Creating PDF documents is a very usual task in all kinds of web applications. A typical architectural question is where to create the PDF document: Server-side or client-side directly in the browser?
Server-Side or Client-Side?
While it might be useful and unproblematic to create PDF documents with non-sensitive data client-side, when it comes to professional documents with valid, traceable data such as in invoices or reports, server-side document processing is a necessary requirement.
Open source and commercial libraries (or hybrids) can be used to create PDF documents directly in the browser. When considering a requirement in where an HTML blog entry or article should be offered as a PDF download for instance, this serverless, client-side approach is feasible and probably a very good option. The data in an article is not sensitive (in most cases) and it doesn't really matter, if content is altered by the user client-side before the document is created.
The following key aspects of why a server-side generation is the better option in business applications are explained in this article:
- Security
- Digital Signatures
- Layout
Security First
The scenario is different when generating an invoice or any other business critical document in web applications. Consider a portal where users can see their orders and payment information. Developers might be tempted to generate a PDF from the HTML data to provide a downloadable invoice. As a developer, you have no control over what the user is doing client-side or how the document is generated. Client-side generated documents are unusable for business purposes as the data (and layout) cannot be validated. Just like the HTML DOM in the browser can be modified (F12 developer tools), the PDF generation could be altered and manipulated, too.
Reading Tip: Building an Invoice Portal
Deploying invoices is a critical process in a company to get paid on time and also to provide clients a perfect user experience. Decreasing the barrier to access, share and dispute invoices is a key aspect.
Control the Data
When creating documents server-side, developers have full control over the document generation process, the validation of the merged data and the layout of the created document. Back to the invoice example, the data that is merged into a template, comes in most cases from an ERP system or at least a business object that has been created from data of a connected system. This process can be fully controlled beginning at the query of the data to the generation of the document and can be validated internally.
The following animated diagram shows a typical document generation process that uses data from an ERP system to create a digital invoice with machine-readable data as an attachment in the PDF document.