> ## Documentation Index
> Fetch the complete documentation index at: https://developers.luminpdf.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Add Password

> Add or change password protection on a PDF document and return the encrypted file as a temporary download URL.

<Accordion title="Required scopes (OAuth 2.0)" icon="key">
  This endpoint requires the following scope:

  `pdf:files`
</Accordion>


## OpenAPI

````yaml tabs/api-reference/lumin-openapi.yaml POST /documents/add-password
openapi: 3.1.0
info:
  version: 1.0.0
  title: Lumin API Reference
  description: >
    The Lumin API Reference provides a comprehensive set of tools to integrate
    document workflows — including editing, eSignatures, and automation — into
    your applications.


    Useful links:

    - [Document Repository](https://github.com/luminpdf/luminsign-docs)

    - [API
    Definition](https://github.com/luminpdf/luminsign-docs/blob/main/openapi.yaml)

    - [Authentication Guide](/tabs/guides/authentication/overview)
  termsOfService: https://www.luminpdf.com/terms-of-use/
  contact:
    name: API Support
    email: integration@luminpdf.com
    url: https://help.luminpdf.com
servers:
  - url: https://api.luminpdf.com/v1
    description: Production server
security: []
tags:
  - name: Signature Requests
    description: Everything about Signature Requests
  - name: Users
    description: Everything about Users
  - name: Templates
    description: Everything about Templates
  - name: Documents
    description: Everything about Documents
  - name: Workspaces
    description: Everything about Workspaces
  - name: Agreements
    description: Everything about Agreements
paths:
  /documents/add-password:
    post:
      tags:
        - Documents
      summary: Add Password
      description: >
        Add or change password protection on a PDF document and return the
        encrypted file as a temporary download URL.


        The document can be specified by a Lumin document ID or by a publicly
        accessible file URL.


        - If the document has **no password**, it will be encrypted with the
        provided `password`.

        - If the document **already has a password**, provide `current_password`
        to authorize the change, and `password` for the new one.


        The output file is **temporary** — the `signed_url` expires after 30
        minutes. To persist the result, download and re-upload via [Create
        Document](/tabs/api-reference/api/documents/create-document).


        **Supported file type:** PDF only.


        **Plan restrictions:** Available on **Business** plans only.


        **Password requirements:** 4–32 characters.


        **File URL restrictions:** Only URLs from allowed domains are accepted
        (`api.luminpdf.com`, `*.s3.amazonaws.com`, `*.s3.*.amazonaws.com`).
        Redirecting URLs are not supported.


        **Input priority:** If both `document_id` and `file_url` are provided,
        `document_id` takes priority and `file_url` is ignored.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DocumentAddPasswordRequest'
            examples:
              add-password:
                summary: Add password to unprotected document
                value:
                  document_id: 695dd6880d951f4de70a7c5d
                  password: YOUR_PDF_PASSWORD
              change-password:
                summary: Change existing password
                value:
                  document_id: 695dd6880d951f4de70a7c5d
                  password: YOUR_NEW_PDF_PASSWORD
                  current_password: YOUR_CURRENT_PDF_PASSWORD
      responses:
        '200':
          description: Returns a temporary download URL for the password-protected PDF.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DocumentOperationResponse'
              example:
                document_name: protected_Patient Information Form.pdf
                signed_url: https://files.luminpdf.com/download/pw-abc123?token=xyz789
                expires_at: 1755526530000
            application/pdf:
              schema:
                type: string
                format: binary
        4XX:
          description: Unexpected error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
      security:
        - ApiKey: []
        - BearerAuth:
            - pdf:files
components:
  schemas:
    DocumentAddPasswordRequest:
      type: object
      required:
        - password
      properties:
        document_id:
          type: string
          description: >
            Lumin document ID of the PDF.

            Required when `file_url` is not provided. Takes priority if both are
            provided.


            To obtain a document ID, upload the file to Lumin first using
            [Upload
            Document](/tabs/api-reference/api/documents/create-document).
        file_url:
          type: string
          format: uri
          description: >
            Publicly accessible URL of the PDF file.

            Required when `document_id` is not provided. Ignored if
            `document_id` is also provided.
        document_name:
          type: string
          minLength: 1
          maxLength: 255
          description: >-
            Name of the output file. Defaults to `protected_{original document
            name}`.
        password:
          type: string
          minLength: 4
          maxLength: 32
          description: The new password to apply to the document.
        current_password:
          type: string
          description: >-
            The document's existing password. Required if the document is
            already password-protected.
    DocumentOperationResponse:
      type: object
      required:
        - document_name
        - signed_url
        - expires_at
      properties:
        document_name:
          type: string
          description: Name of the output document.
        signed_url:
          type: string
          format: uri
          description: >-
            Temporary HTTPS URL to download the output file. Expires after 30
            minutes.
        expires_at:
          type: integer
          format: unix-epoch
          description: >-
            Unix epoch timestamp (in milliseconds) when `signed_url` becomes
            invalid.
    Error:
      type: object
      required:
        - error_code
        - error_message
      properties:
        error_code:
          type: string
          description: The system error code.
        error_message:
          type: string
          description: The human-readable error message.
  securitySchemes:
    ApiKey:
      type: apiKey
      in: header
      name: X-API-Key
      description: >
        Provide your API key in the `X-API-Key` header, e.g., `X-API-Key:
        YOUR_API_KEY`.
    BearerAuth:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: https://auth.luminpdf.com/oauth2/auth
          tokenUrl: https://auth.luminpdf.com/oauth2/token
          scopes:
            openid: >-
              Retrieve basic identity details (username, email, profile
              picture).
            offline_access: Request a refresh token for long-lived access. Private apps only.
            profile.read: View basic user profile information.
            workspaces: View and manage Workspaces and Spaces.
            workspaces.read: View information about the authenticated user's Workspace.
            templates: View and manage templates in a Workspace.
            pdf:files: Create, edit, and delete PDF files in a Workspace.
            pdf:files.read: Retrieve PDF documents stored in a Workspace.
            sign:requests: Create, update, or view signature requests.
            sign:requests.read: Retrieve signature requests.
            agreements: Create, update, or delete AgreementGen documents.
      description: >
        OAuth 2.0 authorization code flow. Provide your access token in the
        `Authorization` header, e.g., `Authorization: Bearer <token>`. See the
        [OAuth 2.0 guide](/tabs/guides/authentication/oauth2) for details.

````