Get started
Blog

Guides for PDF development

Guides, tutorials, and tips for working with PDFs: from free tools to programmatic generation.

When your invoice PDF executes shell commands: prompt injection defense
News

When your invoice PDF executes shell commands: prompt injection defense

Microsoft confirmed RCE chains from PDF prompt injection on May 7, 2026 (CVE-2026-25592, CVE-2026-26030). Concrete defenses for agent pipelines that ingest user-uploaded PDFs.

May 20, 202616 min read
How we hardened our SSE stream for Railway and Next.js App Router
Developer Guides

How we hardened our SSE stream for Railway and Next.js App Router

Real-time dashboard sync looked trivial on localhost. In production we hit Railway's 5-minute HTTP cap, a known Next.js App Router ResponseAborted crash, and EventEmitter leak warnings. Here is the exact code we ship to handle all three.

May 19, 202612 min read
How we built an MCP server for PDF generation
AI & PDF

How we built an MCP server for PDF generation

Inside PDF4.dev's MCP server: 14 tools, 4 resources, 3 prompts, outputSchema everywhere, structured errors, and the SSOT that keeps llms.txt and the docs site in sync with the code.

May 18, 202610 min read
EU e-invoicing mandates 2026: a developer guide
News

EU e-invoicing mandates 2026: a developer guide

Belgium, Poland and France flip mandatory B2B e-invoicing in 2026. What developers need to ship: EN 16931 XML, Factur-X PDF/A-3, KSeF FA(3), Peppol BIS 3.0.

May 17, 202614 min read
Real-time dashboard sync
Developer Guides

Real-time dashboard sync

pdf4.dev now updates every open dashboard tab the moment an AI agent or an API call writes a template, a component, or a PDF render log. Inside the architecture: SSE, an in-process EventEmitter bus, and the Railway and Next.js gotchas we had to work around.

May 16, 20269 min read
CVE-2026-42593: Gotenberg watermark and stamp routes leak arbitrary PDFs
News

CVE-2026-42593: Gotenberg watermark and stamp routes leak arbitrary PDFs

CVE-2026-42593 is an unauthenticated arbitrary PDF read in Gotenberg 8.31.0 and earlier, exposed by stampExpression and watermarkExpression on six conversion routes. Self-hosters affected, managed APIs unaffected.

May 16, 202611 min read
How to convert SVG to PDF
PDF Conversion

How to convert SVG to PDF

Convert SVG to PDF without losing vector quality. Compares Inkscape, rsvg-convert, Playwright, and svg2pdf.js with code, font handling, and page-fit tips.

May 15, 202613 min read
n8n community nodes: publishing with npm provenance
News

n8n community nodes: publishing with npm provenance

From May 1, 2026, every verified n8n community node must ship with npm provenance built on GitHub Actions. A four-step migration guide with the PDF4.dev worked example.

May 14, 202613 min read
How to connect ChatGPT to a PDF API
AI & PDF

How to connect ChatGPT to a PDF API

Three ways to connect ChatGPT to a PDF generation API: Custom GPT actions, the experimental MCP server support, and the Assistants API with function calling. Full OpenAPI snippet, auth setup, and signed URL delivery.

May 13, 202615 min read
Chrome Headless Shell vs full Chromium for PDF generation
News

Chrome Headless Shell vs full Chromium for PDF generation

Chrome 132 removed the old headless mode. chrome-headless-shell is the lean replacement. Here is when to migrate for PDF rendering, and when to stay.

May 12, 202613 min read
How to automate PDF generation with Zapier and Make.com
Tutorials

How to automate PDF generation with Zapier and Make.com

Step-by-step no-code guide to automating PDF generation with Zapier and Make.com. Typeform to PDF receipt, email delivery, Google Drive storage, and a full Zapier vs Make comparison.

May 11, 202613 min read
pdf-lib vs jsPDF vs PDFKit: JavaScript PDF libraries compared
Comparisons

pdf-lib vs jsPDF vs PDFKit: JavaScript PDF libraries compared

Honest comparison of the three main JavaScript PDF libraries: pdf-lib for manipulation, jsPDF for client-side rendering, PDFKit for server-side streaming. Feature matrix, code samples, and when to pick each.

May 10, 202613 min read
MCP 2026 roadmap explained: what server builders should do now
News

MCP 2026 roadmap explained: what server builders should do now

The Model Context Protocol 2026 roadmap names four priorities. Here is what changes for MCP server builders, and which patterns to adopt today.

May 9, 202613 min read
How to create a PDF certificate
Business Documents

How to create a PDF certificate

Design and generate PDF certificates for courses, events, and HR programs. Covers layout, seals, signature lines, QR verification, batch rendering from CSV, and localization.

May 8, 202613 min read
Anthropic Agent Skills explained, with a PDF generation example
News

Anthropic Agent Skills explained, with a PDF generation example

What Agent Skills are, how they differ from MCP servers and system prompts, and a worked example of shipping a Skill that generates PDFs from prompts.

May 7, 202613 min read

Ready to generate PDFs programmatically?

Try the PDF4.dev API: free