API Documentation

Developer API

Seamlessly integrate Aquamark in minutes

Authentication

Secure API access with Bearer tokens

1

Request API Key

Contact [email protected] for your personalized API key

2

Add to Headers

Include your API key in the Authorization header for all requests

Authorization: Bearer YOUR_API_KEY

Endpoint

POST https://aquamark-decrypt.onrender.com/watermark

Parameters

Required

user_email
string Required
Your Aquamark account email
file
file Required
One PDF file (max 25MB)

Recommended

state
string Recommended
For state compliance disclaimers – accepts state names or abbreviations (e.g. "CA", "California"). Returned in response header. To store or display this value, create a custom field in your CRM called Compliance and push the value there automatically.

Advanced

QR Preview
Tamper-resistant QR code on every page with embedded access information
Power up your QR codes

These fields act as digital breadcrumbs that show exactly who had access to each file — lender, salesperson, processor.

They only apply if your CRM enforces curtaining, where users can only access records assigned to them. Curtaining is strongly recommended as a best practice.

salesperson
string Optional
Internal salesperson associated with the deal. Typically your CRM account owner or assigned rep.
processor
string Optional
Team member responsible for preparing and submitting files. Only useful if you assign dedicated processors.
lender
string Optional
Users submit a separate version of the file for each lender, then delete them after submission to reduce storage costs. Most set up a simple automated deletion—using tools like timed scripts, CRM schedulers (e.g. Apex Scheduler in Salesforce), or external automation platforms like Zapier or Make.

Examples

cURL

curl -X POST "https://aquamark-decrypt.onrender.com/watermark" \ -H "Authorization: Bearer YOUR_API_KEY" \ -F "[email protected]" \ -F "[email protected]" \ -F "state=CA" \ -F "lender=OnDeck" \ -F "salesperson=Jack Dawson" \ -F "processor=Rose DeWitt" \ --output "protected.pdf"

Node.js

const axios = require("axios"); const fs = require("fs"); const FormData = require("form-data"); const form = new FormData(); form.append("user_email", "[email protected]"); form.append("file", fs.createReadStream("./statement1.pdf")); form.append("state", "CA"); form.append("lender", "OnDeck"); axios.post("https://aquamark-decrypt.onrender.com/watermark", form, { headers: { ...form.getHeaders(), Authorization: "Bearer YOUR_API_KEY" }, responseType: "arraybuffer" }).then(response => { fs.writeFileSync("protected.pdf", response.data); }).catch(console.error);

Python

import requests with open("statement1.pdf", "rb") as f: response = requests.post( "https://aquamark-decrypt.onrender.com/watermark", data={ "user_email": "[email protected]", "state": "CA", "lender": "OnDeck" }, files={"file": f}, headers={"Authorization": "Bearer YOUR_API_KEY"} ) with open("protected.pdf", "wb") as out: out.write(response.content)

Response

Returns a protected PDF file with optional compliance header:

X-State-Disclaimer: CFL license and Disclosure required.

Workflow

  1. Send a POST request with your PDF and metadata
  2. Receive a protected PDF + optional state disclaimer header
  3. Save the PDF and push state disclaimers to CRM

Important Notes

  • PDF only. One file per request
  • Retail users must upload logo in portal before using the API
  • Questions? Email [email protected]