class="n">s3</span><span class="p">.</span><span class="nf">generate_presigned_url</span><span class="p">(</span> <span class="sh">"</span><span class="s">get_object</span><span class="sh">"</span><span class="p">,</span> <span class="n">Params</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Bucket</span><span class="sh">"</span><span class="p">:</span> <span class="n">bucket</span><span class="p">,</span> <span class="sh">"</span><span class="s">Key</span><span class="sh">"</span><span class="p">:</span> <span class="n">key</span><span class="p">},</span> <span class="n">ExpiresIn</span><span class="o">=</span><span class="mi">300</span><span class="p">,</span> <span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">result</span> <span class="o">=</span> <span class="n">htpbe</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="n">presigned_url</span><span class="p">)</span> <span class="n">results</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">key</span><span class="sh">"</span><span class="p">:</span> <span class="n">key</span><span class="p">,</span> <span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">.</span><span class="n">status</span><span class="p">,</span> <span class="sh">"</span><span class="s">confidence</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">.</span><span class="n">modification_confidence</span><span class="p">,</span> <span class="sh">"</span><span class="s">markers</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">, </span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">modification_markers</span><span class="p">),</span> <span class="sh">"</span><span class="s">producer</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">.</span><span class="n">producer</span><span class="p">,</span> <span class="sh">"</span><span class="s">creator</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">.</span><span class="n">creator</span><span class="p">,</span> <span class="p">})</span> <span class="k">except</span> <span class="n">HTPBEError</span> <span class="k">as</span> <span class="n">exc</span><span class="p">:</span> <span class="n">results</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">key</span><span class="sh">"</span><span class="p">:</span> <span class="n">key</span><span class="p">,</span> <span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">confidence</span><span class="sh">"</span><span class="p">:</span> <span class="bp">None</span><span class="p">,</span> <span class="sh">"</span><span class="s">markers</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">exc</span><span class="p">.</span><span class="n">code</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">exc</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">producer</span><span class="sh">"</span><span class="p">:</span> <span class="bp">None</span><span class="p">,</span> <span class="sh">"</span><span class="s">creator</span><span class="sh">"</span><span class="p">:</span> <span class="bp">None</span><span class="p">,</span> <span class="p">})</span> <span class="k">return</span> <span class="n">results</span> <span class="k">def</span> <span class="nf">export_to_csv</span><span class="p">(</span><span class="n">results</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">],</span> <span class="n">output_path</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Write batch results to a CSV file for review.</span><span class="sh">"""</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">results</span><span class="p">:</span> <span class="k">return</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="n">output_path</span><span class="p">,</span> <span class="sh">"</span><span class="s">w</span><span class="sh">"</span><span class="p">,</span> <span class="n">newline</span><span class="o">=</span><span class="sh">""</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">writer</span> <span class="o">=</span> <span class="n">csv</span><span class="p">.</span><span class="nc">DictWriter</span><span class="p">(</span><span class="n">f</span><span class="p">,</span> <span class="n">fieldnames</span><span class="o">=</span><span class="n">results</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nf">keys</span><span class="p">())</span> <span class="n">writer</span><span class="p">.</span><span class="nf">writeheader</span><span class="p">()</span> <span class="n">writer</span><span class="p">.</span><span class="nf">writerows</span><span class="p">(</span><span class="n">results</span><span class="p">)</span> <span class="c1"># Usage: # results = batch_verify_bucket("my-documents-bucket", prefix="invoices/2026/") # export_to_csv(results, "verification_report.csv") </span></code></pre> </div> <p>For large buckets, add <code>concurrent.futures.ThreadPoolExecutor</code> to parallelize requests. The API handles concurrent calls — just stay within your plan’s rate limits.</p> <h2> Test Mode: Develop Without Live Documents </h2> <p>All ? plans — including the free tier — include a test API key. Test keys use mock URLs that return deterministic responses without consuming quota. Use them for integration testing and CI pipelines.</p> <p><strong>Test URL format:</strong> <code>https://api.htpbe.tech/v1/test/{filename}.pdf</code></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>URL</th> <th><code>status</code></th> <th>What it simulates</th> </tr> </thead> <tbody> <tr> <td><code>clean.pdf</code></td> <td><code>intact</code></td> <td>Clean document, institutional origin</td> </tr> <tr> <td><code>clean-no-dates.pdf</code></td> <td><code>intact</code></td> <td>No date metadata, unknown origin</td> </tr> <tr> <td><code>modified-low.pdf</code></td> <td><code>modified</code></td> <td>Single incremental update</td> </tr> <tr> <td><code>modified-medium.pdf</code></td> <td><code>modified</code></td> <td>Consumer software origin, multiple updates</td> </tr> <tr> <td><code>modified-high.pdf</code></td> <td><code>modified</code></td> <td>Different producer, 5-link update chain</td> </tr> <tr> <td><code>modified-critical.pdf</code></td> <td><code>modified</code></td> <td>Signature removed, JavaScript, Excel origin</td> </tr> <tr> <td><code>signature-removed.pdf</code></td> <td><code>modified</code></td> <td>Digital signature stripped</td> </tr> <tr> <td><code>signature-valid.pdf</code></td> <td><code>intact</code></td> <td>Valid digital signature present</td> </tr> <tr> <td><code>inconclusive.pdf</code></td> <td><code>inconclusive</code></td> <td>Excel origin, no structural modifications</td> </tr> <tr> <td><code>dates-mismatch.pdf</code></td> <td><code>modified</code></td> <td>ModDate 14 days after CreationDate</td> </tr> </tbody> </table></div> <p>Use these in your test suite with <code>pytest</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">pytest</span> <span class="n">TEST_BASE</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://api.htpbe.tech/v1/test</span><span class="sh">"</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">HTPBEClient</span><span class="p">(</span><span class="n">api_key</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">HTPBE_TEST_API_KEY</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">test_intact_document</span><span class="p">():</span> <span class="n">result</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">TEST_BASE</span><span class="si">}</span><span class="s">/clean.pdf</span><span class="sh">"</span><span class="p">)</span> <span class="k">assert</span> <span class="n">result</span><span class="p">.</span><span class="n">status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">intact</span><span class="sh">"</span> <span class="k">assert</span> <span class="n">result</span><span class="p">.</span><span class="n">modification_markers</span> <span class="o">==</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">test_modified_document</span><span class="p">():</span> <span class="n">result</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">TEST_BASE</span><span class="si">}</span><span class="s">/modified-high.pdf</span><span class="sh">"</span><span class="p">)</span> <span class="k">assert</span> <span class="n">result</span><span class="p">.</span><span class="n">status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">modified</span><span class="sh">"</span> <span class="k">assert</span> <span class="n">result</span><span class="p">.</span><span class="n">modification_confidence</span> <span class="ow">in</span> <span class="p">(</span><span class="sh">"</span><span class="s">certain</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">high</span><span class="sh">"</span><span class="p">)</span> <span class="k">assert</span> <span class="nf">len</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">modification_markers</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="k">def</span> <span class="nf">test_inconclusive_consumer_origin</span><span class="p">():</span> <span class="n">result</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">TEST_BASE</span><span class="si">}</span><span class="s">/inconclusive.pdf</span><span class="sh">"</span><span class="p">)</span> <span class="k">assert</span> <span class="n">result</span><span class="p">.</span><span class="n">status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">inconclusive</span><span class="sh">"</span> <span class="c1"># inconclusive is NOT an error — it means consumer software origin </span> <span class="k">def</span> <span class="nf">test_signature_removed</span><span class="p">():</span> <span class="n">result</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">TEST_BASE</span><span class="si">}</span><span class="s">/signature-removed.pdf</span><span class="sh">"</span><span class="p">)</span> <span class="k">assert</span> <span class="n">result</span><span class="p">.</span><span class="n">status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">modified</span><span class="sh">"</span> <span class="k">assert</span> <span class="n">result</span><span class="p">.</span><span class="n">signature_removed</span> <span class="ow">is</span> <span class="bp">True</span> </code></pre> </div> <p>Keep your test API key in a <code>.env.test</code> file and your production key in <code>.env</code>. Never commit either to version control.</p> <h2> What the API Does Not Detect </h2> <p>Understanding the limits is important when building a system that makes automated decisions:</p> <ul> <li> <strong>Content-level changes within a single save.</strong> If someone creates a PDF in Word, types a fraudulent number, and exports once, the document has never been modified post-creation. It is structurally <code>intact</code>. The fraud happened at authorship, not at the file level.</li> <li> <strong>Documents recreated from scratch.</strong> If an attacker recreates a document from scratch in the same software the original used and matches the metadata fields, the structural signals will not distinguish it from the original. This attack requires significant effort and is rare, but it is possible.</li> <li> <strong>Encrypted or password-protected PDFs.</strong> The API cannot analyze a PDF it cannot parse. If the file requires a password to open, the analysis will return an error.</li> <li> <strong>Scanned documents with no digital metadata.</strong> A photo of a document converted to PDF contains minimal structural metadata. These typically return <code>inconclusive</code> because the originating software is a scanner driver or image converter, not an institutional system. For more on what metadata fields the API reads and why, see the <a href="https://htpbe.tech/blog/pdf-metadata-fields-complete-reference" rel="noopener noreferrer">PDF metadata fields reference</a>.</li> </ul> <p>These limits are why HTPBE? works best as one layer in a fraud-detection workflow — not the only layer. Combine structural PDF analysis with domain-specific checks (amount validation, vendor database lookups, sender authentication) for a layered defense. See <a href="https://htpbe.tech/blog/pdf-fraud-prevention-best-practices" rel="noopener noreferrer">PDF Fraud Prevention Best Practices</a>.</p> <h2> Choosing a Plan </h2> <p><a href="https://htpbe.tech/pricing" rel="noopener noreferrer">Plans</a> start at $15/month for 30 checks (Starter). The right tier depends on your document volume:</p> <ul> <li> <strong>Starter ($15/mo, 30 checks):</strong> Low-volume workflows — a handful of documents per week. Good for initial production deployment.</li> <li> <strong>Growth ($149/mo, 350 checks):</strong> The recommended starting point for applications with real users. Handles roughly 12 documents per day.</li> <li> <strong>Pro ($499/mo, 1,500 checks):</strong> For platforms processing 40–50 documents per day. Per-check cost drops to $0.33.</li> <li> <strong>Enterprise (custom):</strong> Volume pricing for 1,500+ checks per month.</li> </ul> <p>When you reach your monthly quota, further requests return <code>402 PAYMENT_REQUIRED</code> until the quota resets — add a one-time credit pack or move to a higher tier to keep going. Handle the 402 in your client so a quota boundary never silently drops a check.</p> <h2> Decisions Before You Ship </h2> <p>The integration surface is small: one POST, one GET, three verdicts. The decisions that matter are on your side:</p> <ul> <li> <strong><code>inconclusive</code> routing</strong> — for documents that claim institutional origin (bank statements, diplomas), treat <code>inconclusive</code> the same as <code>modified</code> and route to human review. For user-generated documents (cover letters, personal forms), it may be acceptable to proceed.</li> <li> <strong>Where in your pipeline</strong> — check at intake, before any data extraction or business logic runs. Checking after processing does not prevent harm.</li> <li> <strong>Test key separation</strong> — keep test and production keys in separate environment files. Test keys return synthetic data and must not be used in production flows.</li> </ul> <p>The <a href="https://htpbe.tech/api" rel="noopener noreferrer">full API reference</a> covers all response fields, error codes, and rate limits. To get started, <a href="https://htpbe.tech/api" rel="noopener noreferrer">sign up for a free account</a>, copy your test key from the dashboard, and run the quick-start example above.</p> pdf tutorial api webdev Next.js 16 proxy.ts Migration: From middleware.ts Iurii Rogulia Wed, 10 Jun 2026 10:00:35 +0000 https://dev.to/iurii_rogulia/nextjs-16-proxyts-migration-from-middlewarets-28km https://dev.to/iurii_rogulia/nextjs-16-proxyts-migration-from-middlewarets-28km <p>Next.js 16 renamed <code>middleware.ts</code> to <code>proxy.ts</code>. The official reason is naming clarity — but unpacking why the name matters reveals a decade of misuse patterns and one memorable security incident that proved the conceptual confusion had real consequences. This is part of a broader architecture question covered in <a href="https://iurii.rogulia.fi/blog/build-saas-nextjs-checklist" rel="noopener noreferrer">how I build a production SaaS checklist</a> — where auth belongs in the stack.</p> <p>This is not a cosmetic rename. The <a href="https://nextjs.org/docs/messages/middleware-to-proxy" rel="noopener noreferrer">official migration docs</a> are explicit about why the old name was wrong: "middleware" implied Express-style capabilities that this layer never had, led developers to treat it as a security boundary it was never designed to be, and accumulated so much misuse that the team felt the name itself was misleading. The rename is a deliberate signal — reach for <code>proxy.ts</code> as a last resort, not as your default request-handling strategy.</p> <p>Here is the full picture: what changed, why the name mattered more than most people realized, the security incident that made the conceptual confusion concrete, and how to migrate auth correctly.</p> <h2> What Changed in Next.js 16 </h2> <p>The API surface change is minimal. <code>NextRequest</code>, <code>NextResponse</code>, the <code>config</code> matcher — all identical. The differences:</p> <ol> <li>The file is named <code>proxy.ts</code> (or <code>proxy.js</code>)</li> <li>The exported function is named <code>proxy</code>, not <code>middleware</code> </li> <li>The runtime is Node.js — Edge runtime is explicitly not supported</li> <li>Several <code>next.config.ts</code> properties were renamed</li> </ol> <p><code>middleware.ts</code> still works but logs a deprecation warning. You have a migration window.</p> <p>The Node.js runtime change is the structurally meaningful one. The proxy layer now runs at origin with full access to the Node.js ecosystem. The latency tradeoff is real and worth understanding before you migrate — more on that in the trade-offs section.</p> <p>The official reasons given for the rename, straight from the docs:</p> <ul> <li> <strong>Naming confusion with Express.js middleware</strong> — developers expected full Node.js capabilities and got a stripped-down Edge environment instead</li> <li> <strong>Intent signal</strong> — the team wants this feature used as a last resort; the name "middleware" implied it was the standard interception point for all request logic</li> <li> <strong>Clarifying the actual role</strong> — a proxy sits at a network boundary in front of the app; that is what <code>proxy.ts</code> does</li> <li> <strong>Future direction</strong> — the team is actively working on better APIs so that most goals currently achieved in <code>proxy.ts</code> can be accomplished closer to the data, without needing the proxy layer at all</li> </ul> <h2> Why "Middleware" Was the Wrong Name All Along </h2> <p>The confusion did not start with a CVE. It started with a word.</p> <p>Express.js popularized "middleware" as a concept: functions that intercept and process requests in sequence, running in the same Node.js process as your application, with full access to whatever npm packages you need. When Next.js introduced <code>middleware.ts</code> in Next.js 12, it borrowed the term for a structurally different thing: a thin interception layer running on the Edge runtime at CDN nodes, with a 25ms CPU time limit and no native Node.js modules.</p> <p>Developers familiar with Express naturally expected Express-like behavior. They discovered the mismatch when they tried to import <code>jsonwebtoken</code> — which uses Node.js <code>crypto</code> APIs — and got a runtime error. The correct alternative was <code>jose</code>, a Web Crypto API-based library designed for edge environments. The error message was not helpful. The lesson — that this was not Express middleware — was learned the hard way by a lot of teams.</p> <p>GitHub discussions <a href="https://github.com/vercel/next.js/discussions/46722" rel="noopener noreferrer">#46722</a> and <a href="https://github.com/vercel/next.js/discussions/71727" rel="noopener noreferrer">#71727</a> tracked years of demand for Node.js runtime access in middleware. The community wanted to use real libraries. The framework could not provide them without abandoning the Edge performance model. The tension was never resolved — it was dissolved by moving the runtime to Node.js and acknowledging in the name that this is not general-purpose middleware.</p> <p>The second problem was overloading. In practice, <code>middleware.ts</code> became a catch-all: auth redirects, A/B testing, locale routing, logging, rate limiting, canary deployments, bot detection — all in one file with strict runtime limits. The more concerns you pile into a single network interception layer, the harder it is to reason about what any given request will actually do.</p> <h2> CVE-2025-29927: Exhibit A </h2> <p>In March 2025, a vulnerability was disclosed that crystallized the naming problem into something concrete.</p> <p>Next.js used the <code>x-middleware-subrequest</code> header internally to track recursive middleware invocations and prevent infinite loops. If the header was already set when a request arrived, Next.js assumed the middleware had already run and skipped execution. An external attacker could set that header on any incoming request. Next.js would see it, conclude middleware had already executed, and serve the response without running any middleware code at all.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">x-middleware-subrequest: middleware </span></code></pre> </div> <p>Every application running Next.js 11.1.4 through 15.2.2 with authentication logic in <code>middleware.ts</code> was potentially vulnerable. Auth checks: skipped. Geo-blocking: skipped. Admin-only redirects: skipped. The UK National Cyber Security Centre issued a public advisory. Proof-of-concept exploits were circulating within days.</p> <p>The patch was straightforward — validate the header's origin before trusting it. But the vulnerability exposed something that had been structurally true before the patch existed: middleware was never a reliable security boundary. The <code>x-middleware-subrequest</code> header was just the specific mechanism. The deeper issue was architectural. A layer designed for lightweight request interception was being used as the primary enforcement point for access control.</p> <p>This is exactly the kind of failure mode the naming confusion produces. If you think you have "middleware" in the Express sense — something that runs reliably in your application's trust boundary — you will trust it as a security layer. If you think of it as a network proxy, you will not. The CVE did not change the architecture; it illustrated why the architecture had been misunderstood.</p> <p>A second vulnerability, CVE-2025-66478, followed in December 2025 — a remote code execution issue that further eroded confidence in the security model of the layer.</p> <h2> The Codemod </h2> <p>The fastest path to migration is the official codemod:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx @next/codemod@latest upgrade 16 </code></pre> </div> <p>The codemod handles four things:</p> <ol> <li>Renames <code>middleware.ts</code> → <code>proxy.ts</code> </li> <li>Renames the exported function from <code>middleware</code> to <code>proxy</code> </li> <li>Renames <code>next.config.ts</code> properties: <ul> <li> <code>skipMiddlewareUrlNormalize</code> → <code>skipProxyUrlNormalize</code> </li> <li> <code>experimental.middlewarePrefetch</code> → <code>experimental.proxyPrefetch</code> </li> <li> <code>experimental.middlewareClientMaxBodySize</code> → <code>experimental.proxyClientMaxBodySize</code> </li> <li> <code>experimental.externalMiddlewareRewritesResolve</code> → <code>experimental.externalProxyRewritesResolve</code> </li> </ul> </li> </ol> <p>One known edge case: GitHub issue <a href="https://github.com/vercel/next.js/issues/86478" rel="noopener noreferrer">#86478</a> documents a scenario where the codemod skips the file rename when it determines no content changes are needed. If your <code>proxy.ts</code> does not appear after running the codemod, rename the file manually.</p> <p>Verify the output, run your tests, and proceed to the auth migration below — because the codemod does not touch your auth logic.</p> <h2> Manual Migration </h2> <p>The mechanical part of manual migration is a straightforward rename:</p> <p><strong>Before (<code>middleware.ts</code>):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/server</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">middleware</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">/dashboard/:path*</span><span class="dl">"</span><span class="p">],</span> <span class="p">};</span> </code></pre> </div> <p><strong>After (<code>proxy.ts</code>):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/server</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">proxy</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">/dashboard/:path*</span><span class="dl">"</span><span class="p">],</span> <span class="p">};</span> </code></pre> </div> <p>Two characters changed in the function name. One filename changed. Everything else is identical.</p> <p>If you have any of the renamed <code>next.config.ts</code> properties, update those as well. The TypeScript types will flag them as errors if you miss any.</p> <h2> The Auth Migration — Where Most Teams Get It Wrong </h2> <p> slug="rescue-projects"<br> text="Inherited a Next.js codebase with middleware-based auth or security patterns that rely on the proxy layer? I audit, identify the exposure, and migrate to a proper Data Access Layer."<br> /&gt;</p> <p>This is the section that actually matters. The mechanical rename is trivial. Getting auth right in the new model requires rethinking where validation belongs.</p> <p>The old pattern looked something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// middleware.ts — the vulnerable approach</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/server</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">jwtVerify</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">jose</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">SECRET</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextEncoder</span><span class="p">().</span><span class="nf">encode</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="o">!</span><span class="p">);</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">middleware</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">session</span><span class="dl">"</span><span class="p">)?.</span><span class="nx">value</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">jwtVerify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">SECRET</span><span class="p">);</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">/dashboard/:path*</span><span class="dl">"</span><span class="p">],</span> <span class="p">};</span> </code></pre> </div> <p>This code did JWT verification in middleware. It used <code>jose</code> because <code>jsonwebtoken</code> did not work on the Edge runtime. It looked correct. It was the approach recommended in multiple Auth.js tutorials and Next.js blog posts.</p> <p>The problem: this pattern is exactly what CVE-2025-29927 made irrelevant. An attacker with the right header never reached the <code>jwtVerify</code> call. The middleware was skipped entirely.</p> <p>The deeper issue: even without the CVE, middleware-as-sole-security-boundary is architecturally wrong. If a bug in your routing logic accidentally serves a protected page without going through the matcher, the auth layer has no coverage there. If you add a new route and forget to update the matcher pattern, that route is unprotected. Security that depends on a routing config staying in sync with your actual routes is security waiting to fail.</p> <p>The correct pattern in <code>proxy.ts</code> is an <em>optimistic cookie existence check</em> — not validation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// proxy.ts — correct approach</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">NextRequest</span><span class="p">,</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/server</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">proxy</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">sessionCookie</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">session</span><span class="dl">"</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">sessionCookie</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">loginUrl</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">"</span><span class="s2">/login</span><span class="dl">"</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">);</span> <span class="nx">loginUrl</span><span class="p">.</span><span class="nx">searchParams</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">"</span><span class="s2">from</span><span class="dl">"</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">pathname</span><span class="p">);</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="nx">loginUrl</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">matcher</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">/dashboard/:path*</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">/account/:path*</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">/api/private/:path*</span><span class="dl">"</span><span class="p">],</span> <span class="p">};</span> </code></pre> </div> <p>Notice what this does not do: it does not verify the JWT signature. It does not decode the token. It does not check expiry. It checks one thing: does a cookie with the session name exist? If no cookie, redirect to login. If the cookie exists, let the request through and let the actual validation happen downstream.</p> <p>This is not a security hole. It is a correct division of responsibility. The proxy layer handles the user experience concern — redirecting unauthenticated visitors to the login page before they see a flash of protected content. The actual security enforcement happens in a Data Access Layer that every Server Component and Route Handler calls:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// lib/auth.ts — server-only, the actual security boundary</span> <span class="k">import</span> <span class="dl">"</span><span class="s2">server-only</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">jwtVerify</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">jose</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">cookies</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/headers</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">cache</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">react</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">SECRET</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextEncoder</span><span class="p">().</span><span class="nf">encode</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="o">!</span><span class="p">);</span> <span class="kr">interface</span> <span class="nx">Session</span> <span class="p">{</span> <span class="nl">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">role</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user</span><span class="dl">"</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">admin</span><span class="dl">"</span><span class="p">;</span> <span class="nl">exp</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// cache() memoizes per request — jwtVerify runs once per request, not once per component</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">getSession</span> <span class="o">=</span> <span class="nf">cache</span><span class="p">(</span><span class="k">async </span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Session</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cookieStore</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">cookies</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">cookieStore</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">session</span><span class="dl">"</span><span class="p">)?.</span><span class="nx">value</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">payload</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">jwtVerify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">SECRET</span><span class="p">);</span> <span class="k">return</span> <span class="nx">payload</span> <span class="k">as</span> <span class="nx">unknown</span> <span class="k">as</span> <span class="nx">Session</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">});</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">requireSession</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Session</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getSession</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">session</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Unauthorized</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">session</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Every Server Component that renders protected data calls <code>getSession()</code> or <code>requireSession()</code>. Every Route Handler that serves private API endpoints calls it. The validation is colocated with the data access — not centralized in a network-level proxy that can be bypassed or misconfigured.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// app/dashboard/page.tsx</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">requireSession</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/auth</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getUserData</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@/lib/data</span><span class="dl">'</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">DashboardPage</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// Throws if no valid session — caught by the nearest error boundary</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">requireSession</span><span class="p">()</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getUserData</span><span class="p">(</span><span class="nx">session</span><span class="p">.</span><span class="nx">userId</span><span class="p">)</span> <span class="k">return</span> <span class="o">&lt;</span><span class="nx">Dashboard</span> <span class="nx">user</span><span class="o">=</span><span class="p">{</span><span class="nx">session</span><span class="p">}</span> <span class="nx">data</span><span class="o">=</span><span class="p">{</span><span class="nx">data</span><span class="p">}</span> <span class="sr">/</span><span class="err">&gt; </span><span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// app/api/private/orders/route.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">NextResponse</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">next/server</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getSession</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/lib/auth</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getOrders</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@/lib/data</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">GET</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getSession</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">session</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Unauthorized</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">401</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">orders</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getOrders</span><span class="p">(</span><span class="nx">session</span><span class="p">.</span><span class="nx">userId</span><span class="p">);</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">orders</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The proxy layer handles the redirect. The Data Access Layer handles the enforcement. Neither depends on the other being correctly configured.</p> <h3> What Happens With a Tampered Cookie </h3> <p>A common concern: if <code>proxy.ts</code> only checks cookie existence, what stops an attacker from sending a fake <code>session</code> cookie with arbitrary content?</p> <p>The answer is: the Data Access Layer. <code>getSession()</code> calls <code>jwtVerify</code>, which verifies the cryptographic signature using your <code>JWT_SECRET</code>. A cookie containing garbage, an expired token, or a token signed with the wrong key will fail <code>jwtVerify</code> and return <code>null</code>. The user gets treated as unauthenticated and receives a 401 or an error boundary response — not access to protected data.</p> <p>The proxy redirect is a UX optimization. The Data Access Layer is the enforcement mechanism. These roles do not overlap.</p> <h2> What proxy.ts Is Actually For </h2> <p>With auth correctly handled downstream, the proxy layer is free to do what it is actually good at:</p> <p><strong>Programmatic redirects based on request properties:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">function</span> <span class="nf">proxy</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">pathname</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">;</span> <span class="c1">// Redirect legacy URLs</span> <span class="k">if </span><span class="p">(</span><span class="nx">pathname</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">"</span><span class="s2">/old-dashboard</span><span class="dl">"</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span> <span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="nx">pathname</span><span class="p">.</span><span class="nf">replace</span><span class="p">(</span><span class="dl">"</span><span class="s2">/old-dashboard</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">/dashboard</span><span class="dl">"</span><span class="p">),</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">),</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="mi">301</span> <span class="p">}</span> <span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p><strong>URL rewrites for A/B testing:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">function</span> <span class="nf">proxy</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">bucket</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">ab-bucket</span><span class="dl">"</span><span class="p">)?.</span><span class="nx">value</span> <span class="o">??</span> <span class="dl">"</span><span class="s2">control</span><span class="dl">"</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">pathname</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">/pricing</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">rewrite</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="s2">`/pricing-</span><span class="p">${</span><span class="nx">bucket</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p><strong>Locale routing</strong> (also covered in depth in <a href="https://iurii.rogulia.fi/blog/nextjs-i18n-30-languages" rel="noopener noreferrer">Next.js i18n at Scale</a>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">function</span> <span class="nf">proxy</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">pathname</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">locale</span> <span class="o">=</span> <span class="nx">request</span><span class="p">.</span><span class="nx">cookies</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">locale</span><span class="dl">"</span><span class="p">)?.</span><span class="nx">value</span> <span class="o">??</span> <span class="nx">request</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">accept-language</span><span class="dl">"</span><span class="p">)?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2">,</span><span class="dl">"</span><span class="p">)[</span><span class="mi">0</span><span class="p">]?.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2">-</span><span class="dl">"</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="o">??</span> <span class="dl">"</span><span class="s2">en</span><span class="dl">"</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">pathname</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="s2">`/</span><span class="p">${</span><span class="nx">locale</span><span class="p">}</span><span class="s2">`</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">redirect</span><span class="p">(</span><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="s2">`/</span><span class="p">${</span><span class="nx">locale</span><span class="p">}${</span><span class="nx">pathname</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">url</span><span class="p">));</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p><strong>Modifying headers for downstream use:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">function</span> <span class="nf">proxy</span><span class="p">(</span><span class="nx">request</span><span class="p">:</span> <span class="nx">NextRequest</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="nx">NextResponse</span><span class="p">.</span><span class="nf">next</span><span class="p">();</span> <span class="c1">// Pass request metadata downstream without re-reading headers</span> <span class="nx">response</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">"</span><span class="s2">x-request-id</span><span class="dl">"</span><span class="p">,</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">());</span> <span class="nx">response</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">"</span><span class="s2">x-pathname</span><span class="dl">"</span><span class="p">,</span> <span class="nx">request</span><span class="p">.</span><span class="nx">nextUrl</span><span class="p">.</span><span class="nx">pathname</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>These are the proxy layer's strengths: thin request inspection, lightweight branching, header manipulation. Nothing that requires heavy computation, database access, or cryptographic operations. In <a href="https://iurii.rogulia.fi/projects/pikkuna-ecommerce-platform" rel="noopener noreferrer">pikkuna.fi</a> and <a href="https://iurii.rogulia.fi/projects/pi-pi-b2b-ecommerce" rel="noopener noreferrer">pi-pi.ee</a>, locale routing is exactly what the proxy layer is used for — detecting the user's preferred language and rewriting the URL before the request reaches the application.</p> <h2> The Trade-offs You Should Know Before Migrating </h2> <h3> Edge Performance Loss </h3> <p>The original <code>middleware.ts</code> ran at the CDN edge — geographically close to the user. For a user in Stockholm hitting Cloudflare's edge node in Frankfurt, middleware executed in 1–2ms of round-trip latency. Redirects were fast because they happened before the request ever reached origin.</p> <p><code>proxy.ts</code> runs on Node.js at origin. For the same Stockholm user, a redirect now requires a round trip to wherever your origin server sits. If your origin is in us-east-1, that is 80–100ms of added latency for every redirect.</p> <p>For most applications, this is acceptable. But if you have high-traffic redirect logic — locale routing that fires on every request, aggressive A/B test bucketing — measure the latency impact before migrating. Alternatively, move that logic to Cloudflare Workers or your CDN's edge functions, which are purpose-built for it.</p> <h3> The Cloudflare Compatibility Bug </h3> <p>As of this writing, there is an open issue (<a href="https://github.com/vercel/next.js/issues/86122" rel="noopener noreferrer">#86122</a>) where <code>proxy.ts</code> does not execute when the application is deployed behind Cloudflare Proxy in production. The old <code>middleware.ts</code> works correctly in the same setup.</p> <p>This affects self-hosted deployments that use Cloudflare for DDoS protection and CDN. If you run your Next.js application on a VPS with Cloudflare in proxy mode — which is common for EU teams trying to avoid Vercel costs — test <code>proxy.ts</code> thoroughly in staging before cutting over. The issue is open and being tracked, but there is no timeline for resolution.</p> <p>For context: the <a href="https://iurii.rogulia.fi/projects/vatnode-vat-validation" rel="noopener noreferrer">vatnode.dev</a> setup (Turborepo monorepo, Hono API on VPS, Next.js frontend) uses Coolify for deployment and sits behind Cloudflare. This bug is directly relevant. The current workaround is to keep <code>middleware.ts</code> on affected deployments and wait for the upstream fix, or route proxy logic through Cloudflare Workers instead.</p> <h3> Third-Party Library Churn </h3> <p>Auth.js (formerly NextAuth), Auth0's Next.js SDK, Better Auth, and every internationalization library that hooks into middleware — all had to update their integrations when Next.js 16 landed. If you rely on any of these, check that you are on a version that supports <code>proxy.ts</code> before upgrading Next.js.</p> <p><code>next-intl</code>, for example, published a migration guide alongside the Next.js 16 release. The API change is minor, but the update is required.</p> <h2> The Broader Lesson </h2> <p>CVE-2025-29927 was a specific vulnerability with a specific patch. But the rename to <code>proxy.ts</code> is responding to something larger: years of ecosystem confusion about what this layer was supposed to do.</p> <p>The team's own framing in the migration docs is telling: they are actively working on better APIs so that developers can achieve their goals <em>without</em> the proxy layer. The direction is not "use proxy.ts more confidently" — it is "use proxy.ts less, and understand exactly why you are using it when you do."</p> <p>When a security boundary is defined by a routing config that can go out of sync, by a runtime that cannot run real crypto libraries, and by a name that implies capabilities it does not have — you get defensive code in the wrong place, false confidence in that defensive code, and eventually a CVE that proves the confidence was misplaced.</p> <p>The architectural lesson is not specific to Next.js. It applies to any framework with a request interception layer: thin interception should not be your security boundary. The security boundary should be colocated with the data, in code that runs every time the data is accessed, under a runtime that can actually enforce access controls.</p> <p><code>proxy.ts</code> makes this division explicit in the name. It will not stop teams from putting auth logic in the proxy layer — the API allows it. But the name makes the intent harder to misread.</p> <p>Building something on Next.js 16 that needs production-grade auth, multi-region routing, or EU compliance? These are problems I've solved across <a href="https://iurii.rogulia.fi/projects/vatnode-vat-validation" rel="noopener noreferrer">vatnode.dev</a>, <a href="https://iurii.rogulia.fi/projects/pikkuna-ecommerce-platform" rel="noopener noreferrer">pikkuna.fi</a>, and <a href="https://iurii.rogulia.fi/projects/pi-pi-b2b-ecommerce" rel="noopener noreferrer">pi-pi.ee</a>. If your codebase needs <a href="https://iurii.rogulia.fi/services/rescue-projects" rel="noopener noreferrer">security-focused rescue work</a> or <a href="https://iurii.rogulia.fi/services/technical-consultation" rel="noopener noreferrer">technical consultation</a> on the auth architecture specifically, I can step in either way. If you need a senior developer who can own the architecture end-to-end — <a href="https://iurii.rogulia.fi/contact" rel="noopener noreferrer">get in touch</a>.</p> <p><strong>Related reading:</strong></p> <ul> <li> <a href="https://iurii.rogulia.fi/blog/build-saas-nextjs-checklist" rel="noopener noreferrer">How to Build a SaaS with Next.js: Production Checklist</a> — auth architecture, billing, and production readiness in one place</li> <li> <a href="https://iurii.rogulia.fi/blog/stripe-webhooks-production" rel="noopener noreferrer">Stripe Webhooks Done Right: Production Architecture</a> — another security-sensitive layer where naive implementations fail</li> <li> <a href="https://iurii.rogulia.fi/blog/redis-rate-limiting-api" rel="noopener noreferrer">Redis Rate Limiting in Production</a> — protecting API endpoints with sliding window counters</li> <li> <a href="https://nextjs.org/blog/next-16" rel="noopener noreferrer">Next.js 16 release post</a> — official announcement including the proxy.ts introduction</li> <li> <a href="https://nextjs.org/docs/messages/middleware-to-proxy" rel="noopener noreferrer">Official migration reference</a> — nextjs.org/docs/messages/middleware-to-proxy</li> </ul> nextjs typescript security migration Business Process Automation Case Study: 40 Hours/Month Saved Iurii Rogulia Tue, 09 Jun 2026 10:00:37 +0000 https://dev.to/iurii_rogulia/business-process-automation-case-study-40-hoursmonth-saved-153c https://dev.to/iurii_rogulia/business-process-automation-case-study-40-hoursmonth-saved-153c <p>Nobody called it a problem. It was just how things worked.</p> <p>A mid-size distributor, around 50 employees, processing roughly 80 orders per week. When a customer confirmed an order, a logistics coordinator would sit down and work through the same sequence, every time. Copy the customer information into the shipping software. Update the inventory spreadsheet. Email the warehouse a formatted order summary. Create a PDF invoice in the accounting system. Email the customer with the invoice and an estimated delivery date.</p> <p>Twenty-five to thirty-five minutes per order. At 80 orders a week, that's somewhere between 40 and 45 hours a month — a full working week, spent on manual data entry.</p> <p>The coordinator had been doing this for four years. There was a part-time assistant who helped during busy periods. Neither of them was doing anything wrong. They were doing the job as it existed.</p> <h2> What Changed </h2> <p>After mapping the process, it took about two weeks to build the <a href="https://iurii.rogulia.fi/services/automation-workflows" rel="noopener noreferrer">automation</a>. Not because it was complicated — but because we took the time to do it carefully, test it against edge cases, and make sure the exceptions were handled thoughtfully.</p> <p>After the change: when an order is confirmed, the shipping software updates automatically. Inventory adjusts in real time. The warehouse receives a formatted notification within seconds. The invoice is generated and sent without anyone touching it. The customer gets a confirmation and tracking information within minutes of payment.</p> <p>Human time per routine order: zero.</p> <p> slug="automation-workflows"<br> text="If your team runs repeatable manual processes — copying data, generating reports, sending confirmations — I map and automate them. The savings are usually faster than you'd expect."<br> /&gt;</p> <p>The coordinator now handles customer relationships, resolves exceptions, and manages the cases that genuinely need a person — address problems, special requests, complaints. The work that actually requires judgment. The part-time assistant's hours were reallocated to a different project.</p> <p>The error rate on routine orders went to effectively zero. Previously, occasional data-entry mistakes caused delivery problems — wrong addresses transcribed, quantities miscopied. Not often, but often enough. Those errors disappeared.</p> <h2> The Numbers </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Before</th> <th>After</th> </tr> </thead> <tbody> <tr> <td>25–35 min per order (manual)</td> <td>~0 min per routine order</td> </tr> <tr> <td>~40 hours/month in coordinator time</td> <td>Manual review for exceptions only</td> </tr> <tr> <td>Occasional data-entry errors causing delivery issues</td> <td>Error rate effectively zero</td> </tr> <tr> <td>Part-time assistant required for peak periods</td> <td>Hours reallocated</td> </tr> </tbody> </table></div> <p>The cost to build the automation was a fraction of one year's worth of the time it recovered. By month three, it had paid for itself.</p> <h2> The Harder Point </h2> <p>This company didn't have a technology problem. They had an unexamined process.</p> <p>Nobody had sat down and asked: does this sequence of steps need a human? Each step, individually, felt necessary. Copy this information, send that email, update this sheet. But looked at as a whole, the sequence was almost entirely mechanical — the same inputs producing the same outputs in the same order, every time. That's not a human task. It only became one because nobody had looked at it that way.</p> <p>Most companies I work with have three to five processes like this. They don't look like automation opportunities. They look like "how things work." There's often one specific person who does them, and they're good at it, and the process runs reliably enough that it doesn't feel like a problem. That combination — competent execution of an inefficient process — is almost always a sign. The <a href="https://iurii.rogulia.fi/blog/5-signs-it-is-holding-you-back" rel="noopener noreferrer">5 signs your IT is costing more than it saves</a> post runs through the broader diagnostic — this case fits sign number one almost exactly.</p> <p>The question isn't whether your team is working hard. It's whether they're working on things that need them. A similar pattern played out at <a href="https://iurii.rogulia.fi/projects/pikkuna-ecommerce-platform" rel="noopener noreferrer">Pikkuna</a>, where end-to-end order automation — Stripe through PostNord through Mailgun — reduced the per-order manual burden to zero across 35 countries.</p> <p>If your team has processes like this — repeatable, manual, time-consuming — <a href="https://iurii.rogulia.fi/contact" rel="noopener noreferrer">let's map them out</a>. The savings are usually faster than you'd expect.</p> business automation process webdev PDF Forensics Without the Original File: One-Sided Fraud Detection Iurii Rogulia Tue, 09 Jun 2026 10:00:34 +0000 https://dev.to/iurii_rogulia/pdf-forensics-without-the-original-file-one-sided-fraud-detection-3e0p https://dev.to/iurii_rogulia/pdf-forensics-without-the-original-file-one-sided-fraud-detection-3e0p <blockquote> <p>Originally published at <a href="https://htpbe.tech/blog/pdf-forensics-without-original-file" rel="noopener noreferrer">htpbe.tech</a>. The version on htpbe.tech stays in sync with the latest detection algorithm — refer to it for the canonical text.</p> </blockquote> <p>The most common question we get from teams evaluating PDF tamper detection tools: "Do we need to keep a copy of the original?"</p> <p>The answer is no — and understanding why reveals something important about how PDF files work and why tampering is harder to hide than most people assume.</p> <h2> The comparison trap </h2> <p>The obvious approach to detecting whether a document was modified is comparison: keep the original, compare it to what you received, flag the differences. This is how tools like Draftable, Adobe Compare Documents, and diff utilities work.</p> <p>The comparison approach has a structural problem: it requires you to have the original. In most fraud scenarios, you do not. You received an invoice, a diploma, a bank statement, or a contract from a counterparty. You have the document they sent you. You do not have what the document looked like before they sent it.</p> <p>If an attacker modified the bank account number on an invoice before sending it to you, you have no original to compare against. You have one file. Comparison-based tools cannot help you.</p> <p>Forensic analysis works differently. It does not compare the document against anything external. It reads what the document preserved about its own history.</p> <h2> What a PDF knows about itself </h2> <p>The PDF specification was designed around a model of incremental updates. When a PDF is edited and saved, the editing software does not rewrite the entire file — it appends the changes to the end and adds a new cross-reference table pointing to the updated objects. The original content remains in the file.</p> <p>This design decision, intended for efficiency, has a forensic consequence: a modified PDF carries a structural record of that modification.</p> <p>When a document is analyzed without the original, the analysis reads:</p> <p><strong>The cross-reference (xref) chain.</strong> How many edit sessions does the file contain? Each incremental update adds at least one xref section. A document created in one session has one xref. A document created and then edited has at least two. The chain length tells you how many times the file changed hands between creation and analysis.</p> <p><strong>The metadata record.</strong> The PDF Info dictionary stores <code>CreationDate</code> and <code>ModDate</code> as part of the file’s standard metadata. These fields record when the document was created and when it was last modified. When a document submitted as a fresh bank statement shows a modification date six months after the creation date, the document was modified — even without a copy of the bank statement from six months ago to compare against.</p> <p><strong>The authoring trail.</strong> The <code>Creator</code> field identifies the software used to create the document. The <code>Producer</code> field identifies the software that last processed it. When a document claims to be a corporate tax filing but was last processed by a free consumer PDF editor, the authoring trail contradicts the claimed origin.</p> <p><strong>The signature binding.</strong> Digital signatures in PDFs cryptographically bind a checksum to a specific byte range of the file. When content is appended after a signature, the signature remains valid for the content it covers — but the document now contains unsigned content. This pattern is detectable without the original: the signature’s byte range does not extend to the end of the file, and xref entries exist outside the signed range.</p> <h2> The limits of one-sided analysis </h2> <p>Honesty about what this approach cannot detect:</p> <p><strong>Content changes to unsigned documents.</strong> If an attacker edits a text field in an unsigned PDF and the editing software rewrites the file cleanly — removing evidence of prior xref structure, preserving or backdating timestamps — the structural record may not reveal the edit. This requires sophisticated tooling and deliberate counter-forensic effort. It is possible, but it is not what most fraud uses. Most fraud uses off-the-shelf PDF editors that leave clear traces.</p> <p><strong>Fabricated documents created from scratch.</strong> If an attacker builds a document in the same software a legitimate issuer uses, sets plausible timestamps, and produces a structurally consistent file — one-sided analysis cannot distinguish it from a genuine document. Structural forensics alone cannot determine that the content is truthful, only that the file is structurally consistent with its claimed origin.</p> <p><strong>Encrypted documents.</strong> Strong encryption prevents reading the structural content of a PDF. Analysis returns <code>inconclusive</code> when the file cannot be read.</p> <p>For the fraud patterns that account for the vast majority of real-world document fraud — editing existing documents with consumer software, modifying bank details on legitimate invoices, altering figures on real financial statements — one-sided forensic analysis catches them reliably.</p> <h2> Why most fraud does not evade one-sided analysis </h2> <p>Real-world invoice fraud and document tampering is not performed by people with forensic knowledge of the PDF specification. It is performed by attackers who:</p> <ul> <li>Download a legitimate PDF</li> <li>Open it in iLovePDF, PDF24, Adobe Acrobat Reader (free), or a similar tool</li> <li>Change the relevant text</li> <li>Save and send</li> </ul> <p>Every step of this process leaves marks:</p> <p>The consumer editor rewrites the Producer field to its own name. It creates a new xref entry. It updates the modification date. It may not preserve the original structure cleanly.</p> <p>The resulting file shows all the signals that one-sided analysis reads: multiple xref tables, a Producer that contradicts the document’s claimed origin, a modification date inconsistent with the claimed issuance date.</p> <h2> A practical example: bank statement fraud </h2> <p>A lender requests three months of bank statements from a loan applicant. The applicant downloads genuine statements from their bank’s online portal — PDF files generated by the bank’s document system. They then edit the statements to inflate the account balances, using a free online PDF editor.</p> <p>The lender has no original statements. They cannot compare the submitted documents against bank records. What they have is one PDF per month.</p> <p>What those PDFs preserve:</p> <ul> <li> <code>Creator: HSBC Document Service</code> (the bank’s original authoring software)</li> <li> <code>Producer: Smallpdf</code> (the free editor used to modify the file)</li> <li> <code>CreationDate: 2025-12-01</code> (when the bank generated the statement)</li> <li> <code>ModDate: 2026-03-15</code> (when the applicant modified it before submission)</li> <li> <code>xref_count: 3</code> (original creation + two editing sessions)</li> </ul> <p>The forensic verdict: <strong>MODIFIED</strong> with markers <code>PRODUCER_MISMATCH</code> and <code>INCREMENTAL_UPDATES</code>.</p> <p>The lender did not need the original bank statements. The modified file told them everything.</p> <h2> The API call </h2> <p>One-sided forensic analysis runs as a single HTTP call against the <a href="https://htpbe.tech/api" rel="noopener noreferrer">PDF forensics API</a> — no original document, no comparison corpus, no per-file setup.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST https://api.htpbe.tech/v1/analyze <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer YOUR_API_KEY"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"url": "https://your-storage.example.com/statements/statement-dec.pdf"}'</span> </code></pre> </div> <p>The response includes both the verdict and the specific signals:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"modified"</span><span class="p">,</span><span class="w"> </span><span class="nl">"modification_confidence"</span><span class="p">:</span><span class="w"> </span><span class="s2">"high"</span><span class="p">,</span><span class="w"> </span><span class="nl">"modification_markers"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"PRODUCER_MISMATCH"</span><span class="p">,</span><span class="w"> </span><span class="s2">"INCREMENTAL_UPDATES"</span><span class="p">],</span><span class="w"> </span><span class="nl">"creator"</span><span class="p">:</span><span class="w"> </span><span class="s2">"HSBC Document Service"</span><span class="p">,</span><span class="w"> </span><span class="nl">"producer"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Smallpdf"</span><span class="p">,</span><span class="w"> </span><span class="nl">"creation_date"</span><span class="p">:</span><span class="w"> </span><span class="mi">1764547200</span><span class="p">,</span><span class="w"> </span><span class="nl">"modification_date"</span><span class="p">:</span><span class="w"> </span><span class="mi">1742688000</span><span class="p">,</span><span class="w"> </span><span class="nl">"xref_count"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>No original file required. No comparison. One HTTP call.</p> <h2> When to use one-sided analysis vs. comparison </h2> <p><strong>Use one-sided forensic analysis when:</strong></p> <ul> <li>You receive documents from third parties and do not have originals</li> <li>You process documents at scale and need automation</li> <li>You need to audit a backlog of documents you received in the past</li> <li>You are building this into an API workflow</li> </ul> <p><strong>Use comparison when:</strong></p> <ul> <li>You have both the original and the received version</li> <li>You want to see exactly what changed (field by field, pixel by pixel)</li> <li>You are doing manual forensic review of a specific document with known original</li> </ul> <p>These approaches are complementary, not competing. Forensic analysis tells you whether a document was modified. Comparison shows you what changed. In most fraud scenarios, you only have the modified version — comparison is not available to you.</p> <h2> Integrating into document intake </h2> <p>The pattern that works for any document intake workflow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">process_received_document</span><span class="p">(</span><span class="n">doc_url</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">doc_type</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">dict</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Run one-sided forensic analysis on a received document. doc_type: </span><span class="sh">"</span><span class="s">bank_statement</span><span class="sh">"</span><span class="s"> | </span><span class="sh">"</span><span class="s">invoice</span><span class="sh">"</span><span class="s"> | </span><span class="sh">"</span><span class="s">contract</span><span class="sh">"</span><span class="s"> | </span><span class="sh">"</span><span class="s">certificate</span><span class="sh">"</span><span class="s"> </span><span class="sh">"""</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">verify_pdf</span><span class="p">(</span><span class="n">doc_url</span><span class="p">)</span> <span class="c1"># see developer guide for full client code </span> <span class="k">if</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">intact</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">accept</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">check_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]}</span> <span class="k">if</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">modified</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">reject</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">check_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">markers</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">modification_markers</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">note</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Document shows forensic signs of post-creation modification</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="c1"># inconclusive — consumer software </span> <span class="c1"># For documents claiming institutional origin, treat as suspicious </span> <span class="n">institutional_doc_types</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">bank_statement</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">tax_certificate</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">official_contract</span><span class="sh">"</span><span class="p">}</span> <span class="k">if</span> <span class="n">doc_type</span> <span class="ow">in</span> <span class="n">institutional_doc_types</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">review</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">check_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">note</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Document origin (</span><span class="si">{</span><span class="n">result</span><span class="p">[</span><span class="sh">'</span><span class="s">producer</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">) inconsistent with </span><span class="si">{</span><span class="n">doc_type</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">accept</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">check_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]}</span> </code></pre> </div> <p>The <code>check_id</code> is stored alongside the document record. If a document is later disputed, the forensic report is retrievable via <code>GET /api/v1/result/{check_id}</code> — a permanent audit trail that does not require storing the original document.</p> <h2> What this means for compliance teams </h2> <p>For compliance workflows that receive third-party documents — KYC onboarding, loan applications, insurance claims, contract execution — one-sided fraud detection changes the math on document fraud detection. The same principle applies in <a href="https://htpbe.tech/blog/government-document-fraud-pdf-verification" rel="noopener noreferrer">government procurement and benefits programs</a>, where agencies receive permits, contractor credentials, and benefit application support documents from external parties without holding originals to compare against.</p> <p>Previously: catch fraud only when the original is available for comparison, or rely on manual review that misses structural signals.</p> <p>With forensic analysis: every received document is automatically checked against its own preserved history. The document does not need to be caught against an original. It just needs to have been modified.</p> <p>This is not foolproof — sophisticated forgery from scratch evades it. But it reliably catches the category of fraud that accounts for the majority of real-world document manipulation: taking a legitimate document and editing it with available tools.</p> pdf tutorial forensics api Freelance Developer vs IT Partner: What's the Difference? Iurii Rogulia Mon, 08 Jun 2026 10:00:33 +0000 https://dev.to/iurii_rogulia/freelance-developer-vs-it-partner-whats-the-difference-390d https://dev.to/iurii_rogulia/freelance-developer-vs-it-partner-whats-the-difference-390d <p>A developer's job is to build what you describe. An IT partner's job is to figure out what you should actually build — and then build it.</p> <p>That distinction sounds minor. It isn't.</p> <h2> The Same Budget, Two Different Outcomes </h2> <p>Here's a situation I've seen play out more than once.</p> <p>A company comes to a developer with a clear request: "We need a website with a product catalog and a contact form." The developer builds exactly that. The project delivers on time, on budget, technically correct. Six months later: no traffic, no leads, the catalog is already out of date because updating it requires technical skills nobody on the team has, and the contact form emails are going to an inbox nobody checks.</p> <p>The developer didn't do anything wrong. They did their job correctly. The problem is that someone needed to ask the business questions before a line of code was written — and that wasn't the developer's job.</p> <p>Now take the same company, same budget, same request — but this time they're talking to someone who asks questions first.</p> <p>Before any design or code, there's a 30-minute conversation. Who are your customers? How do they find you today? What do you want them to do when they arrive at your site? What happens after they submit a form — who sees it, and how fast? After those 30 minutes, the answer might look completely different: you don't need a catalog at all. You need a landing page built around the three services people actually buy, connected to your CRM so leads don't fall through the cracks.</p> <p>Same budget. Completely different outcome.</p> <h2> The Questions That Should Come Before the Code </h2> <p>When a new client describes a project to me, I spend the first part of the conversation asking about their business, not the technology. What are they selling, and to whom? What does success look like in 12 months? What's the most painful part of how things work today?</p> <p>The technology is how we solve the problem. Understanding the problem comes first.</p> <p>This matters especially for companies hiring outside IT help for the first time. If nobody is asking the business questions, you end up with technically correct solutions to the wrong problems. The code works. It just doesn't do what you needed.</p> <p>This is also where experience shows. After 25 years of development and 12 years as CTO of a logistics company, I've been involved in enough projects to recognize, early in a conversation, when someone is asking for a thing when they actually need a different thing. Sometimes what they've described is exactly right. But at least the idea has been pressure-tested before anyone starts building. When the stakes are higher — a major platform decision or an acquisition — that same discipline is what <a href="https://iurii.rogulia.fi/services/technical-due-diligence" rel="noopener noreferrer">technical due diligence</a> provides formally.</p> <p> slug="fractional-cto"<br> text="If you're not sure whether you need a developer or someone to own the bigger technical picture, that question itself is the answer. I work as an IT partner for growing businesses — asking the hard questions before a line of code is written."<br> /&gt;</p> <h2> What This Looks Like in Practice </h2> <p>An IT partner relationship doesn't mean your project takes longer or costs more. It means the conversation before the work is different.</p> <p>Instead of receiving a specification and starting immediately, there's a brief period of asking uncomfortable questions. What problem are we actually solving? Who will maintain this after it's built? What happens when it breaks? Is this the right tool for this job, or is it the tool you happened to think of first?</p> <p>Those questions take maybe a few hours. They can save months of rebuilding something that technically worked but practically didn't.</p> <p>The companies I do my best work with are the ones who come in willing to have that conversation — where the brief is a starting point for thinking, not a contract I'm being hired to execute. Those projects tend to be more focused, finish faster, and produce something the client actually uses rather than something that gets quietly shelved. The <a href="https://iurii.rogulia.fi/projects/pi-pi-b2b-ecommerce" rel="noopener noreferrer">pi-pi.ee</a> B2B platform — 28 languages, 32 EU markets, six payment methods — started with exactly that kind of conversation, not a specification document. The result was a system the team actually uses across borders, not a deliverable that got filed away. For a broader look at what this ownership model means day-to-day, see <a href="https://iurii.rogulia.fi/blog/what-fractional-cto-does" rel="noopener noreferrer">what a fractional CTO actually does</a>.</p> <p>If you have an IT project and you're not sure you're solving the right problem, <a href="https://iurii.rogulia.fi/contact" rel="noopener noreferrer">let's talk before you build anything</a>.</p> business itstrategy leadership cto Fake Invoice Detection: What PDF Metadata Reveals Iurii Rogulia Mon, 08 Jun 2026 10:00:31 +0000 https://dev.to/iurii_rogulia/fake-invoice-detection-what-pdf-metadata-reveals-14kp https://dev.to/iurii_rogulia/fake-invoice-detection-what-pdf-metadata-reveals-14kp <blockquote> <p>Originally published at <a href="https://htpbe.tech/blog/fake-invoice-detection-pdf-metadata" rel="noopener noreferrer">htpbe.tech</a>. The version on htpbe.tech stays in sync with the latest detection algorithm — refer to it for the canonical text.</p> </blockquote> <p>Invoice fraud costs businesses an estimated $300 billion annually. The majority of fraudulent invoices succeed not because they look convincing, but because the organizations receiving them rely entirely on visual review. The same detection logic that applies to invoices applies equally to contracts: <a href="https://htpbe.tech/blog/contract-fraud-how-altered-pdfs-bypass-legal-review" rel="noopener noreferrer">altered contract PDFs</a> change payment terms or bank details after signing, and <a href="https://htpbe.tech/blog/insurance-claims-fraud-altered-pdfs" rel="noopener noreferrer">insurance claims fraud</a> inflates repair estimates and medical bills before submission — using the same consumer editing tools and leaving the same structural traces.</p> <p>A finance team member opens a PDF, confirms the vendor name, checks the amount against a purchase order, and approves payment. What that review misses is invisible to the eye but readable in milliseconds by forensic analysis: who modified the file, with what software, and when.</p> <p>This guide covers what metadata signals reveal invoice fraud, how attackers modify invoices, and how to automate detection at scale.</p> <h2> Why visual review fails </h2> <p>Consider the most common invoice fraud pattern: business email compromise with modified bank details. An attacker intercepts a legitimate vendor invoice — either by compromising email or by social engineering — and replaces the bank account number before forwarding it to accounts payable. The invoice looks identical to every previous invoice from that vendor. The amount is correct. The logo is correct. The line items match the purchase order.</p> <p>The only thing that changed is two lines of text: the account number and the sort code.</p> <p>A human reviewer has no way to know the document was modified. The PDF looks the same as it always has. But the file is not the same — and the file preserves evidence that the human reviewer never sees.</p> <h2> What happens to a PDF when it is edited </h2> <p>PDF files store changes incrementally. When an editor opens a PDF and makes a change, the original content is preserved and the new content is appended. The file grows. A new cross-reference table (xref) entry is written at the end of the file pointing to the updated content.</p> <p>This means an invoice modified once has at least two xref tables. Modified three times: at least four. The original creation content is still in the file, alongside every subsequent edit. A forensic analysis reads this structure.</p> <p>Beyond structure, two other records are left:</p> <p><strong>The modification timestamp.</strong> PDF embeds a <code>ModDate</code> field in its Info dictionary. Many editors update this automatically when saving. An invoice from three months ago showing a modification date of yesterday has been touched recently.</p> <p><strong>The Producer field.</strong> This identifies the software that last processed the file. An invoice generated by an enterprise accounting system showing <code>iLovePDF</code> or <code>PDF24</code> as producer has been through a consumer PDF editor — something that should not appear on an original vendor invoice.</p> <h2> The four signals that catch most invoice fraud </h2> <h3> 1. Producer field mismatch </h3> <p>Legitimate invoices from vendors using professional billing systems — SAP, Oracle, QuickBooks, Xero, Sage — have consistent Producer fields reflecting their software stack. An invoice claiming to come from an enterprise vendor but showing a consumer editor as Producer is immediately suspect.</p> <p>This is the signal that catches the largest category of invoice fraud: attackers who download a legitimate invoice, open it in a free PDF editor to change the bank details, and re-save it. The editor writes its own name into the Producer field.</p> <h3> 2. Modification date after receipt </h3> <p>If you record when a document was received and compare it against the document’s embedded modification date, a modification date that post-dates receipt is impossible under normal circumstances. The document was modified after you received it — either before forwarding within your organization, or by someone who intercepted and re-sent it.</p> <h3> 3. Multiple xref tables in a single-session document </h3> <p>A document generated once by an accounting system should have one xref table representing a single authoring session. Multiple xref tables in what should be a freshly generated document indicate editing after generation.</p> <p>This signal requires context: some legitimate documents do have multiple xref tables (signed documents that had a signature field added, for example). Combined with other signals, it becomes highly indicative.</p> <h3> 4. Metadata completeness and consistency </h3> <p>Professional invoicing software generates documents with complete, consistent metadata: creator, producer, creation date, modification date all populated and coherent. Fabricated or heavily modified invoices frequently have incomplete metadata — missing dates, empty creator fields, or timestamps that are clearly defaults rather than real values.</p> <p>A metadata completeness score below a threshold is not proof of fraud, but it raises the probability of a non-institutional document origin.</p> <h2> What attackers do — and what gives them away </h2> <p><strong>Bank detail replacement (most common).</strong> Attacker opens the invoice in any PDF editor, modifies the account number, saves. Result: Producer field changes to the editor’s name. Modification date updates. Xref count increases.</p> <p><strong>Amount modification.</strong> Attacker inflates the invoice total. Same signals as bank detail replacement, plus often a date anomaly if the original invoice had been on file for a while before the modification.</p> <p><strong>Duplicate invoice with modified details.</strong> Attacker copies an old invoice and modifies multiple fields. The file retains the original’s creation date but shows a recent modification date — and often a different Producer than the original.</p> <p><strong>Fabricated invoice from scratch.</strong> Attacker builds a new invoice in design software (Canva, Microsoft Word, Google Docs) and exports to PDF. The Creator field reveals the software used. The document lacks the structural characteristics of professionally generated invoices. This is the pattern <code>inconclusive</code> verdicts often catch — the origin is consumer software, which is incompatible with a claimed enterprise vendor.</p> <h2> Automated detection in an AP workflow </h2> <p>The pattern for AP automation:</p> <ol> <li>Vendor submits invoice (email attachment, supplier portal upload, EDI)</li> <li>Before any human touches it, run forensic analysis via the <a href="https://htpbe.tech/api" rel="noopener noreferrer">invoice fraud detection API</a> </li> <li>Route based on verdict: <code>intact</code> → normal processing, <code>modified</code> → flag for investigation, <code>inconclusive</code> → secondary review if the vendor claims enterprise billing system </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">httpx</span> <span class="kn">import</span> <span class="n">os</span> <span class="n">API_KEY</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">HTPBE_API_KEY</span><span class="sh">"</span><span class="p">]</span> <span class="n">BASE_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://api.htpbe.tech/v1</span><span class="sh">"</span> <span class="n">HEADERS</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Bearer </span><span class="si">{</span><span class="n">API_KEY</span><span class="si">}</span><span class="sh">"</span><span class="p">}</span> <span class="k">def</span> <span class="nf">check_invoice</span><span class="p">(</span><span class="n">invoice_url</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">vendor_name</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">dict</span><span class="p">:</span> <span class="sh">"""</span><span class="s"> Run forensic analysis on an invoice PDF. Returns a dict with action and details for the AP system. </span><span class="sh">"""</span> <span class="n">submit</span> <span class="o">=</span> <span class="n">httpx</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/analyze</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">HEADERS</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="n">invoice_url</span><span class="p">},</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">30</span><span class="p">,</span> <span class="p">)</span> <span class="n">submit</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="n">check_id</span> <span class="o">=</span> <span class="n">submit</span><span class="p">.</span><span class="nf">json</span><span class="p">()[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]</span> <span class="n">result</span> <span class="o">=</span> <span class="n">httpx</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/result/</span><span class="si">{</span><span class="n">check_id</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">HEADERS</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">30</span><span class="p">,</span> <span class="p">)</span> <span class="n">result</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="n">data</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="n">status</span> <span class="o">=</span> <span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">]</span> <span class="n">markers</span> <span class="o">=</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">modification_markers</span><span class="sh">"</span><span class="p">,</span> <span class="p">[])</span> <span class="n">producer</span> <span class="o">=</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">producer</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">unknown</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">intact</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">process</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">vendor</span><span class="sh">"</span><span class="p">:</span> <span class="n">vendor_name</span><span class="p">,</span> <span class="sh">"</span><span class="s">check_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">check_id</span><span class="p">,</span> <span class="p">}</span> <span class="k">if</span> <span class="n">status</span> <span class="o">==</span> <span class="sh">"</span><span class="s">modified</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">hold</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">vendor</span><span class="sh">"</span><span class="p">:</span> <span class="n">vendor_name</span><span class="p">,</span> <span class="sh">"</span><span class="s">check_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">check_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">reason</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Forensic markers detected: </span><span class="si">{</span><span class="sh">'</span><span class="s">, </span><span class="sh">'</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">markers</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">producer</span><span class="sh">"</span><span class="p">:</span> <span class="n">producer</span><span class="p">,</span> <span class="p">}</span> <span class="c1"># inconclusive — consumer software origin </span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">review</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">vendor</span><span class="sh">"</span><span class="p">:</span> <span class="n">vendor_name</span><span class="p">,</span> <span class="sh">"</span><span class="s">check_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">check_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">reason</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Invoice generated by consumer software: </span><span class="si">{</span><span class="n">producer</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>The <code>check_id</code> returned by the API is a permanent reference — link it to your invoice record so your finance team can view the full forensic report when investigating a flagged payment.</p> <h2> What to do when an invoice is flagged </h2> <p>A <code>modified</code> verdict does not automatically mean fraud. It means the file was edited. Legitimate reasons exist: a vendor corrected a typo, your team redacted sensitive information before filing, a PDF printer regenerated the file during email transmission.</p> <p>The forensic report tells you which specific signals triggered the verdict. <code>PRODUCER_MISMATCH</code> with <code>iLovePDF</code> as producer and a recent modification date is a strong fraud signal. A single extra xref table with no modification date change and a consistent Producer may warrant calling the vendor to confirm the document is unchanged.</p> <p>The response workflow:</p> <ol> <li>Put the payment on hold immediately</li> <li>Retrieve the full forensic report (the <code>check_id</code> links to it in your dashboard)</li> <li>Contact the vendor through a checked channel — not by replying to the email that carried the invoice</li> <li>Confirm account details verbally or through your vendor portal</li> <li>If fraud is confirmed: report to your bank immediately (many jurisdictions have 24-hour windows for payment recall), and to relevant law enforcement</li> </ol> <h2> False positive rate </h2> <p>Modern forensic PDF analysis on invoice documents has a low false positive rate for the specific case of bank detail modification — the most common fraud pattern. Producer field analysis is highly specific: a vendor that generates invoices through a professional billing system will have a consistent Producer across all invoices. Deviation is meaningful.</p> <p>The higher false positive rate appears in edge cases: vendors who genuinely do use consumer PDF tools (small sole traders using Canva invoices), documents that were legitimately converted between formats, or signed documents where the signing software appended its own xref entry.</p> <p>For these cases, the <code>inconclusive</code> verdict is the appropriate output rather than <code>modified</code>. A sole trader using Google Docs to generate invoices will return <code>inconclusive</code>, not <code>modified</code> — flagged for review rather than automatic rejection.</p> <h2> Scaling the check </h2> <p>For high-volume AP operations, the check runs asynchronously and takes under two seconds per document. At the Growth plan rate, 350 checks per month covers roughly 12 invoice checks per working day — appropriate for a mid-size AP team. The Pro plan (1,500 checks) covers up to 50 checks per day.</p> <p>The cost per prevented fraudulent payment is essentially zero. The average business email compromise invoice fraud loss is $50,000–$200,000 per incident. A month of Pro API access costs $499.</p> pdf tutorial fraud api Reverse-Charge VAT for B2B SaaS: Node.js Implementation Checklist Iurii Rogulia Mon, 08 Jun 2026 09:00:37 +0000 https://dev.to/iurii_rogulia/reverse-charge-vat-for-b2b-saas-nodejs-implementation-checklist-5ej4 https://dev.to/iurii_rogulia/reverse-charge-vat-for-b2b-saas-nodejs-implementation-checklist-5ej4 <blockquote> <p>Originally published at <a href="https://vatnode.dev/blog/reverse-charge-vat-saas-implementation-checklist" rel="noopener noreferrer">vatnode.dev</a>. The version on vatnode.dev is the canonical source — refer to it for the latest content.</p> </blockquote> <p>Most EU B2B SaaS billing systems converge on the same flow: the buyer enters a VAT ID at checkout, the seller validates it, and if the validation passes the invoice is issued <strong>without VAT</strong> and labelled as a reverse-charge supply. The mechanism itself is well-documented in <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02006L0112-20240101" rel="noopener noreferrer">Council Directive 2006/112/EC</a> — Article 44 (place of supply of services to a taxable person) and Article 196 (the reverse charge for services). What is less well-documented is what your code actually has to do to implement it correctly. This is that checklist.</p> <p>This post focuses on SaaS — i.e. services, not goods. Article 138 (intra-EU supply of goods) and the related goods-side rules sit on a different code path and are out of scope here. Scope-wise, this post also stops at the invoice-issuance boundary: credit notes, partial refunds, subscription proration, jurisdiction-specific invoice immutability rules, and the e-invoicing / Peppol direction that EU member states are converging on each deserve their own treatment.</p> <p>The <a href="https://vatnode.dev/guides/vat-reverse-charge" rel="noopener noreferrer">reverse-charge concept guide</a> covers the legal frame. This post is the engineering counterpart: what to validate, when to flag, what to store, and where the real-world edge cases sit.</p> <h2> Preconditions: when reverse-charge applies </h2> <p>Before any code runs, four conditions need to hold for a B2B SaaS supply to qualify for reverse-charge treatment:</p> <ol> <li> <strong>You (the seller) are established in one EU member state.</strong> If you are outside the EU but selling into it, different rules apply — OSS / IOSS are simplification schemes for distance sales and certain B2C / low-value flows; they sit alongside reverse-charge, not in opposition to it, and a non-EU seller's path to B2B EU customers may still involve a reverse-charge treatment under local rules. They are not the topic of this post.</li> <li> <strong>The buyer is established in a different EU member state</strong> from you.</li> <li> <strong>The buyer is a taxable person</strong> — i.e. a business registered for VAT — and you can demonstrate it. National tax authorities accept "reasonable evidence" of taxable-person status, but a VIES-confirmed validation with a stored consultation number is the strongest practical standard most SaaS companies can produce and the one auditors are most likely to expect by default.</li> <li> <strong>The service falls under the general B2B rule</strong> (Article 44). For most SaaS — software access, hosting, support — it does. Edge cases (telecoms, broadcasting, certain digital services to specific buyers) can land under different place-of-supply rules.</li> </ol> <p>If any of these fails, your invoice is <strong>not</strong> a reverse-charge invoice. Domestic supplies, B2C supplies, and supplies to buyers in your own member state all charge VAT normally.</p> <blockquote> <p>The most common bug we see in early-stage B2B SaaS billing is treating "the buyer entered a VAT ID" as sufficient. It isn't. The VAT ID has to be <strong>valid in VIES</strong>, the buyer's country has to differ from yours, and you have to keep evidence of the check. Skipping any one of those puts you in the position of having issued zero-VAT invoices that an auditor can reclassify as VAT-inclusive, with you on the hook for the missing VAT.</p> </blockquote> <h2> The decision function </h2> <p>The whole thing collapses into a single decision function that runs on every B2B invoice. Everything else in this post is what feeds it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">type</span> <span class="nx">ReverseChargeDecision</span> <span class="o">=</span> <span class="o">|</span> <span class="p">{</span> <span class="na">applyReverseCharge</span><span class="p">:</span> <span class="kc">true</span><span class="p">;</span> <span class="nl">evidence</span><span class="p">:</span> <span class="nx">VatEvidence</span> <span class="p">}</span> <span class="o">|</span> <span class="p">{</span> <span class="na">applyReverseCharge</span><span class="p">:</span> <span class="kc">false</span><span class="p">;</span> <span class="nl">reason</span><span class="p">:</span> <span class="nx">ReverseChargeBlockedReason</span> <span class="p">}</span> <span class="kd">type</span> <span class="nx">ReverseChargeBlockedReason</span> <span class="o">=</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">BUYER_SAME_COUNTRY_AS_SELLER</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">BUYER_VAT_INVALID</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">BUYER_VAT_NOT_PROVIDED</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">BUYER_OUTSIDE_EU</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">VIES_UNAVAILABLE_NO_FALLBACK</span><span class="dl">'</span> <span class="kr">interface</span> <span class="nx">VatEvidence</span> <span class="p">{</span> <span class="nl">vatId</span><span class="p">:</span> <span class="kr">string</span> <span class="nx">source</span><span class="p">:</span> <span class="dl">'</span><span class="s1">VIES</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">NATIONAL_FALLBACK</span><span class="dl">'</span> <span class="nx">consultationNumber</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span> <span class="nx">traderName</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span> <span class="nx">traderAddress</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span> <span class="nx">checkedAt</span><span class="p">:</span> <span class="kr">string</span> <span class="c1">// ISO timestamp</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">decideReverseCharge</span><span class="p">(</span><span class="nx">input</span><span class="p">:</span> <span class="p">{</span> <span class="nl">sellerCountry</span><span class="p">:</span> <span class="kr">string</span> <span class="nx">buyer</span><span class="p">:</span> <span class="p">{</span> <span class="nl">country</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">vatId</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span> <span class="p">}</span> <span class="nl">vatCheck</span><span class="p">:</span> <span class="nx">VatCheckResult</span> <span class="o">|</span> <span class="kc">null</span> <span class="p">}):</span> <span class="nx">ReverseChargeDecision</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">input</span><span class="p">.</span><span class="nx">buyer</span><span class="p">.</span><span class="nx">vatId</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">applyReverseCharge</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">reason</span><span class="p">:</span> <span class="dl">'</span><span class="s1">BUYER_VAT_NOT_PROVIDED</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">isEUCountry</span><span class="p">(</span><span class="nx">input</span><span class="p">.</span><span class="nx">buyer</span><span class="p">.</span><span class="nx">country</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">applyReverseCharge</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">reason</span><span class="p">:</span> <span class="dl">'</span><span class="s1">BUYER_OUTSIDE_EU</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">input</span><span class="p">.</span><span class="nx">buyer</span><span class="p">.</span><span class="nx">country</span> <span class="o">===</span> <span class="nx">input</span><span class="p">.</span><span class="nx">sellerCountry</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">applyReverseCharge</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">reason</span><span class="p">:</span> <span class="dl">'</span><span class="s1">BUYER_SAME_COUNTRY_AS_SELLER</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">input</span><span class="p">.</span><span class="nx">vatCheck</span> <span class="o">||</span> <span class="o">!</span><span class="nx">input</span><span class="p">.</span><span class="nx">vatCheck</span><span class="p">.</span><span class="nx">valid</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">applyReverseCharge</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">reason</span><span class="p">:</span> <span class="dl">'</span><span class="s1">BUYER_VAT_INVALID</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">applyReverseCharge</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">evidence</span><span class="p">:</span> <span class="p">{</span> <span class="na">vatId</span><span class="p">:</span> <span class="nx">input</span><span class="p">.</span><span class="nx">vatCheck</span><span class="p">.</span><span class="nx">vatId</span><span class="p">,</span> <span class="na">source</span><span class="p">:</span> <span class="nx">input</span><span class="p">.</span><span class="nx">vatCheck</span><span class="p">.</span><span class="nx">source</span><span class="p">,</span> <span class="na">consultationNumber</span><span class="p">:</span> <span class="nx">input</span><span class="p">.</span><span class="nx">vatCheck</span><span class="p">.</span><span class="nx">consultationNumber</span><span class="p">,</span> <span class="na">traderName</span><span class="p">:</span> <span class="nx">input</span><span class="p">.</span><span class="nx">vatCheck</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">traderAddress</span><span class="p">:</span> <span class="nx">input</span><span class="p">.</span><span class="nx">vatCheck</span><span class="p">.</span><span class="nx">address</span><span class="p">,</span> <span class="na">checkedAt</span><span class="p">:</span> <span class="nx">input</span><span class="p">.</span><span class="nx">vatCheck</span><span class="p">.</span><span class="nx">checkedAt</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>That function should be pure, deterministic, and called from exactly one place in your billing code path. If reverse-charge decisions are scattered across the checkout UI, the invoice renderer, and the Stripe webhook handler, the audit trail will be impossible to reason about later.</p> <h2> Step 1: validate the buyer VAT ID </h2> <p>The validation step is the one place where "reasonable steps to verify" is operationalised in code. A VIES-confirmed validation, with a consultation number and a stored result, is the strongest evidence most SaaS companies can produce.</p> <p>The full validation pipeline is covered in the <a href="https://vatnode.dev/guides/vat-validation-nodejs" rel="noopener noreferrer">Node.js VAT validation guide</a>; the relevant outputs here are:</p> <ul> <li> <code>valid</code> (boolean)</li> <li> <code>source</code> — <code>VIES</code> or a national-fallback source when VIES was degraded</li> <li> <code>consultationNumber</code> — the requester-qualified reference described in the <a href="https://vatnode.dev/blog/vies-consultation-number-explained" rel="noopener noreferrer">VIES consultation number guide</a> </li> <li> <code>name</code> and <code>address</code> — the trader details VIES returns (when not opted out)</li> <li> <code>checkedAt</code> — the timestamp of the check</li> </ul> <p>What matters for reverse-charge specifically:</p> <ul> <li> <strong>The validation must be requester-qualified.</strong> Call <code>checkVatApprox</code> with your own VAT ID as the requester, not the bare <code>checkVat</code>. Only the requester-qualified call produces a consultation number.</li> <li> <strong>A "valid" result from a national-registry fallback is not equivalent to a VIES "valid".</strong> A buyer can be active in a national company registry without being VAT-registered for intra-EU operations. If your fallback path returned a non-VIES source, flag the invoice for re-validation once VIES recovers, and record <code>requires_recheck = true</code>.</li> <li> <strong>A <code>MS_UNAVAILABLE</code> from VIES is not "invalid".</strong> It is a transport signal. Handle it with retry and fallback patterns as covered in the <a href="https://vatnode.dev/blog/vies-downtime-guide" rel="noopener noreferrer">VIES downtime guide</a>; do not flip the buyer to a VAT-charged invoice just because VIES is having a bad afternoon.</li> </ul> <h2> Step 2: the country-comparison rule </h2> <p>Reverse-charge applies only when buyer and seller are in <strong>different</strong> EU member states. The two ways teams get this wrong:</p> <ol> <li> <strong>Using the buyer's billing address country instead of the country of the VAT ID.</strong> They should match (and you should require them to match), but if they do not, you cannot resolve the ambiguity yourself. Place of supply is determined by where the buyer is established as a taxable person, not by either the billing address or the VAT ID prefix in isolation — but for an automated checkout, the VAT ID prefix is the strongest signal you have, and a mismatch between it and the billing country is a signal to stop and ask. If a Spanish company with <code>ES</code>-prefixed VAT ID enters a Portuguese billing address, reject the mismatch at checkout rather than guess.</li> <li> <strong>Treating domestic intra-country supplies as reverse-charge.</strong> A German seller selling to a German buyer charges 19% German VAT. Reverse-charge does <strong>not</strong> apply, regardless of how clean the buyer's VAT ID is. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">isReverseChargeEligibleByGeography</span><span class="p">(</span> <span class="nx">sellerCountry</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">buyerVatId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">buyerBillingCountry</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">):</span> <span class="p">{</span> <span class="nl">ok</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">reason</span><span class="p">?:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">vatPrefix</span> <span class="o">=</span> <span class="nx">buyerVatId</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">2</span><span class="p">).</span><span class="nf">toUpperCase</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="nx">vatPrefix</span> <span class="o">!==</span> <span class="nx">buyerBillingCountry</span><span class="p">.</span><span class="nf">toUpperCase</span><span class="p">())</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">reason</span><span class="p">:</span> <span class="dl">'</span><span class="s1">VAT_ID_COUNTRY_DOES_NOT_MATCH_BILLING</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nf">isEUCountry</span><span class="p">(</span><span class="nx">vatPrefix</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">reason</span><span class="p">:</span> <span class="dl">'</span><span class="s1">BUYER_OUTSIDE_EU</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">vatPrefix</span> <span class="o">===</span> <span class="nx">sellerCountry</span><span class="p">.</span><span class="nf">toUpperCase</span><span class="p">())</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">reason</span><span class="p">:</span> <span class="dl">'</span><span class="s1">BUYER_SAME_COUNTRY_AS_SELLER</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Note that the EU country list is a moving target on the margins — Brexit removed <code>GB</code>, and <code>XI</code> (Northern Ireland) is special-cased for goods only. Pull the membership check from a maintained source rather than hardcoding it; the <code>eu-vat-rates-data</code> package exposes an <code>isEUMember()</code> helper that tracks this for you.</p> <h2> Step 3: render the invoice correctly </h2> <p>The invoice itself has formal requirements when reverse-charge applies. From Article 226 of <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02006L0112-20240101" rel="noopener noreferrer">Directive 2006/112/EC</a>, invoices for reverse-charge supplies must include:</p> <ul> <li>The buyer's VAT identification number</li> <li>The seller's VAT identification number</li> <li>A reference to the reverse-charge mechanism — typically the wording <strong>"Reverse charge"</strong> (Article 226(11a))</li> <li>A reference to the legal basis, when local rules require it (e.g., "Article 196 of Directive 2006/112/EC" or the national-law equivalent)</li> <li>Zero VAT amount and a clear line that VAT is not charged</li> </ul> <p>In practice, the minimum that satisfies tax authorities across member states is the phrase "Reverse charge" plus the buyer VAT ID. Some authorities expect the legal citation; if you serve customers across all 27 member states, include it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">renderInvoiceTotals</span><span class="p">(</span><span class="nx">invoice</span><span class="p">:</span> <span class="nx">Invoice</span><span class="p">,</span> <span class="nx">decision</span><span class="p">:</span> <span class="nx">ReverseChargeDecision</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">decision</span><span class="p">.</span><span class="nx">applyReverseCharge</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">subtotal</span><span class="p">:</span> <span class="nx">invoice</span><span class="p">.</span><span class="nx">subtotal</span><span class="p">,</span> <span class="na">vatRate</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="na">vatAmount</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="na">total</span><span class="p">:</span> <span class="nx">invoice</span><span class="p">.</span><span class="nx">subtotal</span><span class="p">,</span> <span class="na">vatNote</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Reverse charge — VAT to be accounted for by the recipient </span><span class="dl">'</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">(Article 196 of Council Directive 2006/112/EC).</span><span class="dl">'</span><span class="p">,</span> <span class="na">buyerVatId</span><span class="p">:</span> <span class="nx">decision</span><span class="p">.</span><span class="nx">evidence</span><span class="p">.</span><span class="nx">vatId</span><span class="p">,</span> <span class="na">sellerVatId</span><span class="p">:</span> <span class="nx">invoice</span><span class="p">.</span><span class="nx">seller</span><span class="p">.</span><span class="nx">vatId</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">vatRate</span> <span class="o">=</span> <span class="nf">lookupVatRate</span><span class="p">(</span><span class="nx">invoice</span><span class="p">.</span><span class="nx">buyer</span><span class="p">.</span><span class="nx">country</span><span class="p">,</span> <span class="nx">invoice</span><span class="p">.</span><span class="nx">lineItems</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="na">subtotal</span><span class="p">:</span> <span class="nx">invoice</span><span class="p">.</span><span class="nx">subtotal</span><span class="p">,</span> <span class="nx">vatRate</span><span class="p">,</span> <span class="na">vatAmount</span><span class="p">:</span> <span class="nf">round2</span><span class="p">(</span><span class="nx">invoice</span><span class="p">.</span><span class="nx">subtotal</span> <span class="o">*</span> <span class="nx">vatRate</span><span class="p">),</span> <span class="na">total</span><span class="p">:</span> <span class="nf">round2</span><span class="p">(</span><span class="nx">invoice</span><span class="p">.</span><span class="nx">subtotal</span> <span class="o">*</span> <span class="p">(</span><span class="mi">1</span> <span class="o">+</span> <span class="nx">vatRate</span><span class="p">)),</span> <span class="na">vatNote</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> <span class="na">buyerVatId</span><span class="p">:</span> <span class="nx">invoice</span><span class="p">.</span><span class="nx">buyer</span><span class="p">.</span><span class="nx">vatId</span> <span class="o">??</span> <span class="kc">null</span><span class="p">,</span> <span class="na">sellerVatId</span><span class="p">:</span> <span class="nx">invoice</span><span class="p">.</span><span class="nx">seller</span><span class="p">.</span><span class="nx">vatId</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>If you are using Stripe, the <code>tax_behavior</code> and <code>customer_tax_ids</code> fields on <code>Invoice</code> / <code>Subscription</code> objects participate in this — Stripe will mark the line as reverse-charge if you have configured Stripe Tax appropriately, but the <strong>legal responsibility for the invoice contents remains yours</strong>. Treat Stripe's tax engine as a helper, not as the source of truth for the wording on the document.</p> <h2> Step 4: store audit evidence </h2> <p>The single most useful audit habit is to write the evidence next to the invoice, not in a separate validation log nobody links back. A reverse-charge invoice row should carry, at minimum:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">invoices</span> <span class="k">ADD</span> <span class="k">COLUMN</span> <span class="n">reverse_charge_applied</span> <span class="nb">boolean</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="k">false</span><span class="p">;</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">invoices</span> <span class="k">ADD</span> <span class="k">COLUMN</span> <span class="n">buyer_vat_id</span> <span class="nb">text</span><span class="p">;</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">invoices</span> <span class="k">ADD</span> <span class="k">COLUMN</span> <span class="n">buyer_vat_source</span> <span class="nb">text</span><span class="p">;</span> <span class="c1">-- 'VIES' | 'NATIONAL_FALLBACK'</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">invoices</span> <span class="k">ADD</span> <span class="k">COLUMN</span> <span class="n">buyer_vat_consultation_no</span> <span class="nb">text</span><span class="p">;</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">invoices</span> <span class="k">ADD</span> <span class="k">COLUMN</span> <span class="n">buyer_vat_checked_at</span> <span class="n">timestamptz</span><span class="p">;</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">invoices</span> <span class="k">ADD</span> <span class="k">COLUMN</span> <span class="n">buyer_vat_trader_name</span> <span class="nb">text</span><span class="p">;</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">invoices</span> <span class="k">ADD</span> <span class="k">COLUMN</span> <span class="n">buyer_vat_requires_recheck</span> <span class="nb">boolean</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="k">DEFAULT</span> <span class="k">false</span><span class="p">;</span> </code></pre> </div> <p>The reason to denormalise this onto the invoice — rather than keep it as a foreign key to a <code>vat_checks</code> table — is that VAT IDs can be deregistered after the fact. The evidence you care about is the state at the moment of the supply. If you only keep a pointer to the latest check, a buyer whose VAT ID expires next year will appear "invalid" against last year's invoices, and you will not be able to reconstruct what your audit posture was when you issued them. The broader <a href="https://vatnode.dev/guides/vat-audit-trail" rel="noopener noreferrer">VAT audit trail guide</a> covers the cross-table schema.</p> <p>A background job should reconcile <code>requires_recheck = true</code> rows against VIES when the relevant national node recovers, and update <code>source</code>, <code>consultation_no</code>, and <code>requires_recheck</code> accordingly. The invoice itself does not change — what changes is the evidence row attached to it.</p> <p>One more thing worth surfacing in the schema: <strong>retention</strong>. EU member states set their own statutory retention periods for invoices and supporting tax evidence (commonly 5–10 years, jurisdiction-dependent), and the audit evidence attached to a reverse-charge invoice falls under the same regime as the invoice itself. Pick the longest retention horizon among the jurisdictions you serve and use it as the floor; do not let log-rotation or "tidying up old rows" routines silently truncate this table.</p> <h2> Step 5: handle the edge cases </h2> <p>These are the cases most early implementations miss:</p> <ul> <li> <strong>VAT ID deregistered after the invoice was issued.</strong> Not your problem at the moment of supply, provided the validation was genuine at the time. Keep the original <code>checked_at</code> and <code>consultation_no</code>; the audit position is "valid at time of supply", not "still valid today".</li> <li> <strong>Buyer changes their VAT ID mid-subscription.</strong> Treat as a new validation. Re-validate, store fresh evidence on the next invoice, and consider whether your subscription model needs a <code>vat_id_history</code> audit trail.</li> <li> <strong>Buyer downgrades from B2B to B2C</strong> (e.g., they remove the VAT ID from their account). Subsequent invoices are no longer reverse-charge. Make sure your subscription renewal path re-evaluates the decision function on every invoice, not just at sign-up.</li> <li> <strong>You change member state.</strong> Rare but real for early-stage companies relocating. From the relocation date forwards, the country-comparison rule changes for every existing customer. Re-evaluate.</li> <li> <strong>VIES says invalid for a known-good customer.</strong> Surface a clear UX path: keep the customer on a paid plan (do not lock them out), invoice with VAT temporarily (depending on local invoicing rules — in some jurisdictions a later correction via credit note plus reissued invoice is the cleaner path than holding the invoice in limbo), and let them re-submit the VAT ID. Cache the failure for a short window only (5–15 minutes), as discussed in the <a href="https://vatnode.dev/blog/vies-downtime-guide" rel="noopener noreferrer">VIES downtime guide</a>.</li> <li> <strong><code>MS_UNAVAILABLE</code> at invoice-generation time.</strong> This is the most subtle case. You cannot prove the VAT ID is currently valid, but you may have a fresh successful check from an hour ago. The defensible position is: rely on the most recent successful VIES check within a documented cache window (often 24 hours), and queue an async re-check. Do not silently flip the invoice to VAT-inclusive in response to a transient VIES outage.</li> <li> <strong>Buyer in Northern Ireland (<code>XI</code> prefix).</strong> Post-Brexit, <code>XI</code> exists under the Windsor Framework specifically for the intra-EU <strong>goods</strong> regime — Northern Ireland businesses dealing in goods remain inside the EU VAT system for those flows, even though the rest of the UK does not. For SaaS (services), <code>XI</code> is not the right identifier; the relevant prefix for UK-based buyers is <code>GB</code>, which is outside the EU VAT system entirely. Treat <code>GB</code> as <code>BUYER_OUTSIDE_EU</code> for the reverse-charge decision, and if a buyer presents an <code>XI</code> VAT ID for a services supply, treat the prefix as a signal to ask for the underlying <code>GB</code> VAT ID rather than blindly accepting it.</li> </ul> <h2> The minimum viable implementation checklist </h2> <p>If you implement nothing else, implement this list:</p> <ol> <li>Validate the buyer VAT ID through VIES with a requester-qualified call.</li> <li>Store the consultation number, source, trader name, and <code>checked_at</code> next to the invoice.</li> <li>Re-run the decision function on every invoice, not just at sign-up.</li> <li>Render "Reverse charge — Article 196 of Directive 2006/112/EC" on the invoice when the decision is true.</li> <li>Have a background job that flips <code>requires_recheck = false</code> once VIES has confirmed a fallback-sourced validation.</li> <li>Never silently flip a customer from reverse-charge to VAT-inclusive in response to a transient VIES outage.</li> </ol> <p>Everything else — checkout UX, tax-rate lookup for non-reverse-charge cases, OSS/IOSS for non-EU buyers — sits on top of those six.</p> <blockquote> <h3> Skip the pipeline boilerplate </h3> <p>vatnode runs the full requester-qualified VIES call (with consultation number), national-registry fallback when VIES is degraded, and a stable response shape across all 27 member states. If you want to keep the decision function in your own code but stop maintaining SOAP, fallback clients, and per-country regex, that is what the API is for.</p> <p><a href="https://vatnode.dev/register" rel="noopener noreferrer">Get a free API key</a> · <a href="https://vatnode.dev/vies-api-alternative" rel="noopener noreferrer">VIES API alternative</a> · <a href="https://vatnode.dev/guides/vat-reverse-charge" rel="noopener noreferrer">Reverse-charge concept guide</a></p> </blockquote> tax webdev europe