Find out about the latest from Cloudmersive.

Advanced Compare DOCX API Now Available for Private Cloud
6/21/2024 - Brian O'Neill

legal team reviewing document comparison docx

We’re pleased to announce the release of new, advanced Compare DOCX API capabilities in our latest Private Cloud Convert API update (v-6-5-1).

An Advanced comparisonMode is now available for Private Cloud customers. This feature expands and enhances Compare DOCX API functionality.

To learn more about this latest update, please feel free to reach out to your sales representative directly, or contact any member of our team.

Compare DOCX API Overview

The Compare DOCX API makes it easy for enterprises to automate comparisons between multiple versions of a DOCX document.

Legal contract reviews, for example, can be greatly enhanced by the ability to compare final iterations of a contract document to the standard contract document it originated from.

Calling the Compare DOCX API Without Code

The Compare DOCX API can be used without any code changes in a Power Automate flow.

Further, by uploading the Cloudmersive Convert API to Power Automate as a custom connector, enterprises can make Compare DOCX API calls against a Private Cloud endpoint. This simply requires replacing the default Cloudmersive endpoint ( with your private cloud endpoint.

Private Cloud Overview

Private Cloud customers benefit from high availability, single-tenant infrastructure.

Private Cloud deployments can take place on global Cloudmersive infrastructure, global public cloud infrastructure (AWS, Azure, GCP, etc.), and on-premises infrastructure (i.e., client data centers).

To learn more about Cloudmersive Private Cloud deployments, please feel free to contact a member of our sales team.

Optimize QR Barcode Scanning with Deep Learning AI
6/12/2024 - Brian O'Neill

QR codes blurry and clear

We’re excited to announce a brand-new addition to the Cloudmersive Barcode API!

The Advanced QR Barcode Scanning API is optimized to recognize low resolution or blurry QR barcode images using deep learning artificial intelligence.

This API supports JPG, PNG, and PDF image formats, and it’s capable of processing more than one QR barcode image in a single operation.

Effects of Low-Quality Barcode Images

Low-quality QR barcode images can significantly hamper the efficacy of QR barcode scanning applications. Common image processing operations such as image compression, image scaling, and image format conversion can all contribute to low-quality and unreadable QR barcode images.

Each module of a QR barcode represents an important piece of the original encoded text data (e.g., an encoded URL). If any of those modules are left pixelated or distorted, they may fail to represent the original encoded text contents.

Additionally, like most barcode images, QR barcodes rely heavily on a clear distinction between black and white areas in the barcode image. In a blurry barcode image, boundaries between the black and white areas of a QR barcode can become difficult to distinguish, making it impossible for line detections to occur accurately in the barcode reading process.

The Advanced QR Barcode Scanning API automatically corrects blurry or low resolution QR barcode images to accurately read and extract encoded text.

Learn More

Interested in learning more about the Cloudmersive Advanced QR Barcode Scan API? Please feel free to reach out to a member of our sales team!

Testing Cloudmersive APIs with cURL
6/5/2024 - Brian O'Neill

API graphic

Whether we’re testing API calls to a Cloudmersive Public Cloud, Private Cloud, or Managed Instance endpoint, cURL offers a convenient solution.

Below, we’ll learn more about what cURL is and how we can use it to test Cloudmersive APIs.

What is cURL?

cURL stands for “Client URL”.

At a high level, cURL is a command-line utility that allows us to send and receive data using URL syntax. We can use cURL to transfer data using a wide range of different protocols, including HTTP, HTTPS, FTP, FTPS, SCP, SFTP, LDAP, and more.

What is cURL API Testing?

When we test an API with cURL commands, we send HTTP requests directly from our terminal or command prompt to an API endpoint.

This lightweight testing method is used to confirm the APIs our applications rely on are modifying and/or returning data the way we expect them to.

It’s worth noting that using cURL commands to test Cloudmersive APIs is extremely similar to using Postman for the same purpose. The major difference is that Postman offers a user-friendly GUI with plenty of advanced features. If you’d prefer to go that route, feel free to check out a different post on that subject.

Example: Testing the Cloudmersive Basic Virus Scan API with cURL Commands

Preformatted cURL command examples are available to all Cloudmersive customers through the Management Center in the Cloudmersive Account Portal.

To test any Cloudmersive API with cURL commands, we first need to navigate to the Docs & Examples Documentation page from the Management Center.

Here, we’ll find code examples we can use to structure Cloudmersive API calls in a variety of common programming languages.

Find cURL Command Examples

First, let’s select the cURL option from the Programming Language list. Right after that, we can select the Virus Scan API option from the API list. This will bring up cURL command examples for each iteration of the Cloudmersive Virus Scan API in Step 2 – Get Started with Example Code.

Find the Basic Virus Scan API Iteration

If we type “Scan a file for viruses” in the Search APIs field, we’ll bring up cURL examples for the Basic Virus Scan API iteration right away. Alternatively, we can skip the search and simply scroll this list until we find that option.

Format the Examples for our OS

These are the cURL command examples we should see:

curl --location --request POST '' \
--header 'Content-Type: multipart/form-data' \
--header 'Apikey: YOUR-API-KEY-HERE' \
--form 'inputFile=@"/path/to/file"'

It’s important to note that the above default examples are formatted for Unix-like command terminals.

If we want to reformat our commands for a Windows command prompt, we’ll need to replace backslashes with carets, and we’ll need to replace single quotes with double quotes.

Below, we’ll find the same examples formatted correctly for a Windows command prompt:

curl --location --request POST "" ^
--header "Content-Type: multipart/form-data" ^
--header "Apikey: YOUR-API-KEY-HERE" ^
--form "inputFile=@\"C:\path\to\file\""

Now we’ll break down each line of our example commands and determine what information we need to complete our own request.

Endpoint URL
curl --location --request POST '' \

The URL shown above is the default Cloudmersive Public Cloud endpoint. Since we’re testing the Basic Virus Scan API in this example, we’re making a POST request to that endpoint.

If we want to make POST request to our Managed Instance or Private Cloud endpoint instead, we’ll need to replace this URL with our own endpoint URL. Depending on our subscription, we can also test a wide range of Public Cloud endpoints. We’ll find these by navigating to the API Endpoint page from our Management Center.

Request Headers
--header 'Content-Type: multipart/form-data' \
--header 'Apikey: YOUR-API-KEY-HERE' \

Our cURL request has two separate headers. The first header defines the HTTP content type (in this case, multipart/form-data), and the second header captures our API key to authorize the request.

We can copy an API key from the API Keys page in the Cloudmersive Account Portal and paste that into our second header, replacing the YOUR-API-KEY-HERE placeholder text.

Request Form
--form 'inputFile=@"/path/to/file"'

The form line captures the data we’re sending to the API endpoint in our POST request. We can replace the ”/path/to/file” example with the path to whichever file we’ve decided to use in our test.

Carrying Out our cURL Test

Once we’ve properly formatted and filled out our cURL request, we can paste the cURL commands into our terminal or command prompt. This should execute our cURL request right away.

A successful Basic Virus Scan API test with a clean file will return the following response:


And that’s all there is to it!

We can easily use cURL examples to test any API on the Cloudmersive API platform.

Need Additional Help?

If you have any additional questions about testing Cloudmersive APIs with cURL command examples, please feel free to reach out to a member of our support team.

Announcing the New and Improved Compare DOCX API
4/29/2024 - Brian O'Neill

We’re pleased to announce that we’ve added a brand-new feature to the Compare DOCX iteration of the Cloudmersive Private Cloud Convert API.

It’s now possible to compare the header and footer sections of DOCX documents by setting a headersAndFooters parameter to true.

The Compare DOCX API helps streamline the difficult and tedious process of identifying differences between similar Word documents.

stack of documents with clamps

Cloudmersive Private Cloud Convert API customers can leverage the Compare DOCX API to identify discrepancies between two different versions of an important document (e.g., legal contracts and invoices). Such documents tend to change hands multiple times and undergo several rounds of edits during ongoing negotiations with clients and customers.

The addition of the headersAndFooters parameter allows for a more comprehensive document comparison.

For more information on the Cloudmersive Private Cloud Convert API, please do not hesitate to reach out to a member of our team.

CVE Spotlight: Learning from CVE-2023-5474 PDF Heap Buffer Overflow Vulnerability
4/11/2024 - Brian O'Neill

digital development graphic

In October 2023, multiple PDF-related vulnerabilities were discovered in Google Chrome that could lead to arbitrary code execution attacks.

In the CVE-2023-5474 example (which earned an exceptionally high base severity score of 8.8 in the National Vulnerability Database), a remote attacker could trigger a heap buffer overflow in a victim’s web browser by convincing them to interact with certain features of a specially crafted malicious PDF file.

Understanding the Severity of Heap Buffer Overflows

Heap buffer overflows occur when a program writes more data to a heap memory buffer than the buffer is supposed to handle. This memory "overflow" can cause data stored in adjacent memory buffers to become corrupted, causing the application to crash or possibly leak sensitive data to the attacker. If the overwritten memory buffers contain function pointers or other control data, attackers can go as far as hijacking the program’s execution flow, resulting in the dreaded arbitrary code execution attack.

In the case of CVE-2023-5474, arbitrary code execution was a possible outcome. If the attack involved a victim with escalated privileges in their system, it could allow the attacker to install new programs, view and change sensitive data, or even create entirely new user accounts.

Mitigating Vulnerabilities like CVE-2023-5474

Google Chrome has since patched this specific vulnerability with application updates. Regardless, the significance of CVE-2023-5474 – and other vulnerabilities which follow a similar pattern – cannot be understated. No viruses or malware are directly involved in the process of exploiting this type of CVE, meaning traditional antivirus software won’t identify any threats in the file the attacker crafts to trigger the heap buffer overflow.

Mitigating a threat like this requires:

  1. Regularly checking the affected application for updates (in this case, the Google Chrome web browser) and installing them.
  2. Verifying that all PDFs reaching sensitive locations (i.e., where a user might be able to open them) are thoroughly verified to ensure their contents rigorously conform to PDF formatting standards.

Scanning and Verifying Malicious PDFs with Cloudmersive

The Cloudmersive Advanced Virus Scan API combines virus and malware scanning with in-depth content verification to provide 360-degree protection against files entering an application (or network). Performing a dynamic threat scan on PDFs intended to exploit vulnerabilities like CVE-2023-5474 can identify issues with the file that may have otherwise resulted in zero-day heap buffer overflow attacks in any one of the PDF rendering or parsing programs that our applications utilize in the background.

For more information on how the Cloudmersive Advanced Virus Scan API can help protect your applications or network against invalid file threats, please do not hesitate to reach out to a member of our sales team.

CVE Spotlight: Understanding CVE 2023-4863 Libwebp Heap Overflow
4/1/2024 - Brian O'Neill

magnifying glass on lock graphic

Just a few months ago, in September 2023, a critical (high-severity) heap overflow vulnerability was discovered in certain versions of Libwebp – a popular image codec library used in a variety of common applications, including web browsers like Google Chrome and Microsoft Edge.

Troublingly, in the analysis of CVE 2023-4863, it was found that threat actors could exploit this particular heap overflow vulnerability without requiring any interaction from a user.

Using a specially crafted malicious WebP file (and without authoring malware), a threat actor could force the decoding algorithm used in vulnerable versions of the Libwebp library to write data outside the scope of its usual memory allocation process. If an instance of software using a vulnerable Libwebp version were to process the malicious WebP file, it could lead to a Remote Code Execution or Denial of Service attack.

Thankfully, shortly after this alarming vulnerability was identified, a new version of Libwebp was released to patch it. As ever, successfully avoiding attacks that exploit heap overflow flaws like CVE 2023-4863 often boils down to religiously checking for relevant software updates and applying them as soon as they're available.

Learning from CVE 2023-4863

The sudden discovery of obviously severe vulnerabilities like CVE 2023-4863 highlights an unfortunate truth in modern cybersecurity: motivated threat actors will tirelessly attempt to identify new, unseen vulnerabilities in the software libraries we passively trust, and threat researchers may not be able to discover and publish information about these vulnerabilities before devastating attacks occur.

The incentive to find and exploit vulnerabilities like CVE 2023-4863 is strong, after all. For most threat actors, exploiting unknown heap overflow vulnerabilities with specially crafted payloads is far simpler than authoring malware capable of bypassing the increasingly robust, sophisticated antivirus technologies potential victims can purchase on the modern cybersecurity market.

Specially crafted files intended to exploit heap overflow vulnerabilities like the CVE-2023-4863 example will, in all likelihood, bypass the antivirus technologies our applications rely on to ward off malicious file content, and the results of such a breach can be just as devastating as any virus or malware attack.

Cloudmersive Content Verification

Thankfully, one way we can mitigate attacks using specially crafted files to exploit heap overflow vulnerabilities is by incorporating content verification policies in our virus and malware file scans. In doing so, we can ensure files conform to rigid file formatting standards without needing to stay on top of image processing exploits quite as regularly.

The Cloudmersive Advanced Virus Scan API combines in-depth content verification policies with powerful virus and malware detection capabilities to identify specially crafted file threats.

For more information on Cloudmersive Advanced Virus Scan API content verification capabilities, please do not hesitate to reach out to a member of our team.

API Preview: Cloudmersive Phishing API Coming Soon
3/15/2024 - Brian O'Neill

We’re excited to announce that a brand-new product will soon be joining our portfolio of powerful cybersecurity APIs.

The Cloudmersive Phishing API – currently in alpha – is designed to make identifying and blocking phishing URL threats a breeze.

phish hook

Basic vs. Advanced Phishing API Capabilities

Two versions of the Phishing API will be available upon launch: a basic version, and an advanced version. These versions will differ in the scope of their phishing threat detection capabilities.

Basic Phishing API Lookups

The basic Phishing API will perform rigorous phishing URL lookups, referencing a continuously updated database of URLs, hosts, and domains to flag known phishing threats.

Advanced Phishing API Lookups

The advanced Phishing API will build upon the basic URL lookup service, bringing several unique phishing threat detection capabilities to the table. Some of these unique capabilities will be powered by Cloudmersive domain and URL validation APIs (available under the Cloudmersive Validate API umbrella).

Advanced scans will check URLs for suspicious formatting abnormalities (e.g., Unicode characters disguised as Latin characters) and investigate if URLs are hidden redirection links. In the event redirection links are discovered, the advanced Phishing API will check the host and domain of the final URL redirect to fully diagnose the phishing threat.

An option to allow or block specific domains will also be available in the advanced Phishing API’s request parameters.

Batch Phishing API Request Capabilities

Both the basic and advanced versions of the Phishing API will have batch request API iterations available to facilitate processing more than one suspicious URL per request. Batch API calls will compartmentalize each input URL with its own nested threat assessment object in the API response.

Learn More about the Cloudmersive Phishing API

Interested in learning more about the Cloudmersive Phishing API? Please do not hesitate to contact a member of our sales team with any questions you might have.

How to Virus Scan Azure Blob Storage Uploads in Power Automate
3/6/2024 - Brian O'Neill

In Power Automate, we have the convenient option to call the Cloudmersive Virus Scan API connector in a simple cloud flow.

Below, we’ll set up an example automated flow in Power Automate that scans Azure Blob Storage uploads to a specific blob container in our Azure Storage account.

Please note – a premium Power Automate subscription is required to utilize Cloudmersive connectors.

Let’s start off on the Power Automate home page. From here, let’s select Create on the lefthand side of the page to bring up our flow type options.

1 - select create

We’re going to create a flow that automatically triggers when a new file is added to our Azure Blob Storage Container, so let’s select the automated cloud flow option.

In the build an automated cloud flow window, let’s give our flow a relevant name (i.e., Virus Scan Azure Blob Stroage Uploads), and then let’s type “blob” into the Chose your flow’s trigger search bar.

2 - searching for blob trigger

This brings up the When a blob is added or modified (properties only) (V2) trigger, which is the only trigger action available in the Azure Blob Storage connector. Let’s select this option and click Create to start designing our flow.

On the flow diagram page, we’ll first need to configure our Azure Blob Storage connection before we can configure our request parameters.

3 - configure azure blob connection with access key

In this example, we’ve selected “Access Key” from the Authentication type dropdown (our other options include “Service principal authentication” and “Microsoft Entra ID Integrated”). This way, we’ll just need to provide our Azure Storage account name or blob endpoint along with our Azure Storage Account Access key. We can find our Access key information in the Security + networking section of our Azure Blob Storage account page.

Once we’ve created our connection, we can open our trigger parameters tab and select the Storage Account Name or Blob Endpoint we’re targeting in our scan. Below that, we can select our target Container by following our Azure Blob Storage folder path.

4 - configure trigger parameters

If we click Show all next to the Advanced parameters dropdown, we’ll have the option to specify the number of blobs we want to return in our trigger. This option (along with the dropdown menu below it which provides the option to specify trigger intervals) is primarily advantageous for storage containers which deal with a large number of files, so we’ll be leaving it blank in this example workflow.

With our trigger step successfully configured, our flow is now going to retrieve properties from new blobs as they enter our target Azure Blob Storage container. The Cloudmersive Virus Scan Connector requires file content to perform a scan, so we’ll need our next action to retrieve blob contents using blob properties.

Let’s click on the Add an action button below our flow trigger and type “Azure Blob Storage” into the search bar.

5 - find azure blob storage connector

This brings up the Azure Blob Storage connector, and we can click See more to enumerate a list of connector actions.

6 - azure blob storage actions list

We’re looking for the action called Get blob content using path (V2), which we can find towards the middle-bottom of this list. Let’s click on it and begin configuring the request parameters.

7 - configure get file content parameters

Just like we did in our trigger step, we’ll first need to select our Storage Account Name or Blob Endpoint from the initial dropdown. Below that, in the Blob Path parameter, let’s select dynamic content from our trigger step labeled List of Files Path, and then let’s leave the Infer Content Type dropdown on “Yes”.

8 - displaying for each control

We’ll notice that selecting the List of Files Path content wrapped our Get blob content using path (V2) action in a For each control to account for the possibility that multiple files were uploaded to our target Azure Storage Container.

Within the For each control, let’s click on the Add an action button and search for the Cloudmersive Virus Scan connector.

9 - search for cloudmersive virus scan connector

From the actions we see available under the Cloudmersive Virus Scan connector, we can click on the Scan a file for viruses action. If we haven’t used this connector before, we’ll need to name our connection and enter our API key in the ensuing connector configuration step. Once we do so, we’ll be able to configure our Virus Scan request parameters.

10 - configure cloudmersive virus scan a file action

Within the Input File parameter, let’s select dynamic content labeled File Content from our Get blob content using path (V2) step. When we save and test this flow (by uploading a new file to our Azure Blob Storage container), the content retrieved from each new blob item path will now undergo a rigorous virus & malware scan.

11 - successful test

Because we performed a basic scan with the Cloudmersive Virus Scan API, our flow output will contain a “CleanResult” response which can either be True or False.

12 - cleanresult true or false

This example flow was tested with a clean Excel XLSX file upload, resulting in a “CleanResult”: true response. Depending on the security limitations in our environment, we can trigger “CleanResult”: false responses using EICAR files from the EICAR website.

We can use the “CleanResult” Boolean response to take various actions as a next step in our flow. We could, for example, ask Azure to delete the file immediately in the event of a “CleanResult”: false response, and to do nothing in the event of a true response.

To create this condition, we would first need to add a new action within our For each control and search for the Condition control.

13 - search for condition control

When configuring our condition, we could set dynamic content labeled body/CleanResult from our Scan a file for viruses step equal to “false”.

14 - configuring condition control

Then, within the True outcome of our condition (meaning a “CleanResult”: false response did occur), we could add an action to delete the blob from our Azure Blob Storage container. This action can be found in the Azure Blob Storage connector actions list, and it can be configured by once again selecting our Storage Account Name or Blob Endpoint from a dropdown before filling the Blob parameter with dynamic content labeled List of Files Path from our trigger step.

15 - final condition with delete blob action

Now we have a simple, automated flow running in the background that scans and deletes virus- or malware-infected blobs from an Azure Blob Storage container.

For more information on the Cloudmersive Virus Scan API, please do not hesitate to reach out to a member of our sales team.

Announcing New Cloudmersive Virus Scanning Reverse Proxy Policies
2/14/2024 - Brian O'Neill

Generic blue hexagons

We’re pleased to announce that new policies have been added to the Cloudmersive Virus Scanning Reverse Proxy.

A new security policy was added to block specific paths, and a new transform policy was included to response redirect on request path.

The Cloudmersive Virus Scanning Reverse Proxy Server provides unparalleled 360-degree protection at the network edge, scanning incoming files for viruses, malware, and non-malware content threats.

For more information on the Cloudmersive Reverse Proxy or other Cloudmersive Virus Scan API deployments, please do not hesitate to reach out to a member of our sales team.

Announcing Enhanced Virus Scan API Password Detection for XLS and DOC Files
2/7/2024 - Brian O'Neill

Generic blue tech binary

We’re pleased to announce that enhanced password detection capabilities have been added to the Cloudmersive Advanced Virus Scan API in a recent update.

Password-protected files are commonly utilized to obfuscate malicious code from regular antivirus software. Without proper content verification policies in place, threat actors can potentially slip password protected files into sensitive storage locations and supply passwords to trigger arbitrary code execution at a later date.

Enhanced password detection capabilities now ensure legacy Excel and Word file formats can be flagged alongside the dozens of modern Office, image, and PDF file formats already supported by the Cloudmersive Advanced Virus Scan API.

For more information on content verification with the Cloudmersive Advanced Virus Scan API, please do not hesitate to reach out to a member of our sales team.

Vulnerability Spotlight: Understanding CVE-2023-21608 PDF Reader Flaw
2/2/2024 - Brian O'Neill

In the final quarter of 2023, a use-after-free vulnerability was identified in (and before) several versions of Adobe Acrobat Reader. Without involving viruses or malware whatsoever, successful exploitation of this type of vulnerability could have very severe consequences.

Magnifying glass on red item

This vulnerability could, for one example, lead to arbitrary code execution in the context of the victim (current application user loading a PDF in Reader). If that victim had escalated privileges within the target application, the attacker could end up with access to large volumes of sensitive data.

Let’s take a closer look at what a “use-after-free” vulnerability really means, and let's understand how we can mitigate threatening content that might be used to exploit zero-day use-after-free vulnerabilities.

What is a use-after-free vulnerability?

To manage memory efficiently, computer programs usually release (deallocate) memory which was first dynamically allocated during the program’s runtime. Many relevant programming languages in this context use a function (such as free() or delete) to release memory, and once that release occurs, the computer program effectively “assumes” it won’t be accessing (or “pointing” to) that memory block again.

When there’s a use-after-free vulnerability in an application, it means there’s a flaw making it possible to force the program to continue “pointing” to a memory block that was already deallocated from use. Once the program starts trying to access deallocated memory, unpredictable things can happen. Attackers can take advantage of this flaw to execute arbitrary code and possibly change the program’s behavior entirely.

How could a threat actor exploit a use-after-free vulnerability like CVE-2023-21608?

To exploit a use-after-free vulnerability in a PDF reader application, a threat actor would start by crafting a malicious PDF file. This file would likely contain a specific set of characteristics (for example: special objects, structures, or scripts/instructions) designed to exploit insecure memory deallocation functions. The attacker would then disguise and possibly obfuscate this file’s content so it appeared as safe & innocuous as possible (likely in addition to leveraging social engineering techniques) before sharing it with a potential victim using a vulnerable version of the PDF reader application.

Once the victim opened the malicious PDF in the vulnerable PDF reader application, the PDF’s special elements could force the application to “point” to deallocated memory. The attacker could then take control of this freed memory execute arbitrary code within the vulnerable program. If the attacker chose their victim wisely, they could have escalated privileges within the vulnerable application and potentially take complete control of it.

If this all sounds a little too easy, we’re on the right track: once a sophisticated threat actor is aware of a use-after-free vulnerability in a particular application, they’ve already done the hardest work. Disguising and/or obfuscating malicious files & employing effective social engineering techniques to exploit targeted victims are often trivial tasks for experienced attackers, largely because no virus or malware signatures are involved. Traditional antivirus software very likely won’t find anything wrong with the malicious PDF, and the target user might assume the file was safe if it appeared to pass a standard antivirus scan.

How can we mitigate the exploitation of use-after-free vulnerabilities?

First and foremost, it’s critical that we update all our applications regularly. Security teams, researchers and bug bounty hunters are constantly at work trying to identify critical vulnerabilities in popular applications, and once those vulnerabilities are identified, new software versions are hastily released with relevant fixes.

To avoid becoming the subject of a zero-day use-after-free vulnerability exploit, however, we need to focus on rigorously verifying the content processed by our sensitive applications. Use-after-free vulnerability exploits might be driven by insecure coding practices, but they only result in outcomes like arbitrary code execution when malicious content isn’t properly validated before passing through program functions. Unintentional (non-malicious) use-after-free exploits can occur because of improperly validated content too, potentially leading to other unwanted outcomes such as Denial-of-Service.

Verifying content with the Cloudmersive Virus Scan API

The advanced version of the Cloudmersive Virus Scan API performs in-depth content verification checks on files & identifies the types of content threat actors use to exploit vulnerabilities like use-after-free. It can be configured to disallow content containing scripts, executables, invalid file content (relative to the file extension), JavaScript, HTML, and more.

In the context of protecting a potentially vulnerable PDF reader application, API request parameters could be customized to flag PDFs containing any content that did not fully conform to PDF standards. This means scripts, executables, and HTML/JavaScript objects would be called out before the file could reach the target application.

For more information on the Cloudmersive Virus Scan API, please feel free to reach out to a member of our team.

Announcing STEP File Content Verification Support for the Cloudmersive Virus API
1/25/2024 - Brian O'Neill

lock with arrows pointing both ways

We’re pleased to announce our newest Cloudmersive Virus API (v8-5-4) update release has incorporated support for STEP (Standard for the Exchange of Product model data) files.

STEP files (i.e., those with .STEP or .STP extensions) scanned through the Virus API will now undergo content verification checks to ensure 1) these files' contents rigorously conform to STEP file standards, and 2) these files do not host various hidden threats including scripts, executables, external links, and other potentially malicious content.

The Cloudmersive Virus API offers 360-degree content protection. That starts with virus and malware scanning and extends to full in-depth content verification for executables, invalid files, scripts, password protected files, macros, XML external entities, insecure deserialization, HTML contents, unsafe archives, OLE embedded objects, and PDFs with JavaScript/HTML enabled.

For more information on the Cloudmersive Virus API, please do not hesitate to reach out to a member of our sales team.

Mitigating Invalid Image File Threats with the Cloudmersive Advanced Virus Scan API
1/10/2024 - Brian O'Neill

man typing in suit with graphics

With an estimated 500,000+ new malware signatures developed each day, implementing effective cyber-security policies is an extremely difficult task – but our list of threats doesn’t end there. Malware is, unfortunately, only one of many weapons found in a threat actor’s cyber-attack arsenal.

Understanding the Threat of Invalid Image Files

Image format manipulation is one example of a critical non-malware attack vector which most antivirus solutions aren't configured to detect. By crafting malicious image files with special formatting, threat actors can exploit zero-day vulnerabilities in the libraries and tools we rely on to process and buffer image uploads & downloads. These vulnerabilities can sometimes crash our applications or pave the way for arbitrary code execution.

Examples of Image Formatting Vulnerabilities

There have been many examples of critical image processing vulnerabilities in recent years, and we'll highlight two significant examples here.

One example we can look at is a heap-based overflow vulnerability (CVE-2023-4863) that was recently identified within libwebp, a WebP codec library commonly used in web browser applications. By crafting a malicious WebP file, a threat actor could ignore heap buffer boundaries in libwebp and cause the target application to crash, resulting in a denial-of-service attack.

We can also look at a somewhat similar vulnerability (CVE-2022-3570) found one year prior in tiffcrop, a utility within the libtiff library used for selecting, copying, and cropping TIFF image files. Using a specially crafted TIFF file, an attacker could exploit this vulnerability to enable out-of-bounds access in the target application, allowing them to steal sensitive information from their attack victim.

Detecting Invalid Image File Threats

Unlike files infected with viruses or malware, invalid image files aren’t going to get flagged by our regular antivirus software. Rather, threats of this nature can be mitigated more effectively with rigorous content validation policies. If we can determine that image files are flawed before they reach a potentially vulnerable image processing technology, we can eliminate the threat of those files ignoring heap buffer boundaries, enabling out-of-bounds access, or triggering other contextually exploitative scenarios.

The need for stringent content validation adds a challenging parameter to our existing content security architecture. Thankfully, however, we don’t necessarily need to think of antivirus scanning and content validation separately. If we can perform antivirus scans AND validate file contents simultaneously, we can significantly improve our threat profile while reducing the cost (in time and resources) of managing multiple separate cyber-security solutions.

Content Verification & Validation with the Cloudmersive Advanced Virus Scan API

The Cloudmersive Advanced Virus Scan API combines a cutting-edge malware detection sandbox with custom content validation parameters, resulting in unique 360-degree protection for our image uploads and downloads (this service also supports dozens of additional document types, including all Office file formats and PDFs). Invalid image files can be flagged through the allowInvalidFiles parameter, and we can restrict myriad unwanted image formats altogether by entering a comma-separated whitelist of acceptable format types (e.g., “.png,.webp,.jpg”) into the restrictFileTypes parameter.

This API can be deployed as a no-code solution in a variety of strategic locations, including at the network edge (i.e., network proxies & ICAP servers) or adjacent to sensitive cloud storage buckets, and it can be accessed directly as a low-code solution through API calls to the cloud. This dynamic threat scanning service can significantly improve our threat profile.

For more information on the Cloudmersive Virus Scan API, please feel free to reach out to a member of our sales team.

Announcing Azure Blob Storage Accounts for Cloudmersive Reverse Proxy Servers
12/20/2023 - Brian O'Neill

With the recent release of Cloudmersive Reverse Proxy v3.3.8, we’re excited to announce the addition of a brand-new feature!

Azure Blob Storage accounts can now function as the origin accounts for Cloudmersive Reverse Proxy Servers.

This will allow customers to serve their Azure Blob Storage containers through their Cloudmersive Reverse Proxy server, with access controlled via SAS token.

That’s not all, either. With this release, we’ve included several new Cloudmersive Reverse Proxy Server policies and one update to an existing policy. These including the following:

  1. Customers can now block specific HTTP request methods through an HTTP Request Method Policy.
  2. Customers can now block specific HTTP response codes returning from the origin server using an HTTP Response Code Policy.
  3. The existing URL Replace policy has been updated to include Match Mode setting, which allows customers to choose between substring match and exact match.

For more information on new Cloudmersive Reverse Proxy features & updates, please do not hesitate to reach out to a member of our team.

Announcing Cloudmersive Reverse Proxy for Windows Server 2022
12/13/2023 - Brian O'Neill

blue server room angled right

We’re pleased to announce that the Cloudmersive Reverse Proxy server is now available for Windows Server 2022.

This latest addition joins Windows Server 2016, Debian 10 Linux, and Kubernetes on our list of compatible servers.

The Cloudmersive Reverse Proxy Server (also known as Cloudmersive Shield) is a no-code solution that can be deployed in front of your applications to block malicious files at the network edge. It allows you to protect any web application or API with zero code changes.

Cloudmersive Shield will automatically detect file uploads and send them to the Cloudmersive Virus Scanning API for virus scanning and content verification. When files are clean, they will continue to the client application, and when files are infected, a customized response will be displayed to the user. Shield additionally features the ability to scan binary data in JSON and XML requests for threats.

For more information regarding the Cloudmersive Reverse Proxy Server, please do not hesitate to reach out to a member of our team.

Announcing India: The Newest Cloudmersive Data Center Region
11/27/2023 - Brian O'Neill

We are pleased to announce the launch of a brand-new Cloudmersive data center region in Mumbai, India.

This new region joins our existing data centers in Singapore and Sydney, Australia to comprehensively serve clients located throughout South Asia and Oceania.

Our global data center deployment regions now include all locations depicted in the graphic below:

Data Center Regions

North America

  • Hillsboro, Oregon, US
  • Beauharnois, Quebec, Canada
  • Vint Hill, Virginia, US


  • London, England, UK
  • Gravelines, Hauts-de-France, France
  • Frankfurt, Hesse, Germany
  • Warsaw, Masovia, Poland


  • Mumbai, India
  • Singapore


  • Sydney, New South Wales, Australia

For more information on data center regions and Cloudmersive deployment options, please do not hesitate to contact a member of our sales team.

Spotlight: 360-Degree Content Protection
11/6/2023 - Brian O'Neill

content graphic

Every day, threat actors across the globe come up with an astonishing number of new malware strains – a volume estimated in the hundreds of thousands – and they also come up with increasingly creative & effective ways to hide that malware within common file types that we regularly use for legitimate purposes. If our scanning service is bypassed even once by a cleverly crafted password-protected file or an encrypted zip archive, the results can be disastrous, leaving us struggling to pick of the pieces from a devastating cyberattack.

Thankfully, however, when we combine shrewd content restrictions with our regular malware detection processes, we can establish a new level of control over the content that enters and leaves our system. Instead of relying exclusively on the analysis of threat signatures and suspicious file behaviors, we can categorically block file types that we know we don’t want to deal with in any capacity. We can simply remove password-protected files, executable files, scripts, and other vulnerable, commonly exploited entities from our workflow, and we can even go as far as to whitelist the files we do want to accept and block everything else entirely. We can accomplish all of this by rigorously verifying file contents against the file extension they present – a process which simultaneously blocks targeted file types and uncovers invalid file types with spoofed extensions.

The advanced iteration of the Cloudmersive Virus Scan API provides powerful 360-degree content protection, combining cutting-edge malware scanning and in-depth content verification into one simple, high-speed scanning process with unprecedented customization options. Whether we’re using Cloudmersive Storage Protect to scan our AWS, Azure, SharePoint & GCP storage locations, or using Cloudmersive Shield to safeguard our forward and reverse network proxies, we can depend on powerful content protection without writing a single line of code.

Understanding Cloudmersive Private Cloud Deployment
10/25/2023 - Brian O'Neill

Flexibility is a key component of any Cloudmersive product deployment. Choosing the Cloudmersive Private Cloud Deployment option provides customers with the most control over their own data & security model.

In a Private Cloud Deployment, customers install their Cloudmersive product either on-premises or through their choice of cloud provider (e.g., AWS, Azure, GCP), and they are ultimately responsible for managing and updating their Cloudmersive service. In this deployment model, the Cloudmersive team will provide walk-through guidance for the customer as needed during installation and updates.

Much like the Managed Instance Deployment option, the Private Cloud Deployment option is fully customizable with no pre-set limits, and it’s a highly scalable solution licensed per core per year.

For more information on Cloudmersive Private Cloud Deployment, please do not hesitate to reach out to a member of our sales team.

Announcing JavaScript & HTML Policies for PDF Content Verification
10/16/2023 - Brian O'Neill

We are pleased to announce that the list of content verification policies available to Storage Protect & Shield customers has been expanded with the release of version 8-2-8 of the Cloudmersive Virus Scan API.

Through the permitJavascriptAndHtmlinPDFs request parameter, customers can now set restrictions against PDFs containing JavaScript or HTML code. When this policy is active, files with .PDF extensions that contain HTML or JavaScript within their file structure will fail their content verification check and trigger a CleanResult: False response.

Malicious PDF files containing JavaScript and HTML can be used to bypass virus & malware scanning policies, and this can leave internal or external network users at risk of inadvertently accessing malicious content and initiating a cyberattack. The option to categorically restrict PDF files containing JavaScript and HTML is another convenient custom-content threat prevention solution for customers with multi-pronged content security concerns.

More on the Cloudmersive Virus Scan API

The Cloudmersive Virus Scan API offers customers a uniquely comprehensive file scanning service, combining dynamic malware threat detection capabilities with customizable in-depth content verification policies.

In addition to gaining state-of-the-art, zero-day file threat detection capabilities with their baseline Cloudmersive Virus Scan API product, customers utilizing the Advanced Virus Scan API service (through any deployment type) can easily block executables, invalid files, scripts, password-protected files, and more using simple custom request parameters. They can additionally whitelist acceptable file formats by specifying a comma-separated plain text list of file extensions.

For more information about the Cloudmersive Virus Scan API, please feel free to reach out to a member of our sales team.

Server-Side Request Forgery: Back in the OWASP Top 10
10/5/2023 - Brian O'Neill

blue dotted scape

The most recent edition of OWASP’s top-10 security vulnerabilities was published in July of this year (2023), and a familiar threat was once more included in that ranking.

Coming in at 7th this year – three slots higher than the 10th place slot it occupied in the 2021 OWASP ranking – was Server-Side Request Forgery (SSRF), a well-known vulnerability that enables attackers to control where server-side applications make requests. This type of attack is often used to leak important/sensitive data from an organization by exploiting trust relationships between internal servers.

There are a few key steps we can take to mitigate SSRF vulnerabilities, such as altering the way we represent the IP or utilizing URL encoding techniques to obscure our blocked strings.

In addition, we can take advantage of the Cloudmersive Security API for advanced network threat detection. We can use the SSRF Detection iteration of the Security API to check if an URL is at risk of being an SSRF attack, and we can input blocked domains along with our URL string request. The API will return a CleanURL Boolean response, along with a Threat Level description string. Like all Cloudmersive APIs, the Security API is a turnkey, low-code solution designed to be easy for developers to use.

For more information about deploying the Cloudmersive Security API, please do not hesitate to reach out to a member of our sales team.

Set up Cloudmersive Storage Protect for AWS S3 and Azure Blob in Minutes
9/20/2023 - Brian O'Neill

cloud security

Storing client-side file uploads in the cloud is becoming an increasingly risky business. As more and more companies purchase cloud storage subscriptions from Amazon, Microsoft, and other major industry players, threat actors divert more and more attention toward exploiting these storage locations with insecure file uploads & custom threats designed to bypass peripheral high-level virus scanning policies.

In-storage virus scanning & content verification can be the difference between the success and failure of a latent cyber-attack. By deploying Cloudmersive Storage Protect alongside our buckets and blobs, we can scrutinize each individual file upload in-storage, detecting virus and malware signatures & simultaneously identifying invalid files, scripts, password-protected files, archives, and a variety of additional hidden content threats. We can even set custom restrictions against unwanted file types to dramatically increase our threat profile – all without writing a line of code.

If you’re considering in-storage protection for AWS S3 or Azure Blob storage, check out the below videos to see how you can get Cloudmersive Storage Protect up and running in minutes.

How to Scan AWS S3 Files for Viruses

How to Scan an Azure Blob for Viruses

OWASP Top 10 2023: A Brief Overview of New and Returning Web Application Security Risks
9/12/2023 - Brian O'Neill

Since 2003, OWASP (the Open Worldwide Application Security Project) has, every few years, released a ranking of its top 10 most relevant web application security risks. These rankings are informed entirely by contemporary research and feedback accumulated from the non-profit’s global “open community” of dedicated cybersecurity professionals, and they tend to impact the way organizations around the world analyze and plan out their future web application security practices.

The most recent OWASP Top 10 API Security Risks ranking, published in early July 2023, features several changes from the previous ranking published in September 2021.

Included on this list are several returning threats - some of which have been renamed - along with five new additions.

The below chart depicts the OWASP 2021 & 2023 rankings side by side with color-coded cells for new and returning threat inclusions:

OWASP top 10 2021 and 2023 comparison

In the above chart, the five threats removed from the 2021 list are highlighted in red, while the new additions to the 2023 list are highlighted in green. Of the returning inclusions, the three renamed threats are highlighted in beige on both lists, while the two unchanged inclusions are highlighted in light blue on both lists.

Broken Access Control is now referred to as Broken Object Level Authorization, while Identification and Authentication Failures are now referred to as Broken Authentication and Vulnerable and Outdated Components are renamed as Improper Inventory Management.

For more information regarding Cloudmersive API Security practices & solutions for mitigating common web application security risks, please do not hesitate to contact a member of our sales team.

Make the Most of your PDF Documents in Power Automate
9/4/2023 - Brian O'Neill

If there's one thing every client device in the world has in common, it's the ability to open and view PDF documents on a browser. That interoperability is present by design, and it makes PDF one of the most valuable content sharing formats in the world.

In Power Automate, we can build efficient workflows around converting, editing, and optimizing PDFs, saving us even more time in our day-to-day file processing tasks. With Cloudmersive API Connectors at the center of our flow designs, we can elevate these processes to an even higher level.

PDF connector actions

Doc Conversion PDF

Below, we've compiled a few documentation videos centered around our PDF connector actions in Power Automate to help you get up and running in minutes.

Convert To PDF

Convert PowerPoint Presentations to PDF in Power Automate and Logic Apps

Convert Word Documents to PDF in Power Automate

How to Convert a Single Excel Worksheet to PDF in Power Automate and Logic Apps

How to Convert an Excel Spreadsheet to PDF in Power Automate and Logic Apps

Convert a PNG Image Array to PDF in Power Automate and Logic Apps

How to Convert a URL to a PDF using Power Automate

How to Convert HTML to PDF in Power Automate and Logic Apps

Convert From PDF

How to Convert PDF to PPTX in Power Automate and Logic Apps

How to Convert PDF to DOCX in Power Automate and Logic Apps

Convert a PDF Document to Text in Power Automate and Logic Apps

How to Rasterize a Text-Based PDF in Power Automate

How to Convert a Rasterized PDF to a DOCX File in Power Automate

How to Convert a PDF File to a Single-Page PNG File in Power Automate

How to Get Text in a PDF Document by Page

Edit PDF

Merge PDF Documents in Power Automate and Logic Apps

How to Add a Text Watermark to a PDF in Power Automate and Logic Apps

How to Rotate All Pages in a PDF File in Power Automate

How to Remove, Delete Pages from a PDF in Power Automate

How to Insert Pages from One PDF into Another PDF

How to Remove PDF Annotations, Comments in Power Automate

How to Get PDF Document Metadata in Power Automate

How to Split PDF Documents into Separate Files (One per Page) in Power Automate

How to Create PDF Annotations, Comments in Power Automate

How to Remove a Specific PDF Annotation or Comment in Power Automate

Validate & Get PDF Metadata

How to Validate a PDF Document in Power Automate and Logic Apps

How to Get PDF Metadata in Power Automate and Logic Apps

Encrypt and Decrypt PDF

How to Decrypt a PDF in Power Automate and Logic Apps

How to Encrypt, Password Protect, and Set Permissions for a PDF in Power Automate

For more information on Cloudmersive PDF APIs in Power Automate, please do not hesitate to reach out to a member of our sales team.

Convert, Split & Merge Your PowerPoint PPTX Presentations in Power Automate
8/31/2023 - Brian O'Neill


There’s a lot we can do to impact the design and export of PPTX presentations without ever opening a file in the PowerPoint application. With the help of Cloudmersive Document Conversion Connectors in Power Automate, we can automate a variety of vital PowerPoint actions and drastically simplify our file processing & file administration workflows. Don’t hesitate to check out a few of our demonstration videos on the subject – they’ll help you get up and running in minutes.

Doc Conversion PPTX

How to Convert a PowerPoint PPTX Document to Plain Text in Power Automate

How to Convert PDF to PPTX in Power Automate and Logic Apps

Merge PPTX Documents in Power Automate and Logic Apps

How to Split PowerPoint PPTX Presentations into Separate Slides in Power Automate

Create, Edit and Convert your Microsoft DOCX Documents in Power Automate
8/18/2023 - Brian O'Neill

Typing with documents hovering

Microsoft’s dynamic DOCX format is extraordinarily popular among personal and professional content creators alike. The wide range of useful features available in a DOCX document make it possible to create articles, contracts, invoices, and even interactive forms more easily than ever before.

The convenience doesn’t end there, either. With the help of Power Automate flows, we can interact programmatically with our DOCX content. We can simplify the process of carrying out routine actions like converting our DOCX files to and from PDF format, generating and editing entirely new DOCX files, extracting important data from within our existing DOCX files, and more.

Doc Conversion DOCX

Cloudmersive API Connectors on Power Automate make it easy to realize your DOCX process automation goals. Check out some of our documentation videos to get started.

Convert Word Documents to PDF in Power Automate

How to Convert PDF to DOCX in Power Automate and Logic Apps

How to Convert a Rasterized PDF to a DOCX File in Power Automate

Merge Word DOCX Documents in Power Automate and Logic Apps

How to Compare Two Word DOCX Files in Power Automate and Logic Apps

How to Get Comments from a DOCX Document (Hierarchically) in Power Automate

How to Convert Microsoft Word Doc (1997-2003) Files to Microsoft Word DOCX in Power Automate

How to Create, Edit a Microsoft Word DOCX Document using Power Automate

How to Remove Headers and Footers from a Word DOCX Document using Power Automate

How to Replace a DOCX Text String using Power Automate

How to Validate a DOCX File in Power Automate and Logic Apps

How to Convert HTML to DOCX in Power Automate and Logic Apps

For more information on Cloudmersive API Connectors, please do not hesitate to reach out to a member of our sales team.

Scan Files for Virus and Malware Threats with Low-Code and No-Code Solutions
8/7/2023 - Brian O'Neill

Lock in center of doc system graphic

As file sharing and file storage continue to grow at unprecedented rates, one thing is for certain: cyberattacks are growing right alongside them. As a result, redundancy is a critical consideration in modern security architecture, and it can be accomplished in a variety of ways.

The Cloudmersive Virus Scan API can be utilized to incorporate security redundancy in myriad workflows via no-code and low-code solutions. Check out some of our existing video documentation for tips and demonstrations spanning Nintex, Power Automate/Logic Apps, Azure Blob, AWS S3, Node.js & PHP.

Virus scan Swagger

How to Scan OneDrive Files for Viruses in Nintex

How to Scan Image Files for Viruses and Malware in Power Automate

How to Scan a File for Viruses, Malware, and Non-Malware Content Threats in Power Automate

How to Create a Custom Cloudmersive Advanced Virus Scan Connector in Power Automate

How to Scan SharePoint List Item Attachments for Viruses in Power Automate

How to Scan AWS S3 Files for Viruses

How to Scan an Azure Blob for Viruses

How to Virus Scan and Quarantine a File in Power Automate and Logic Apps

How to Scan a Website or URL for Viruses in Power Automate and Logic Apps

How to Scan Files for Viruses in Node.js

How to Scan New Files for Viruses in Azure Blob using Azure Logic Apps

How to Virus Scan File Uploads in Mendix

How to Create a Virus Scan Wrapper API in Logic Apps and Power Automate

How to Perform a Virus Scan Upload in PHP

Virus Scan Connector All

Make the Most of your Excel Spreadsheets in Power Automate
8/4/2023 - Brian O'Neill

Spreadsheets galore

With the help of Cloudmersive API Connectors in Power Automate, it’s possible to build powerful workflows that share Excel content across file storage systems, convert spreadsheet data into more convenient formats, and even assemble entirely new Excel files from scratch.

Doc Conversion XLSX

To get started automating workflows for your Excel files, take a look through some of our documentation videos which demonstrate Excel-based actions in Power Automate.

How to Split Excel XLSX Files into Separate Worksheets in Power Automate

How to Get All Worksheets from an Excel XLSX File in Power Automate

How to Convert Excel XLS (1997 - 2003) to CSV in Power Automate

How to Convert CSV to XLSX in Power Automate and Logic Apps

How to Convert XLSX to CSV in Power Automate and Logic Apps

How to Create an Excel File in Power Automate: Part 1

How to Create and Update an Excel File in Power Automate: Part 2

How to Convert an Excel File to JSON in Power Automate and Logic Apps

How to Get Rows and Cells from an Excel Worksheet in Power Automate and Logic Apps

How to Convert a Single Excel Worksheet to PDF in Power Automate and Logic Apps

How to Convert an Excel Spreadsheet to PDF in Power Automate and Logic Apps

Getting Started with Cloudmersive Connectors on Nintex
7/17/2023 - Brian O'Neill

workflow automation

Calling all Nintex workflow automation customers! There are more than a dozen Cloudmersive API Connectors available on the Nintex Automation Cloud, allowing you to easily convert important files between common formats, get exchange rates and up-to-date currency values, perform powerful virus and malware scans, and much more.

To get up and running in minutes, check out one of our recent "How To" videos demonstrating where to find and how to utilize Cloudmersive Connectors on Nintex.

How to Scan OneDrive Files for Viruses in Nintex

How to Convert Documents to PDF in Nintex

How to Convert Excel XLSX to JSON in Nintex

How to Convert CSV to JSON in Nintex

How to Create a PDF Watermark in Nintex

How to Convert USD to Euro in a Nintex Form

Detect Server-Side Request Forgery (SSRF) Threats with Minimal Code
7/13/2023 - Brian O'Neill

Web application security should never take a backseat. If we don’t closely monitor the way our applications validate user-provided data, we can leave them vulnerable to SSRF (Server-Side Request Forgery) threats, which can be used to initiate damaging cyberattacks.

Lock on Laptop

When we say that our application isn’t validating user input properly, we mean that the application is blindly accessing insecure external resources based on user-supplied instructions. Threat actors can initiate SSRF attacks by supplying a URL to our web application that references a malicious resource, ultimately placing them in the driver’s seat to control subsequent requests made by the application. Successful SSRF attacks can steal extremely sensitive data related to our server configuration or other important network resources, and they’re also one of many ways attackers can launch DoS (Denial of Service) attacks.

Cloudmersive SSRF Threat Detection API

Thankfully, SSRF threats can be detected and averted by carefully analyzing user-supplied URL input. Our SSRF Threat Detection API is designed specifically to detect threatening URLs from a user input string, identifying whether the URL contents are intended to compromise our web application. The API response provides a Boolean (CleanURL = True or False) along with a string describing the threat level of that URL.

Just like any Cloudmersive API, you can find code SSRF Threat Detection code examples in a variety of common programming languages available through your account management page. You can implement a powerful anti-SSRF threat policy in minutes, authorizing requests with your universal API key.

Two Cloudmersive APIs to Detect Insecure Deserialization Threats
7/7/2023 - Brian O'Neill

Any time data travels between applications, across networks, or even within the confines of a single application, that data is converted to and transported as a stream of bytes in a process called Serialization. When that data reaches its destination, the exact opposite process occurs; the parser receiving the data interprets the incoming stream of bytes and uses that information to construct a replica of the original data objects. This follow-up process, called Deserialization, is what makes it possible for an application’s code to efficiently process and use external data within its code base.

skull made of data

Understanding Insecure Deserialization Threats

The data parsing mechanisms responsible for deserialization can be viewed as omnipresent doorways into any application. As a result, securing those doorways is critical to any application’s security. If a threat actor successfully identifies a vulnerable data parser (e.g., one which blindly trusts and fails to sanitize user input), they can manipulate serialized objects in a way that tricks the application into taking malicious actions on their behalf. This vulnerability can be used to achieve remote code execution, force an escalation of privileges within the application, or even provide the attacker with direct access to unauthorized data.

Detecting Insecure Deserialization Threats

Thankfully, Cloudmersive APIs are equipped to detect insecure deserialization threats in several forms. Below, we’ll highlight our anti-Insecure Deserialization policies and discuss how they can protect your applications from harm.

Detect Insecure Deserialization JSON Attacks from Text Input

JSON is one of the most common data formats used across the digital world today. While it’s generally considered a very secure format due to its readability and relatively simplistic structure, it’s still possible for threat actors to launch insecure deserialization attacks through poorly sanitized JSON parsers, and the contemporary popularity of JSON as a safer alternative to extensible formats like XML makes it increasingly worthwhile for threat actors to try.

This iteration of our Security API is designed specifically to identify Insecure Deserialization attempts within JSON strings, and it can be used to block threats before they reach the application codebase. The API response provides a Boolean value indicating if a given text string contained an attack.

Advanced Scan a File for Viruses

The Advanced Scan iteration of our Virus Scan API is designed to block multiple unique threat types in a single comprehensive policy. It allows developers and/or administrators to set custom rules against threats embedded within common file types, while simultaneously checking files for more than 17 million virus and malware signatures.

One of the custom threat rules available in this API’s request body targets Insecure Deserialization threats found in JSON and myriad additional object serialization files, and you can set this threat rule to “False” in order to trigger a “CleanResult: False” response whenever Insecure Deserialization attacks are detected.

Three APIs to Check Text Input for XXE (XML External Entity) Attacks
6/30/2023 - Brian O'Neill

for xxe article

Understanding XXE (XML External Entity) Attacks

The advantages and risks of utilizing data in XML format are both attributable to its extensibility (it’s in the name, after all) relative to more simplistic plain-text data formats like JSON or CSV. Perhaps the strongest example of this extensibility is the XML entity declaration feature, which is defined using Document Type Definition syntax and effectively instructs data parsers to access information made available inside (internal reference) or outside (external reference) of the original XML document by the document creator. This powerful reusability feature affords numerous benefits, but it also represents a unique threat for any application parsing XML data.

While XML internal entities access content stored locally within a document, XML external entities are designed to retrieve content that lives outside of an XML document, often using HTTP requests to access that information. When an XML parser reads an external entity reference, it will retrieve the information associated with that reference and subsequently incorporate that information into the original XML document.

This external reference feature is a well-documented cyberattack vector. Threat actors can leverage external entity vulnerabilities to carry out XML External Entity (XXE) attacks, exploiting poorly sanitized XML data parsers with built-in document references to external malicious content. That content can take myriad forms, and the outcomes of a successful attack can be disastrous, resulting in the theft of valuable data from our servers or even Denial of Service to our users.

Preventing XXE Attacks with Cloudmersive APIs

Thankfully, you can take advantage of three separate Cloudmersive APIs to protect your applications from XXE threats, with each option varying in the scope of its threat detection capabilities. These options include the following:

  1. Protect Text Input from XML External Entity Attacks: This iteration of the Cloudmersive Security API is designed exclusively to detect XML External Entity attacks from a string of XML text. When XXE threats are identified, the API will return a Boolean labeled “ContainedXxe” to notify you if external references were present.

  2. Automatically Detect Threats in an Input String: This dynamic iteration of the Cloudmersive Security API is designed to detect a variety of common content threat types in a single request from text string input. These threat types include XML External Entities, Cross-Site Scripting, SQL Injection, Server-Side Request Forgery, and JSON Insecure Deserialization. When XXE threats are detected, the API response will return a “True” value in the “ContainedXxeThreat” Boolean.

  3. Advanced Virus Scan API: This dynamic iteration of the Cloudmersive Virus Scan API is designed to scan files for viruses, malware, AND hidden content threats, including XML external entities. The API response will determine if XML was present within any document by default; additionally, setting the “allowXmlExternalEntities” request parameter to “False” will return a “CleanResult: False” response for documents containing XML external entity references.

For more information on Cloudmersive Security and Virus Scan APIs, please feel free to reach out to a member of our sales team.

Why OLE Object Linking and Embedding Vulnerabilities are a Serious Threat
6/16/2023 - Brian O'Neill

As files are shared more rapidly and in greater quantities than ever before, threat actors are increasingly incentivized to exploit file sharing trends. This has organically led object linking and embedding (OLE) technology – a Microsoft document feature intended to enhance user experiences by allowing content creators to connect external applications within a document – to become a prominent cyber-attack vector.

computer with radiating circles and binary background

Why are OLE Vulnerabilities Attractive to Threat Actors?

Because OLE technology is available in several extremely common document formats (like MS word, for example), threat actors know they can reach a wide range of victims by exploiting OLE vulnerabilities. These document formats are very frequently shared within and across professional networks, increasing the likelihood that a document user will eventually activate malicious content and trigger remote code execution. In addition, links and objects embedded within a document are hard for many file scanning solutions to assess for threats, improving the likelihood that compromised documents avoid detection. Common workarounds to that problem (such as blacklisting affected file extensions) are impractical in this case given the ubiquity and importance of document formats with OLE capabilities.

Further, unlike attacks involving Macros – another document vulnerability frequently exploited by threat actors – there aren’t any convenient prompts within OLE-enabled documents which give readers the option to activate or deactivate additional document features. As a result, malicious links and objects placed within seemingly normal, safe-looking documents can remain undetected for a longer period, increasing the likelihood that a document user will eventually click on a malicious object or link.

How are OLE Vulnerabilities Exploited to Initiate a Cyber Attack?

OLE technology allows any content creator to make external resources accessible for document readers with a convenient clickable icon. Once activated by a document user, malicious embedded objects can quickly inject malware onto the victim’s computer, connect the computer with the attacker’s server, and allow the attacker to send a disguised executable malware payload.

To make matters worse, the events of an OLE attack can all happen very quickly. In some cases, the affected document viewer might not even notice the attack occurred, increasing the amount of damage the attacker can inflict before being stymied by security engineers.

Detect and Remove OLE Threats with the Cloudmersive Advanced Virus Scan API

The Cloudmersive Advanced Virus Scan API automatically detects OLE content within a document and returns a Boolean in the API response body indicating if OLE content was present. Administrators responsible for configuring the Advanced Virus Scan API request policies on their Cloudmersive account page (or in the API request body when using complementary code examples) can disallow files containing OLE content by setting the relevant request parameter to “False.” Once this parameter is set, any files containing OLE content will trigger a CleanResult: False response.

This scan will also check files against a continuously updated list of more than 17 million virus and malware signatures, with coverage including ransomware, spyware, and trojans. Additional custom policies can be configured in the API request body to detect hidden non-malware threats including executables, macros, scripts, password protected files, and more.

For more information about the Cloudmersive Advanced Virus Scan API, please do not hesitate to reach out to a member of our sales team.

Cloudmersive API Connectors Available on Nintex Workflow Cloud
6/8/2023 - Brian O'Neill

On the Nintex Workflow Cloud, you can seamlessly integrate Cloudmersive APIs as value-add connector actions into your workflows. There are more than a dozen Cloudmersive API actions available in Nintex; below, we’ll cover each available action and highlight its use-case.

cloud with connected dots

Cloudmersive – Virus Scan

Advanced Scan a File
Scan a huge variety of file types (including all office documents, text files, and over 100 image formats) with 360-degree content protection across viruses, malware, and a variety of non-malware threat types. Instantly improve your threat profile leveraging a continuously updated list of more than 17 million virus and malware signatures, with coverage including ransomware, spyware, trojans, and more. Select “Yes” or “No” from available dropdown menus to block executables, invalid files, scripts, password protected files, and macros. Restrict file types by providing a comma-separated list of acceptable file extensions (e.g., .pdf, .docx, .xlsx, etc.). Store this output in an object variable.

Scan a URL
Scan URLs for malicious content and threats, including viruses, phishing links, and more. Store this output in an object variable.

Scan a File
Perform a basic virus and malware scan on a huge variety of file types (including all office documents, text files, and more than 100 image formats) leveraging a continuously updated list of more than 17 million virus and malware signatures. Coverage includes ransomware, spyware, trojans, and more. Store this output in an object variable.

Cloudmersive - Convert Documents

Convert a CSV to JSON Text
Quickly transition data arrays from Comma Separated Values (CSV) to JavaScript Object Notation (JSON) for more widespread application compatibility. Store this output in a text variable.

Convert an Excel (XLSX) file to JSON Text
Convert your Excel files to lightweight JavaScript Object Notation (JSON) strings to increase the visibility of your data. Store this output in a text variable.

Convert Document to PDF
Convert all major Office document file formats, myriad text files, and more than 100 image formats as PDF documents with automatic input format detection. Store this output in a file variable.

Cloudmersive – Currency

Convert Currency
Use the “From” and “To” dropdown menus to convert a specified value between a variety of international currencies, including the US Dollar, Japanese Yen, British Pound, and more. This uses the latest exchange rate information to make your conversion. Store this output in an object variable.

Get Currencies
Retrieve a list of currencies available for currency conversion or exchange rate retrieval. Store this output in an object variable.

Get Exchange Rate
Select available currencies using the “From” and “To” dropdown menus to quickly retrieve an up-to-date exchange rate value. Store this output in an object variable.

Cloudmersive – PDF

Add Text Watermark to PDF
Protect your intellectual property by adding a custom watermark to your PDF documents. Specify the font name, size, color, and transparency level for your watermark text. Store this output in a file variable.

Get PDF Form Field Values
Retrieve the names, types, and values of the form fields in your PDF documents with a single request. Store this output in an object variable.

Get PDF Metadata
Retrieve all the metadata stored in a PDF document, including the document title, keywords, subject, author name, creator name, modification dates, and page count. Store this output in an object variable.

Get Text from PDF
Convert PDF documents into plain text strings in one quick & easy step. Store this output in a text variable.

Protect a PDF
Secure your PDF documents by setting a reader password and owner password, and then select an encryption type from a dropdown menu (128-bit RC4 or 256-bit AES). Store this output in a file variable.

Why It's Important to Scan URLs for Malicious Content and Threats
6/1/2023 - Brian O'Neill

Phishing Alert

Malicious URLs are shared with us through a variety of mediums (including via email, file upload, and other avenues). Typically, these URLs are designed by threat actors to initiate virus downloads on our device or spoof our most familiar login portals to obtain important security credentials.

In fact, the latter scenario – Phishing – represents a disproportionately large share of the world’s most active cyber security threats. According to recent reports, more than 3 billion spam emails containing Phishing links are sent out daily, which amounts to more than 1 trillion Phishing emails per year. Not all Phishing attempts are created equal, of course; some attempts are full of easily spotted errors and inconsistencies, while other attempts (i.e., Spear Phishing) are well-worded and often personally targeted to an unsettling degree. In most cases, Phishing targets don’t even see – let alone click on – spam emails containing Phishing URLs. The ones who do, however, are at a much more serious risk of clicking on the malicious URL, which immediately puts them and possibly their entire network at risk.

Threat actors are playing a numbers game when they send out malicious URLs, and as a result, it’s vital that organizations take a multi-faceted approach to mitigate a consistent onslaught of URL threats. This starts, of course, with adequate user training. Companies that don’t explicitly train users to spot URL threats – especially spam Phishing and Spear Phishing attempts – leave their doors open to catastrophic data loss, data theft, virus installation, and myriad additional consequences.

It’s also critical that organizations apply active security policies against URL threats. The Scan Website iteration of the Cloudmersive Virus Scan API provides a powerful solution, peeking “under the hood” of URL strings to render and analyze the link for potential threats. The API labels malicious links with a CleanResult: False Boolean in the API response body, making it easy to categorically delete these URLs before they can reach a compromising location within a system. In these cases, the API response will also identify the type of threat it found by name.

Restrict File Upload Types to Limit your Threat Profile
5/18/2023 - Brian O'Neill


Why Limit File Upload Types?

The availability and affordability of scalable Cloud Storage solutions has increasingly made direct file upload processes more viable for businesses of all sizes around the world. The benefits of incorporating such processes are clearcut: allowing client-side users to rapidly share things like resumes, insurance claims, photos, and support documentation directly through a file upload portal into a dedicated storage instance simultaneously streamlines business efficiency and improves users' experiences.

However, laying out a direct path between a storage instances and external users also opens the door to some new and daunting security challenges. This makes it possible for threat actors (meaning malicious client-side users intending to exploit a system for some monetary gain, or merely to damage its reputation for personal reasons) to carry out cyber-attacks by weaponizing file uploads in a variety of subtle ways. Many common file formats can be injected with viruses, malware, scripts, macros, and other forms of non-malware threats, and if file upload security policies aren’t carefully evaluated, monitored, and regularly updated to detect these threats, perpetrators can rapidly steal data from a system or compromise access to it entirely.

The growing prevalence of file upload threats makes it crucial for businesses with direct file upload processes to implement powerful, exhaustive policies in defense of their sensitive storage instances - as well as in defense of their trusted client-side users' environments. That starts with deploying anti-virus and anti-malware policies at critical points around a network, but it doesn’t end there. It’s just as important to include rigorous content verification policies that explicitly ignore (i.e., don’t trust) file extensions and headers when validating file upload contents. Considering there are dozens of viable file formats which client-side users can choose before uploading their content for any given business service, however, broad scale content verification can appear to force an uncomfortable choice between upload security and upload efficiency.

Thankfully, there's a simple and balanced solution to this problem. Rather than tackle the problem of validating/verifying dozens upon dozens of unique file formats head-on, it's best to limit the scope of the problem by disallowing unnecessary file types entirely. If, for example, a SaaS website implements a file upload process allowing customers to provide photo documentation alongside their application support tickets, there’s virtually no need to expand the list of viable image formats beyond .PNG or .JPG. Logically, most screenshots are automatically stored in .PNG format anyway, so allowing more complex formats (like .BMP or .TIFF, for example) into the fold is unnecessary to begin with. Once viable file formats are limited to a short list, the process of validating and verifying each new file’s contents becomes far more efficient and dependable, all without having any adverse impact on users' experiences.

Set Custom File Type Restrictions via the Cloudmersive Advanced Virus Scan API

You can easily set custom restrictions on file upload types using the Cloudmersive Advanced Virus Scan API. The restrictFileTypes policy allows you to provide a comma-separated list of file formats which are acceptable for your specific workflow’s needs. Once this policy is configured, all file uploads will receive full, in-depth content verification against this list of viable extensions, and any files NOT matching the extensions provided on the list will receive a CleanResult: False Boolean in the API response body. This makes it easy to rapidly block dozens of potentially dangerous file uploads and instantly improve your website’s file upload threat profile.

Additionally, as its title suggests, the Cloudmersive Advanced Virus Scan API will, by default, scan all file uploads against a growing list of more than 17 million virus and malware signatures, including ransomware, spyware, trojans, and additional non-malware threats. This service leverages high-speed in-memory scanning to deliver sub-second typical response times.

For more information on how the Cloudmersive Advanced Virus Scan API can impact your business, please reach out to a member of our sales team.

How to Scan a File for Viruses and Malware in Power Automate
5/11/2023 - Brian O'Neill

Did you know that you can scan any file upload for viruses and malware in Power Automate using the Cloudmersive Virus Scan Connector?

All you need to do is incorporate the Cloudmersive Scan a File action into your flow diagram, and you can instantly check files against a list of more than 17 million virus and malware signatures, with protection against ransomware, spyware, trojans, and more.

Like most operations in Power Automate, this action is very easy to incorporate. Below, we’ll walk through how you can find, configure, and test the Cloudmersive Virus Scan Connector’s “Scan a file for viruses” action in a simple, instant cloud flow (this flow logic works the same way in automated flows).

From the flow diagram page, let’s start by adding an example file. We can click “New Step” and use a “Get File Content” action to retrieve the file we want. This file for this demonstration is located OneDrive for Business:

1 - Get File Content

Once the "Get File Content" action is open, we can supply our file via the file picker.

2 - Get File Content + File ID

Now that we have our demonstration file within our flow, we can incorporate the Cloudmersive Virus Scan Connector action.

To find the right Connector, let’s click “New Step” again and type “Cloudmersive” into the search bar. Once we do that, a list of Cloudmersive Connectors will populate below our search.

3 - Search for Cloudmersive Virus Scan Connector

From this list, we can go ahead and select the Cloudmersive Virus Scan Connector on the bottom row all the way to the right.

Doing so will prompt us to provide a Cloudmersive API key for authentication. To get your API key, head to the Account Management center in your Cloudmersive account, click “View and Manage Keys,” and then copy your API key to your clipboard. If you don’t currently have an API key, you can get one for free by registering a free account (with zero commitments).

Once our API key is entered, we’ll jump to the Virus Scan Connector actions list.

4 - Virus Scan Connector Actions List

From this list, we can select the “Scan a file for viruses” action at the top.

Doing so will open the connector action body, where we’ll find a prompt to include the input file we want to scan. We can configure this mandatory parameter by clicking on the “input file” field and selecting our file’s content from the Dynamic Content Window.

5 - Scan a File for Viruses Action with File Content

At this point, we can save our flow, confirm our connections, and run our test file through the connector action.

6 - Successful Flow Test Run

When we open the “Scan a file for viruses” action response body, we’ll see our CleanResult response in the action’s Outputs.

7 - Scan a File for Viruses Response Body

We can now use the CleanResult response to dictate subsequent actions in our flow, such as deleting or quarantining our file if any viruses or malware are found.

That’s all there is to it – now you can add a quick, easy layer of security to any flow.

For more information on Cloudmersive APIs and Power Automate Connectors, please do not hesitate to reach out to a member of our sales team.

API Spotlight: IP Intelligence APIs
4/27/2023 - Brian O'Neill

With access to consistent, accurate IP intelligence services, we can protect our applications from external threats while simultaneously improving our users’ experience through regional personalization.

Thankfully, Cloudmersive IP Intelligence APIs make it easy to accomplish all the above with minimal code. Below, we’ll take a closer look at a few of our IP intelligence APIs which are oriented around IP threat detection and retrieval of geolocational data.

Get Intelligence on an IP Address

To investigate an IP address for potential threats, the first thing we should do is reference that address against a list of known-threat IPs. Our “Get Intelligence on an IP Address” API performs that check right away, ensuring the input IP address isn’t associated with any malicious activity (such as malware, phishing scams, etc.) and can’t be traced to any bots (such as those deployed for DDoS attacks). It also identifies if an IP address is a Tor Exit Node, which – while not necessarily indicating an imminent threat to our system – can still be associated with suspicious activity and should be monitored accordingly.

In addition to checking for threats, this API retrieves as much geolocational information about an input IP address as can be found, including its associated country code, country name, city, latitude & longitude coordinates, and more. Useful information such as the currency code & currency name associated with the IP address’ region are also retrieved, making it easy to customize the way financial information (such as price information, for example) is displayed to users from different regions around the world.

Geolocate an IP Address

This API allows us to limit our IP check to ONLY return geolocational information. The underlying service retrieves the same array of locational data as the “Get Intelligence” API – complete with country code, country name, region code, region name, zip code, time zone (standard name), and latitude & longitude coordinates. This service is particularly beneficial for UX applications, as it can help personalize each individual user’s experience.

Geolocate an IP Address to a Street Address

While latitude and longitude coordinates allow us to plot locational data on a global map, street address data gives us a more specific understanding of where an IP address originates from (i.e., is that address a commercial or residential building? Is it active and functioning or empty and abandoned?). Calling our “Geolocate an IP Address” API returns the country code, country name, street address (string), city, region name and zip code associated with any given IP address.

For more information on our IP Intelligence APIs, please feel free to contact a member of our sales team.

API Spotlight: Date & Time APIs
4/20/2023 - Brian O'Neill

For a network of cloud-hosted applications to operate effectively in conjunction with one another, it’s essential that they share a singular, standardized date and time retrieval service. Without syncing a date and time retrieval services across our systems, our time-sensitive automated services can quickly run off the rails, our new schedule inputs (i.e., online bookings and meetings) can be stored incorrectly, and our ability to account for perpetually moving targets on the calendar – like public holidays, for example – can fall by the wayside.

Cloudmersive Date & Time APIs make it easy to integrate high quality, reliable date & time management services and sync them across all your applications. Below, we’ll take a closer look at three of our Date & Time API iterations and get a better understanding of how they can impact your business.

Get Current Date and Time

Implementing our Current Date & Time API gives all your applications access to a centrally available clock – synchronized with atomic clocks – ensuring the utmost accuracy and consistency in Date & Time retrieval. Executing a Get request returns the current date and time for your region (expressed in TimeSpan format), and it also returns Greenwich Mean Time (GMT) for a central reference value.

Get Public Holidays in the Specified Country and Year

Each country has its own evolving list of national public holidays. No matter where your business is located, it’s helpful to enumerate this list at the beginning of each year, and it’s essential to reference schedules against this data when planning important meetings or events over the course of the year.

Structuring your request with country and current-year inputs will return a full list of your country’s public holidays. This includes the following array of information (for each):

  • EnglishName: the name of the holiday in English
  • LocalName: the local name of the holiday in English
  • OccurenceData: the exact date (in TimeSpan format) of the holiday for the specified year
  • HolidayType: the type of holiday in question
  • Nationwide: a string describing whether the holiday is observed across the entire nation

Parse a Free-Form Natural Language Date and Time String into a Date and Time

Generally speaking, the way people like to communicate date and time information is quite different from the way computer applications do. While computers benefit from communicating with standard, structured time values in TimeSpan format, people instead like to make lightweight, unstructured date and time references with context rooted in the present moment. For example, if todays' date is 4/18/2023, instead of asking if their peer is available to meet at 2023-04-19T13:00:00, a colleague would likely ask if they’re available to meet “tomorrow at 1 pm.”

This service parses natural language inputs – such as in the example above – into timespan format, and it additionally returns integers describing the year, month, day, hour, minute, second, and day of the week values from in the original statement (as much information as is made available). To do so, it references the local date and time where the information is originally parsed and processed. The above example would return the following information:

  • ParsedDateResult: 2023-04-19T13:00:00
  • Year: 2023
  • Month: 4
  • Day: 21
  • Hour: 13
  • Minute: 0
  • Second: 0
  • DayOfWeek: Wednesday

For more information on Cloudmersive Date & Time APIs, please do not hesitate to reach out to a member of our sales team.

API Spotlight: Image Information APIs
4/14/2023 - Brian O'Neill

Image files contain a wealth of important information within their file structure. If we’re using images for any downstream operation – whether that be related to image editing, sharing, or even digital forensics – retrieving this information is often a key first step in the process. We can retrieve image metadata, which most importantly provides structural information about the file’s visual content (such as its width, height, etc.), and we can additionally retrieve image color data, which yields information about the dominant color values stored in each pixel within the image.

Cloudmersive Image Information APIs execute simple Post requests on image file uploads and return key information about them in a highly structured format. Below, I’ll dive into both Image Information APIs in a bit more detail.

Return the Image Metadata (Including EXIF and Resolution)

As mentioned above, the most basic and broadly useful metadata we can get from an image file is related to its "physical" dimensions (i.e., the height and width of the image). This data is critical for common operations - such as resizing images - which are often carried out to improve the loading speeds of media-rich pages on a website. Naturally, this API returns much more information than just height and width, however; it will additionally provide the following information:

  • IsValidImage – a Boolean declaring the validity of the image file
  • FileFormat – a string declaring the specific format of the file in question
  • BitDepth – an integer describing the number of bits used to represent each pixel in an image
  • HasTransparency – a Boolean declaring if the image contains transparency features
  • ColorSpace – a string describing the range of colors in the image
  • ExifProfileName – a string declaring the name of the Exif Profile (if available)
  • ExifValues – an array of Exif data (if available) including the Tag (string), DataType (string), and DataValue (string)

Please note that Exif data can be easily removed from an image by its original creator, so this information may not be available in every request.

Each request for this API requires only the input image file for the operation; common file formats such as PNG, JPG are supported.

Return the Dominant Colors of the Image

Each color image contains a wide range of color data in its pixels, and there are always certain colors which are more prevalent than others. This API simply retrieves the top 5 dominant colors from an uploaded image and returns them in a DominantColors data array. This operation is especially useful if you’re trying to invert or negate the colors in an image to create a special effect (or reduce file size). Each input request should contain a valid image file in a common format such as PNG or JPG.

For more information on Cloudmersive Image Information APIs, please do not hesitate to reach out to a member of our sales team.

API Spotlight: Scan Cloud Storage for Viruses, Malware and Content Threats
4/10/2023 - Brian O'Neill

Implementing direct file upload features for client-facing web applications is becoming an increasingly popular trend among businesses all over the world. Enabled largely by the availability of affordable, scalable cloud storage solutions, direct file upload features create a linear path between client-side users and the services they seek out online, improving user experience for customers and increasing workflow efficiency for businesses in one fell swoop.

It's not all sunshine and rainbows, however. Direct file uploads also open the door to a variety of file upload threats which, if not detected and contained properly, can have severe consequences for both businesses and the customers who entrust them with sensitive information. As such, it's critically important that file uploads are routinely scanned for viruses, malware, and other content-based threats at multiple points in any business' system architecture - including the cloud storage instances they reside in and are eventually retrieved from.

Cloudmersive Cloud Storage Virus Scanning APIs provide powerful protection for your cloud storage instances, integrating seamlessly with Azure Blob, AWS S3, SharePoint Online Site Drive, and Google Cloud (GCP) Storage. Using minimal code to establish your connection, you can quickly gain 360-degree content protection against malicious file uploads, safeguarding your cloud storage instances against tens of millions of virus and malware signatures. You can additionally manage a variety of customizable threat rules in your API request body to block (or allow) executables, invalid files, scripts, macros & more, and you can easily restrict unwanted file types with full content verification.

Below, we’ll walk through each Cloud Storage Virus Scanning iteration and highlight the specific information you’ll need to configure your request for each supported storage instance. After acquiring the necessary details, you can easily structure your API calls with your preferred choice of complementary, ready-to-run code examples - all of which are available via the “Docs & Examples” page in your Cloudmersive account.

How to Protect Azure Blob Storage

To configure virus scanning for Azure Blob Storage, start by gathering the following information:

  1. Connection String: you can obtain this information by navigating to the “Access Keys” tab of the “Storage Account Blade” in the Azure Portal.
  2. Container Name: provide the name of the specific Blob container you’d like to protect (within the Azure Blob Storage account).
  3. Blob Path: provide the path to the blob within the container; if the path contains Unicode characters, you’ll need to base64 encode it and prepend with ‘base64’

How to Protect AWS S3 Storage

To configure virus scanning for your AWS S3 Storage instances, you’ll need the following information ready:

  1. Access Key: this can be obtained by heading to the AWS console and looking within “My Security Credentials”
  2. Secret Key: same as above; this can be obtained by heading to “My Security Credentials” in the AWS console.
  3. Bucket Region: provide the name of the exact region of your S3 bucket (e.g., “US-East-1”).
  4. Bucket Name: provide the name of the S3 bucket.
  5. Key Name: parse the name of the files in S3 that you wish to scan for viruses. You’ll need to base64 encode the key name if it contains Unicode characters and prepend it with ‘base64’.

How to Protect SharePoint Online Site Drive

To configure virus scanning for your SharePoint Online Site Drive instances, prepare the following information:

  1. Client ID & Client Secret: you’ll need to follow a few steps to find this information:
    1. Navigate to the Azure Portal and click on Azure Active Directory
    2. Click on App Registrations (left-hand side)
    3. Click on Register Application
    4. Name the application CloudmersiveAntiVirus; then click “Register”
    5. Get the client ID by clicking on Overview and copying the value labeled Application (client) ID
    6. Click on Certificates and Secrets
    7. Click on New Client Secret; choose a longer expiration and give the secret a name
    8. Copy the secret value to the clipboard; save it securely (this is your Client Secret)
    9. Begin granting permissions to SharePoint; first slick on API permissions on the left hand side
    10. Click “Add Permission” and choose Microsoft Graph
    11. Click on “Application Permissions”
    12. Search for “Site.FullControl.All”
    13. Click on “Add Permissions”
    14. Head back to Azure Active Directory; click on “Enterprise Applications”; click on "CloudmersiveAntiVirus” and click on “Permissions”
    15. Click on “Grant Admin Consent”
  2. SharePoint Domain Name: provide your SharePoint Online domain name (e.g.,
  3. Site ID: provide the ID of the SharePoint site you want to retrieve the file from
  4. Tenant ID: (Optional) provide the Tenant ID of your Azure Active Directory
  5. File Path: path to the file(s) you want to scan
  6. Item ID: provide your SharePoint itemID (such as DriveItem ID)

How to Protect Google Cloud Platform Storage

To configure virus scanning for your Google Cloud Platform Storage instances, prepare the following information:

  1. Bucket Name: provide the name of the bucket you’d like to protect in GCP Storage
  2. Object Name: provide the name of the object (or file) in GCP Storage; if it contains Unicode characters, prepare to base64 encode the object name and prepend with ‘base64’
  3. JSON Credential File: provide the service account credential for Google Cloud (stored in a JSON File)

For more information on how you can leverage our low-code (and no-code) Scan Cloud Storage APIs, please do not hesitate to contact a member of our sales team.

API Spotlight: PDF Annotation APIs
4/6/2023 - Brian O'Neill

It’s no exaggeration to call PDF one of the most popular file types in the entire world. According to recent studies, it’s the third most common format found anywhere on the web – even ahead of JPG and PNG, which collectively store most of the internet’s image content.

A subtle advantage of storing content in PDF format is the option to programmatically edit that content while it remains locked in its compressed form. Manipulating files without opening them can drastically impact the efficiency of any file sharing workflow, especially when relatively small changes – such as the addition/removal of comments or annotations in a document – are required. For developers and administrators working in industries where contracts, waivers, insurance forms, mockups, etc. are being moved from one storage instance to another in large quantities, programmatically handling document annotations in large batches efficiently consolidates precious time and resources.

Our PDF Annotation APIs make it extremely easy to get, change, and remove annotations and comments from PDF documents without ever having to open those documents in the first place. Minimal code is required to structure each API call, and simple request parameters make it easy to customize new content by providing exact locational details for each addition to your documents. Below, we’ll take a closer look at each of our four PDF Annotation APIs and the way they can each be used to impact your PDF editing workflow.

Add One or More PDF Annotations, Comments in the PDF Document

When creating a new annotation or comment in a PDF, a variety of important information is required at the outset to define the body of the new content and its specific location within the document.

This API iteration allows you to structure a single request determining all relevant details for new annotations or comments at once. Each request can be customized to define the Title, Subject, Text Contents, Annotation Index, and Annotation Type (e.g., “Text”); in addition, integers can be specified to determine the Page Number, LeftX, TopY, Width and Height specifications which will collectively place the annotation/comment at a specific point of your choosing within the document. Timespan format can also be used to set the creation and modification dates for each annotation or comment according to your preference. Once your request is submitted, the underlying service will simply return the encoding for the modified PDF file.

Get PDF Annotations, Including Comments in the Document

Before taking action to remove or edit existing comments and annotations within a PDF file, it’s highly beneficial to first retrieve details about their index, their location within the document, and their exact contents. Calling the “Get PDF Annotations” API iteration will automatically retrieve this information, structured in a similar way to the “Add One or More PDF Annotations” input request.

Remove a Specific PDF Annotation, Comment in the Document

After retrieving data about all the comments or annotations within a document, it’s possible to remove specific annotations individually using the annotation index. In its request parameters, this API iteration requires the input file path along with the annotation index(es) for removal, and it subsequently returns the encoding for the PDF File with the specified annotations or comments removed.

Remove All PDF Annotations, Including Comments in the Document

If your goal is to indiscriminately clear a document of all its annotations or comments, there’s no need to retrieve details about each one of them first. You can structure your request to our “Remove All PDF Annotations” iteration with your file path alone, and the underlying service will return your document with all annotations and comments removed.

For more information on our PDF Annotation (or PDF Editing) APIs, please do not hesitate to contact a member of our sales team.

API Spotlight: Validate Phone Number Syntax
3/22/2023 - Brian O'Neill

Invalid syntax can instantly turn promising contact data into a string of useless text. When it comes to phone numbers, syntax errors are particularly easy for the human eye to miss; the difference between correctly and incorrectly formatted strings often comes down to one small digit in the wrong place (or a digit missing from the equation entirely).

Programmatic data validation is key to ensuring you end up with high-quality contact data. If your applications can identify problems independently upon accepting new information, you can avoid wasting precious time correcting common errors at a later date. You may not have a choice in the matter, either; if you're working in any highly regulated industry, you may be forced to comply with stringent data accuracy standards, making precise validation measures obligatory features in our workflows.

Regardless of your use case, our "Validate Phone Numbers" API can make a big impact.

Cloudmersive Phone Number Validation API

The “Validate Phone Numbers” iteration of our Validation API can be quickly and easily deployed to ensure the correctness of new contact information within your applications. The underlying service will first validate the syntax of each phone number and, if valid, return a variety of useful information about them. This information includes the following:

  1. “IsValid” - a Boolean determining the validity of the input string.
  2. “Successful” - A Boolean describing the success of the operation.
  3. “PhoneNumberType” - A string identifying the phone number type.
  4. “E164Format” - A string displaying the phone number in E164 format.
  5. “InternationalFormat” - A string displaying the phone number in international format.
  6. “NationalFormat” - A string displacing the phone number in national format.
  7. “CountryCode” - A string identifying the associated country code on its own.
  8. “Country Name” - A string identifying the associated country name on its own.

For more information on how you can take advantage of our “Validate Phone Numbers” API, please do not hesitate to contact a member of our sales team.

API Spotlight: Validate Email Addresses
3/20/2023 - Brian O'Neill

fast typing hands

Quality contact information is critically important to any business. With an organized database of email addresses, you can establish consistent, long-term communication patterns with your clients/customers and maintain positive relationships with them well into the future.

As with most forms of text data, it’s essential to make sure email syntax is accurate right when it’s entered your system. Otherwise, you risk losing precious contact information to predictable typos and sloppy copy/paste jobs. In addition, it’s highly beneficial to get up-to-date information on each address’ email server right off the bat; that way, you can avoid bounce-backs when messaging each recipient in the future.

Thankfully, it’s quick and easy to implement a rigorous email validation workflow with Cloudmersive Email Validation APIs. We have three separate Email Validation API iterations you can choose from, each differing slightly in breadth to serve varying degrees of need. Below, we’ll take a closer look at all three of our Email Validation API iterations and discuss their respective use-cases.

Fully Validate an Email Address

As the name suggests, this iteration presents our most comprehensive, multi-step email validation solution. Full email validation entails checking each email for syntactic correctness (i.e., is the email spelled & formed properly?) and subsequently identifying the mail server in question (if any). Once those steps are complete, the final step entails contacting each address’ email server to validate whether the accounts exist - without ever sending those servers an email in the process.

This iteration returns strings identifying both the mail server (used for validation) and the email domain. In addition, each response supplies Boolean strings clearly stating whether the address, syntax, domain, or SMTP are valid, and whether the email address is a “catch-all domain”, a free email provider, or a disposable (limited use) email.

Partially Check Whether an Email Address is Valid

This iteration limits the validation process, solely identifying whether an email address’s parent domain servers are properly defined. Improperly defined servers make it difficult to contact an associated email address, and in some cases, this can even indicate malicious activity (such as email spoofing).
In its response, this API provides one (or more) strings containing the names of defined email servers associated with the input address. It also provides an initial Boolean response describing the success of the initial operation.

Validate Email Address for Syntactic Correctness Only

This third and final iteration won’t attempt to contact any external servers – rather, it will simply perform a local-only check to ensure each email address is properly formatted (e.g., containing the “@” symbol and valid domain syntax). It’s a great option to use when external server responses aren’t necessary in the immediate term.

Each response returns a Boolean identifying whether the address is valid, whether the email provider is recognized as a free email provider (google, yahoo, outlook, etc.), and whether the address is recognizable as a disposable address. In addition, the address domain is returned as a string.

For more information on our Email Validation APIs, please feel free to contact a member of our sales team.

API Spotlight: Convert Web Content to PNG, PDF & Text Formats
3/8/2023 - Brian O'Neill

Uniform Resource Locators (URLs) and HypterText Markup Language (HTML) standardize the way we find and view information on the internet. Thanks to these pivotal technologies, anyone can instantly access web resources by following shareable links, and anyone with an internet browser on their device can easily view content saved in HTML format.

Handing in a document

Converting web content to non-web formats becomes necessary when we’re faced with a few common accessibility challenges. For one example, documents stored in HTML aren’t convenient to edit; those documents must be converted to a plain or rich text format when we want to efficiently make changes to them. For another, web pages don’t always load or display properly; documenting such issues requires quickly storing the present state of that web content in a static file format.

Cloudmersive Web Conversion APIs make it easy and efficient to convert URL and HTML content into a variety of static, interoperable formats. With these APIs in your arsenal, you can rapidly scale your applications’ functionality and directly benefit your users, all while reducing the overhead cost of writing and implementing the code for such features yourself. Below, we’ll highlight a few of our most popular Web Conversion API iterations and discuss their respective use-cases

Convert Web Content to PNG, PDF

Documenting a website’s progress with static images makes a big difference in its long-term success. Since most websites undergo a variety of functional and aesthetic changes throughout their lifespan, storing each iteration of that change tells a story which sets up future web developers for success. Further, given that all websites encounter problems with loading or displaying properly at one point or another, sharing images of those problems allows support teams to solve problems quickly and effectively.

There’s relevant utility for documenting external web content, too. Potentially threatening links shouldn’t be clicked on directly, so automatically rendering and documenting a suspicious URL can help avert a potential security breach.

Automating web documentation with APIs streamlines the efficiency of documentation processes, eliminating the need to manually create and store images (which can vary dramatically in quality and utility to begin with).

Convert URL to PNG & Convert URL to PDF

The URL Screenshot API fully renders a website URL and returns a PNG Screenshot of the full-page image. In your request, you can specify how much extra loading time the service should apply when rendering the website (this is useful for websites with more elements to display), and you can also specify the height and width dimensions of the resulting image.

The URL to PDF API performs the same baseline function as the above, differing in that it generates a PDF from the website’s HTML code. When using this iteration, you can configure a Boolean to include background graphics from the website page and specify the scale factor for the output screenshot

Convert HTML TO PNG & Convert HTML to PDF

The HTML to PNG API presents an alternative screenshot process to the URL iteration, rendering a website from an HTML string and returning a PNG screenshot of the website’s contents. This iteration also supports specifying extra loading weight, screenshot height and screenshot width in your request.

The HTML to PDF API performs the exact same function as the URL to PDF iteration, this time sourcing an HTML string directly from the input request rather than distilling it from a URL string. Extra loading wait, background graphics inclusion and scale factor are also configurable in each request.

Convert HTML to Plain Text

Since HTML is used to format and display text elements, we need to first remove text from HTML code to review and edit it properly. Plain text (TXT) is a lightweight format with universal interoperability, so it makes a lot of sense to target this format when separating text elements from HTML code.
The HTML to Text API will simply strip text content from HTML code and return that text as a single string. You can subsequently save and edit this text in any plain text editor with ease.

Convert HTML to DOCX

While interoperability isn’t the strong suit of a licensed rich text editor like Microsoft Word, built-in editing and multimedia display features still offer ideal editing flexibility for those with access to the application. Additionally, since it’s common to convert DOCX files to HTML so they can be viewed on a browser, automating conversions back to DOCX format at scale saves a lot of manual time and effort.

The HTML to DOCX API accepts an HTML string as input and returns the encoding string for a DOCX file.

For more information on our Web Conversion APIs, please contact a member of our sales team.

API Spotlight: Convert Documents to PDF
3/1/2023 - Brian O'Neill

Creating PDFs is a repetitive office administration task - but it doesn’t have to slow you down. With our PDF document conversion APIs in your arsenal, you can quickly and securely convert common document types to and from PDF format – including Word DOCX, Excel XLSX, PowerPoint PPTX, and more. In this article, we’ll highlight a few of our most popular PDF Document Conversion APIs and discuss how they can impact your business.

PDF Printed Documents

Convert Between DOCX And PDF

There are few word processors more widely known and used than Microsoft Word, which means DOCX files are an exceedingly common sight on most work computers. As useful as Word may be for creating content, however, it’s not quite as ideal for sharing it, because there’s no guarantee that downstream document recipients will have Microsoft Word installed on their device.

Converting DOCX documents to PDF will ensure that the original document contents – including all rich formatted text, tables, and multimedia elements – can be viewed by anyone in a standard, interoperable format while simultaneously adding a layer of document security. Conversely, if those PDF files need to be opened and edited, converting back to DOCX will do the trick.

Our DOCX to PDF and PDF to DOCX conversion APIs make it easy and simple to convert between documents at scale, requiring each file path in the request and returning each output file encoding string when the operation completes.

Convert Between XLSX and PDF

For several decades now, Excel has dominated the market for spreadsheet applications. Presently, there are more than a billion unique Excel users worldwide - it’s no exaggeration to say that millions of professionals can’t go more than a week without opening an XLSX document for one reason or another.

When it comes to publishing or sharing finalized projects created in Excel (especially reports), however, XLSX isn’t the ideal format to use. Not only will PDF format provide a more clean, presentable format for viewing spreadsheet data, but it’ll also increase overall document security as well, ensuring unwanted external users can’t access and change important information on a whim.

Our XLSX to PDF and PDF to XLSX conversion APIs allow developers to automate the process of exporting key XLSX reports in PDF format and just as easily return PDF documents to XLSX format when the need arises.

Convert Between PPTX and PDF

While we might think of PowerPoint as a decades old slide-by-slide presentation design software, the modern, real-life uses of PPTX far exceed that parameter: PowerPoint is widely used for designing logos, video thumbnails, interactive documents, infographics and much more.

However, with the amount of complex information they store, these files can become very large, which makes sharing PPTX over email and messaging applications a bit of a hassle. PDF presents a lighter-weight format for sharing (especially when rasterized) and, similarly to the DOCX use case, it helps ensure the project’s interoperability with external operating systems.

Our PPTX to PDF and PDF to PPTX conversion APIs make it easy to convert PowerPoint documents to and from PDF format with a high degree of efficiency.

Convert Document to PDF

If you’re developing a workflow to convert multiple separate file extensions to PDF, automatic file detection may well be the solution you’re looking for. Rather than converting from an expected file extension such as DOCX, XLSX, or PPTX, an autodetection conversion API will first read the file extension for the input file and perform the correct PDF conversion based on that result.

Our Convert Document to PDF API is equipped to detect all major office document formats (including DOCX, DOC, XLSX, XLS, PPTX, PPT, HTML, TXT, and more than 100 common image formats such as JPG, PNG, TIFF, etc.) from the file included in your request and will return the PDF file encoding as a string.

For more information on our PDF Document Conversion APIs, please contact a member of our sales team.

API Spotlight: Split Documents into Separate Files
2/24/2023 - Brian O'Neill

While document merging can help optimize content for short-term presentation or printing needs, it’s rarely to our advantage having large multipage files lying around in storage. For one thing, large files are more difficult to share across most networks, and for another - depending on the industry these files are used in – they can represent a violation of compliance requirements (which may compel a company to separate sensitive data to reduce the risk and impact of data breach).

Document splitting and merging are similar in one respect – they are both time-consuming manual processes which benefit immensely from API automation. The Cloudmersive Convert API makes it easy to implement secure document splitting services into your file processing applications with minimal code, greatly reducing the burden of manual file processing. Below, we’ll highlight a few of our most popular Split Document API iterations.

document binders on table

Split Word DOCX Document into Separate Documents by Page

Microsoft Word (DOCX) is widely used and depended upon for creating and storing specially formatted, rich-text documents, including anything from legal contracts to questionnaires.

The Split Word DOCX API iteration is designed to automatically split an input DOCX file into separate documents – exactly one per page – and return each result alongside its corresponding page number. The API response will contain both a document URL and a DOCX file encoding string for each document, unless a “returnDocumentContents” Boolean is specified in the request to return only a file URL.

Split Excel XLSX into Separate Worksheets

Boasting more than a billion unique users worldwide, it’s no exaggeration to say that much of the business world depends on Excel to organize and model their data.

Since XLSX spreadsheets break down the contents of each individual spreadsheet into worksheets rather than pages, the Split Excel XLSX API iteration returns each new file’s encoding relative to the name of its corresponding worksheet name and worksheet number. To return only a URL, you may set the “returnDocumentContents” boolean in your request to “false.”

Split PowerPoint Presentation PPTX into Separate Slides

While PowerPoint is chiefly depended upon to format and organize digital presentations, its real-world uses often exceed those parameters. For example, it’s common to use PowerPoint slides to create logos, video thumbnails, animations, storyboards, and much more.

The Split PowerPoint PPTX API iteration returns one new PPTX file per slide of your original PPTX document, making it easy to separate and quickly build upon specific slide information or designs. The presentation contents and URL for each slide will be returned relative to slide number, and as with previous examples in this article, the “returnDocumentContents” Boolean may be set to “false” to return only a URL.

Split PDF into Separate PDF Files

Given the universal interoperability of PDF format, it’s common that multi-page DOCX, XLSX or PPTX documents are exported and shared as PDF documents. With that in mind, a PDF splitting operation effectively doubles as a DOCX, XLSX and PPTX splitting operation, ensuring the contents of each document type (and many additional document types not listed here) can convert back into their original format when the need arises.

The Split PDF Document API iteration cleanly divides an input PDF document into one new file per page, returning file encoding which can easily transition back into its original file format through a simple document conversion operation (unless the PDF document is rasterized). As highlighted in the prior API descriptions, you may elect to return only a PDF URL by setting the “returnDocumentContents” Boolean to “false”.

For more information on our Document Conversion APIs, please contact a sales representative.

API Spotlight: Name Validation APIs
2/17/2023 - Brian O'Neill

Names on wedding table

It’s no exaggeration to say that our names are a critically important part of our identify. The way our names are pronounced and spelled, for example, is often rooted in our own personal family history, so when others misspell or mispronounce them, it’s easy for us to feel offended or exasperated as a result.

This sensitive subject intersects with online business when we ask customers to record their names and contact details on our website. When this contact information is used to automate customer outreach (such as in emails, cards, etc.), it’s extremely important that each customer’s name is spelled the way they expect it to be, or our relationship with that customer can immediately begin on the wrong foot.

Names need to be entered correctly into our systems out the outset, and name validation APIs provide the logic to ensure that happens. Below, we’ll highlight some of our Name Data Validation API iterations and discuss the value they bring to any application storing customer information.

Validate a First or Last Name

Our two most basic name validation APIs identify whether first and last name entries are valid based on an inclusive set of criteria. Rather than rigidly referencing first and last names against a database – a practice which often fails to include many unique, personal spellings of names – the first and last name validation APIs will simply ensure that numbers, irrelevant symbols, spam inputs and blank entry fields are avoided during name entry.

Common spellings of names will receive a ValidKnown result, while more rare or altogether new spellings of names will return a ValidUnknown result, ensuring customers can use a unique spelling and also quickly identify typos if that spelling was unintentional. Other name validation responses include InvalidSpam, InvalidCharacters, and InvalidEmpty.

Parse and Validate a Full Name

This API iteration is designed to allow users to enter full names – including suffixes, nicknames, and titles – into a single field as a string. This iteration makes it possible to capture a wide variety of information about our customers and naturally accommodate both longer family names and titled names, such as those starting with “Dr.”, “Mr.”, “Mrs.”, etc.

When a full name string is entered, this API will automatically identify each element of the name and break it down into its component parts, including FirstName, LastName, MiddleName, Nickname, Title, and Suffix. Out of all these components, only the first and last names will be directly validated for accuracy, using the same validation logic & validation responses described for the previous iteration.

This API will first provide a Boolean response determining the success of the operation. Additionally, after breaking a full name into its components, it will return the full DisplayName as a string.

Get the Gender of a First Name

Since names often reflect a person’s gender identity, storing gender information based on name inputs allows us to customize our relationship more effectively with each customer. If, for example, we are storing customer information on an ecommerce shopping website, we can use gender categorization to automatically tailor product suggestions to a customer and increase commercial engagement.

It's important to note, however, that not all names directly indicate a particular gender, and implied gender can also vary based on culture. As a result, this API takes into account both first names AND country codes, and returns possible gender values including Male, Female, and Neutral.

For more information on our Name Validation and Data Validation APIs, please feel free to make an inquiry with our sales team.

API Spotlight: Image Recognition APIs
2/8/2023 - Brian O'Neill

printed photos on a table

From digital forensics to automatic photo captioning, our image recognition APIs make it possible for you to add powerful, intelligent features to your image processing applications at low cost. Below, we’ll take a closer look at a few of our most popular Image Recognition API iterations and examine how they can be used to impact your business.

Generate Perceptual Hash; Calculate Similarity Between Perceptual Hashes

Perceptual hashing is a very reliable and lightweight method used for comparing images against one another. It’s frequently used in digital forensics to track down illegally disseminated images, and it’s also regularly employed to identify cases of copyright infringement, such as a scenario where some unlicensed entity may have stolen a protected image and used it online for commercial gain.

Creating a perceptual hash for any image involves calculating a hash value based on that image’s specific properties, such as its color and texture. Once that hash is generated, it can be compared with the perceptual hash of a second image to identify the differences between them. The degree of difference between these two hash values is referred to as a “Hamming Distance” (named after Richard Hamming, a famous American mathematician whose research provided the basis for this operation).

The “Generate Perceptual Image Hash” API iteration accepts a common image format (such as PNG, JPG) in its request and returns an image hash as a string. The “Calculate Similarity Between Two Perceptual Image Hashes” API iteration accepts two separate perceptual hash strings as input and returns an “ImageSimilarityScore” based on the Hamming Distance between them. Together, both API iterations can be used to protect your online image content or identify duplicate images within your own systems.

Describe an Image in Natural Language

There are dozens of unique, exciting applications of Deep Learning Artificial Intelligence (AI) which have become increasingly democratized in recent years, and automatic image description is a worth inclusion on that list. At a high level, this process involves preprocessing and extracting key features from an image which can be subsequently encoded and referenced against a training dataset. There are a variety of applications for this technology, including automatic image captioning and indexing (making images easier to search with keywords).

This API accepts an image in a common format (such as PNG, JPG) and generates two separate descriptions for that image in return. The first description is the “BestOutcome,” and the second description is the “RunnerUpOutcome.” A confidence score ranging from 0.0 – 1.0 is provided alongside each description, with lower values indicting lower confidence, and higher values indicating higher confidence. Additionally, a “HighConfidence” Boolean response is provided independently of both descriptions to initially evaluate the overall success (potential utility) of the operation.

Detect People in an Image, Including their Location Within the Image

Whether you’re analyzing still-frames from security camera footage or planning to crop photos automatically for our website, understanding the existence and location of human subjects within your image is extremely important. Like the previous API described in this post, this operation also relies on feature extraction, leveraging a vast training dataset to accurately distinguish human forms from non-human forms within the confines a digital pixel matrix.

This API will identify the position, size and location of human subjects within an image – regardless of which direction those people are facing (i.e., this does not rely on facial recognition). The specific height, width and pixel coordinate location of each detected human subject is expressed in terms of pixels, and an overall “ObjectCount” is provided to summarize the total number of people identified.

Detect and Unskew a Photo of a Document

When we take photos of documents on our handheld cameras and smartphones, the images we take are rarely perfect, and in many cases these imperfections make subsequent OCR or document conversion operations difficult to perform with high fidelity. As a result, when we build application workflows designed to funnel images into OCR or document conversion operations, it’s important to first incorporate a step which automatically corrects our images’ imperfections, thus optimizing their contents’ machine readability.

The purpose of this API is specifically to assist in the downstream OCR and conversion operations mentioned above. This API accepts images in common formats (such as PNG, JPG) and automatically corrects natural image skewing, returning a perfectly square image. When calling this API, you’ll have the option to apply a Black and White postprocessing effect to the image as well, which serves to further aid in subsequent OCR operations.

For more information on our Image Recognition APIs, please feel free to contact our sales team.

API Spotlight: Video Processing APIs
2/3/2023 - Brian O'Neill

beach video capture

Developing an efficient video upload process for any web application can be a bit challenging. That’s chiefly because videos are much larger than other forms of content, typically incorporating multiple types of media at once - which puts extra pressure on the web servers responsible for processing them.

The Cloudmersive Video API contains eleven useful iterations which greatly reduce the hassle of processing video files. They can effectively offload pressure from your web application's workflow, freeing up server resources while expanding your application's functionality. Below, we’ve highlighted four of our most popular Video API iterations with context for their respective use cases.

Convert a Video to MP4 Format

Many people are familiar with MP4 format, and even if they aren’t, there’s a good chance they use it unwittingly when exporting their videos. There’s a good reason for MP4’s sustained popularity – it offers excellent compression and streaming capabilities (along with a host of multimedia benefits) and it continues to be widely supported as a result. There are, however, still a variety of other popular video formats out there (such as WebM and AV1), so it’s important that any website preferring MP4 files has a way of converting these other formats to MP4 when the need arises.

This API automatically detects a variety of common video formats (using file path or file URL) and converts them to MP4 format. In addition to this, it provides a host of format customization options, allowing you to influence your output product in each request. When calling this API, it’s possible to change the height, width, aspect ratio, framerate, and output quality (compression) of a video during its conversion to MP4.

Please note that the Video API also supports video conversions to WebM, MOV, GIF and PNG (for still frames) formats.

Resize a Video, Preserving OR Ignoring Aspect Ratio

There are two Cloudmersive Video API iterations which can be used to physically resize videos: one which preserves the original aspect ratio (height/width ratio), and one which ignores aspect ratio, allowing instead for full customization of video dimensions. Both iterations are important additions to any video processing workflow; the former allows us to scale a standard output file up or down, while the latter facilitates an entirely unique look and feel.

When structuring an API call to either of these video resizing iterations, you’ll have the option to specify the maximum height and/or width of the output file, along with the framerate and compression level. Please note - when selecting files for these operations, any file larger than 2 GB should be included in URL form (rather than file path).

Cut a Video to a Shorter Length

“Short and sweet” has become a go-to trend for generating engaging video content. We’re growing more and more accustomed to consuming 5, 10, 15 or 30 second videos which jump straight to the action, fighting to capture ever-shortening attention spans. Offering a video shortening service in your application will make it easy for client-side uploaders to decide on the final length of their content without having to waste time editing and re-uploading their videos.

This API iteration allows you to easily cut videos to a specified length using specific start and end times in TimeSpan format. If an end time isn’t specified, the API will cut anything before the start time and leave the remainder of the video (up to 4 hours) untouched.

Scan a Video for NSFW Content

For any workflow handling visual content uploads, content moderation is a key checkpoint in the upload process. It’s important not to let videos containing NSFW content (such as racy or pornographic material) reach storage, or we run the risk of inadvertently offending any client-side visitors or internal colleagues who may need to access that content downstream. Human content moderation teams can independently review small volumes of content uploads without programmatic intervention, but large volumes of uploads call for a more scalable solution to assist in that review.

The NSFW Video Scanning API reviews each frame within an uploaded video, using advanced Machine Learning AI to identify racy or pornographic content. If such content is identified, this API will return invaluable information for content moderation purposes, including the total number of racy or NSFW frames in the video and the exact timestamp & frame number for each. Along with each NSFW frame, a content classification result string and numerical score is provided, helping diagnose the degree to which the flagged content may be offensive.

For more information on our Video APIs, please contact our sales team.

API Spotlight: Security APIs for Content Threat Detection
1/20/2023 - Brian O'Neill

dark lighting with typing on laptop

Since a company's web servers will always contain sensitive (and lucrative) information, its web applications will always present a worthwhile target for cyber criminals. When attackers are successful in their attempts to hack a company’s web servers, they can leave their victims reeling to recover losses - or put them out of business entirely.

Thankfully, with Cloudmersive Content Security APIs in your arsenal, many common web application breach attempts can be deterred - all with only a few lines of code. Below, we’ve highlighted three of our most popular Security API iterations which help prevent Cross-Site Scripting (XSS), XML External Entity (XXE) attacks, and SQL Injection (SQLI) attacks respectively.

Cross-Site Scripting (XSS) Detection & Prevention API

The goal of a Cross-Site Scripting (XSS) attack is to steal important information from your website visitors. An attacker can accomplish this easily if a website doesn’t properly validate user inputs; they’ll inject their own code into our website, and that code will subsequently execute in the browser of an unsuspecting visitor, allowing the attacker to strip information (such as login credentials) from that visitor.

The Cross-Site Scripting Detection API identifies and removes XSS attacks automatically through normalization, rendering the attackers’ actions inert and returning a normalized result string (labeled “NormalizedResult”). The information returned by this API also includes a Boolean (labeled “ContainedXss”) indicating if an XSS attack was identified, along with a string (labeled “OriginalInput”) which displays the original XSS input.

XML External Entity (XXE) Detection API

If your web application parses external XML entities, it’s critical to protect it against XXE attacks. Since XML format can store a variety of complex information, it’s possible to trick poorly configured XML parsers into referring to & accessing sensitive data based on malicious references hidden within an XML string. It's important to note that preventing XXE attacks starts with evaluating the parser itself: do you need to enable external entity processing in the first place, or can you configure your parser to only process data from sources you trust?

In any case, it’s sensible to involve a rigorous security policy in this process. Our XXE detection API makes a huge difference in the data validation process, immediately identifying malicious references buried within XML schemas and supplying a simple Boolean response (labeled “ContainedXxe”) when an XXE attack is detected.

SQL Injection (SQLI) Detection API

When client-side users query servers for information, their search is often transformed into a standard SQL query which attempts to access server information on their behalf. Attackers using a SQL Injection strategy will specifically attempt to exploit this process by including malicious queries in the user input phase. If user inputs aren’t properly validated, these queries can be inadvertently processed, bypassing our security policies and giving the attacker unrestricted access to our server data.

The SQLI Detection API enacts a critical security policy during the user input validation process. It provides a Boolean response (labeled “ContainedSqlInjectionAttack”) indicating if an SQLI attack was detected in a particular string.

For more information about our Security APIs (and additional security products), please contact our sales team.

API Spotlight: Easy Photo Filter APIs
1/3/2023 - Brian O'Neill

On websites where images are frequently uploaded, basic image filters are a great inclusion – especially with the availability of high-quality, low-code image filtering APIs to get the job done.

It's become increasingly common place to find a catalogue of image filtering options available when we upload our content to social websites (such as social media, ecommerce, etc.) - yet another testament to the constant democratization of complex technologies in the digital age. Many such filtering services, such as those which allow us to adjust contrast, blur, sharpen, brighten, or even emboss our images, were once only accessible through licensed photo editing applications or widgets limited to desktop use.

Thankfully, you don’t need to write dozens of lines of code to include image filters in your applications; our suite of Image Filtering APIs will allow you to easily build a variety of simple photo filtering services into any application using only a few lines of ready-to-run, copy & paste code examples. Below, we’ll take a closer look at three of our eight Image Filtering APIs and their respective benefits.

Gaussian Blur API

The Gaussian Blur filter gets its name from the mathematical function used to model a blur effect's distribution across the pixels in a digital image. Formulas aside, the outcome of a Gaussian Blur is a simple effect that we’re quite used to seeing in online images: certain areas within an image become blended with one another to reduce detail, making a once sharply defined pixel matrix appear slightly out of focus instead.

There are a variety of useful applications of this filter, and perhaps the most common among those is to reduce noise (random variations) in an image. Performing a Gaussian Blur is also a great step to take before overlaying text on top of a photo, as it will increase the contrast between the text and the photo, making the text easier to read.

Our Gaussian Blur API's request parameters include the following:

  1. imageFile – the image file to perform the operation on (common formats like JPEG, PNG supported)
  2. radius – the intended radius of the blur operation (higher integers result in a larger blur effect)
  3. sigma – the variance of the blur operation (higher integers result in a more greatly varied blur effect, directly impacting the Gaussian function used to generate the filter)

Embossment API

Embossment is a long-standing practice with roots in physical printing processes. As far back as the 1400's, publishers saw value in making three-dimensional impressions on otherwise flat surfaces; it increased contrast between a subject and its surface, resulting in a pleasant tactile element. To this day, physical embossment is still applied to books, logos, credit cards and business cards, and you might still occasionally notice embossed grooves when drinking from glass soda bottles.

Digital embossment seeks to emulate this centuries-old physical effect by generating contrast in certain areas around the subjects of a photo, which creates the impression that they are raised off a 2-dimensional surface. While online digital images clearly lack a tactile element, this filter helps emulate the enhanced aesthetic which contoured objects provide.

Our Emboss Image API's request parameters include the following:

  1. imageFile – the file to perform the operation on (common formats like JPEG, PNG are supported)
  2. radius – the radius of the embossment operation (expressed in pixels; higher integers result in a greater embossment effect)
  3. sigma – the variance of the embossment operation (higher integers result in a more varied embossment effect)

Grayscale API

Where color can’t adequately distinguish the finer details of a photograph, grayscale often can. Grayscale filtering – more commonly known as black-and-white filtering – is a simple process with a powerful effect.

Digital images store pixels which present a variety of complex hex (color) values, and when we apply a grayscale filter, we simply remove that color information from the equation, expressing visual information in terms of brightness levels instead. This filter creates an iconic moody effect, and it’s often applied to draw our eyes to certain areas of an image (especially darker areas) which may not have initially attracted our attention. It also serves the practical purpose of reducing the overall size of an image, which makes that image easier to process (in operations such as Optical Character Recognition, for example) and store efficiently.

The Grayscale API only requires the input image in its request parameters (common formats like JPEG, PNG are supported).

For more information on our Image Filter APIs, please feel free to make an inquiry with our sales team.

API Spotlight: Data Conversion APIs
12/12/2022 - Brian O'Neill

Converting between data formats is often a necessary (and frustrating) step in the process of obtaining new datasets. Thankfully, though, data conversion APIs can make that process easy.

The Cloudmersive Data Conversion API includes a variety of secure, powerful iterations designed to convert to and from common data formats like JSON, XML, CSV, XLSX and more. In this article, we’ll quickly take a closer look at a few of our most popular Data Conversion APIs.

Hand pointing at data sheet with pencil

Convert XML to JSON | Convert JSON to XML

Both XML and JSON are ubiquitous text data formats used widely among the global software development community. While the relative simplicity and readability of JSON has made it a more attractive format to a growing developer community, XML still presents a considerably flexible, powerful structure, and it remains the only viable messaging format for SOAP APIs. Making conversions between these two formats is extremely common, so having APIs in place to automate that process is a big help.

Our "Convert XML to JSON" API iteration will accept either an XML string or file as input and return a JSON Object in response. Two additional APIs – "Convert JSON Object to XML" and "Convert JSON String to XML" – will handle JSON Object and JSON String conversions to XML respectively.

Convert XLSX to JSON | Convert XLSX to XML

It’s safe to say XLSX – Excel’s unique zip-archived Open Office XML format, first introduced for Excel 2007 – is one of the most frequently used formats on earth. While it’s simple enough to point-and-click-export individual XLSX files to common data formats like XML and JSON, larger scale conversions require more powerful, programmatic solutions to get the job done.

Our "Convert XLSX to JSON" and "Convert XLSX to XML" APIs both accept a standard XLSX file input, returning a JSON Object Array & XML file string respectively.

Convert CSV to JSON | Convert CSV to XML

For storing flat, tabular data, CSV is one of the best options around; it’s only when data relationships become more complex and hierarchical - or when compatibility with specific APIs/applications comes into question - that more robust formats (like JSON and XML) are required.

Our "Convert CSV to JSON" and "Convert CSV to XML" APIs accept a CSV file as input, returning a JSON Object Array and an XML file respectively. Additionally, both offer an optional input request parameter – columnNamesFromFirstRow – which allows you to specify via Boolean whether the first row of your CSV file should be used for your columns.

For more information on our Data Conversion APIs, please contact a member of our sales team.

API Spotlight: Merge Your Office Documents with Ease
12/5/2022 - Brian O'Neill

Overhead View of Documents

Merging content of the same file type is, at minimum, a simple way to consolidate your documents into a single file and share them more conveniently via email (or any online exchange). From a more specific, practical standpoint, it’s an important step in piecing together larger memos, presentations, and reports for which business materials may have accumulated separately over time.

Available via the Cloudmersive Convert API endpoint, our Merge Document API iterations make it easy to programmatically combine either two or multiple (more than two) documents of a common file type into a single, comprehensive file. There are fourteen Merge Document API iterations in total; below, we’ll take a closer look at a few of the most frequently used services among those.

Merge PDF Files

Combining PDF files is a common need for office admins and content professionals everywhere. The reason for that is, in large part, because PDF is a standard destination format (easy for anyone to open & view on any platform) for documents originally created in less “friendly” applications, such as DOCX, Excel, and PowerPoint. Merging PDF files is a great way to assemble multidimensional content of almost any kind, including reports, presentations, image arrays, and more. Electing to use our “Merge Two PDFs” or “Merge Multiple PDFs” APIs will allow you to quickly combine between two and ten PDF files (respectively) at once.

Merge Excel Files

Merging Excel files together entails the creation of a single, new spreadsheet containing a proportionate number of separate worksheets within it. Combining spreadsheets in this manner is a highly efficient way to handle commonly occurring scenarios, such as when multiple related datasets are received and stored independently of each other over a period of time. The key value here is organization; it’s easy for high volumes of spreadsheets to clutter your file storage and create costly information gaps. You can merge up to ten Excel files at once using the “Merge Multiple Excel Files” API, or you can limit your operation to only two files using the “Merge Two Excel Files” API.

Merge HTML Files

Combining HTML documents is a slightly different operation than the prior two services highlighted in this post. In this case, order isn’t the only thing that matters; rather than generating a new file with multiple separate pages, this operation will stack the HTML code from each input document below the contents of the input preceding it. The result is a crucial conservation of whitespace, which is important to ensure your HTML file displays its contents correctly when opened in a web browser view. You can combine up to ten HTML documents using the “Merge Multiple HTML Files” API iteration, or you can use the “Merge Two HTML Files” API to consolidate only two.

API Spotlight: Cloudmersive Image Editing APIs
11/28/2022 - Brian O'Neill

Image Editing

In this post, we’re shining a spotlight on our Image Editing APIs, all of which are available via the Cloudmersive Image Recognition & Processing API endpoint. Whether you’re looking to make simple or substantial changes to your images, our Image Editing API iterations have you covered. There are fourteen Image Editing API iterations in total; in this post, we’ll highlight five commonly used iterations and briefly discuss their respective use-cases and parameters. Please note that each Image Editing API iteration accepts common file types like PNG and JPG.

Adaptively Adjust the Contrast in an Image

The gamma value of an image determines how easy or difficult it is to make out distinctive features within the image itself. If a photo is too dark to begin with, adjusting its gamma will help you see distinct shapes that may not have been discernable at first. This API iteration allows you to change the gamma value of any image by entering a specific (double) numerical value. Values between 0.0 and 1.0 will reduce the contrast in your image, while values above 1.0 will instead increase contrast. Given it’s much more common to increase gamma when using this operation, the default gamma value is set at 2.0.

Rotate an Image any Number of Degrees

An important feature of many basic image editing applications is the option to rotate images in positive (left rotation) or negative (right rotation) multiples of 90 degrees. This API iteration goes a step further, allowing you to achieve a much more specific degree of rotation by entering any (double) value between 0.0 and 360.0.

Add a Customizable Drop Shadow to an Image

Adding a drop shadow to an image is an easy way to give it a three-dimensional feel; it’s a method often used by marketing/content creation professionals to add depth to an image, making it more pleasant to look at. This API iteration offers you the ability to create and customize clean, engaging drop shadows for your images. When configuring this API’s parameters, you can specify the exact horizontal & vertical offset of the shadow, as well as its sigma (blur distance) and opacity (ranging from 0% to 100%).

Draw Text onto an Image

Whether you're creating polished marketing materials or generating viral internet memes, text and images are often inseparable. This API iteration affords you the ability to programmatically draw text onto an image by supplying plain text along with various details about your desired font, X/Y pixel coordinates (indicating exactly where the custom text should show up), and the height and width of your text box (in pixels).

Composite Two Images Together (Basic or Precise)

Compositing images is a common and useful way to generate a “surreal” image effect. This usually entails placing the subject of one image onto the background of another (imagine, for example, an image of a Giraffe grazing from a tree in Central Park) or fully blending two images with varying degrees of opacity. There are two iterations of Cloudmersive Image Compositing APIs available for you to use: one which performs a basic version of this operation, and another which performs a much more precise/advanced version of this operation. The basic version only requires you to specify a general composite location, such as “top-center” or “center-left,” while the precise iteration allows you to dictate the exact coordinates (in pixels) of the composite’s location. The precise iteration also allows you to control padding by including transparent pixels at the border(s) of your layered images as needed.

API Spotlight: Cloudmersive Image Conversion APIs
11/21/2022 - Brian O'Neill

Browsing Images

In this article, we’ll take a closer look at our suite of Image Conversion APIs, which will quickly convert images (from a wide variety of input image formats) into seven of the most common image formats used around the digital world. These Image Conversion API iterations are all available via our Image Recognition & Processing API endpoint, and they’re all equally easy to use either through custom-code integrations (with complementary, copy-and-paste code examples available on our API Console), or as connections through Microsoft Power Automate/Logic Apps, MuleSoft, Workato, and various other enterprise automation platforms.

JPG & PNG Conversions

Chief among our Image Conversion API iterations are two services representing the most ubiquitous image formats found online: PNG and JPG. Employing our “Convert Image to PNG” or “Convert Image to JPG” APIs will make it easy to transition dozens of image file types into either format with ease.

It’s important to note that JPG files – unlike PNG – are quite lossy, meaning they require a bit more attention to ensure your desired output image quality is achieved during your conversion. To that end, our “Convert to JPG” API offers a special parameter allowing you to specify the quality of your output JPG files. This parameter can be satisfied by supplying an integer between 1 (highest compression; lowest quality) and 100 (lowest compression; highest quality); the recommended value is 75.

GIF Conversions

Perhaps most known for displaying the basic, frame-by-frame animations adored by millions online, GIF format is also frequently used for a more refined, professional purpose: displaying company graphics and logos with excellent quality (relatively low compression). Whatever your use-case might be, our “Convert Image to GIF” API iteration makes this file transition straightforward with a single “input file” parameter.

Photoshop PSD Conversions

Adobe Photoshop is an extremely popular professional image editing platform, which means converting images to the platform’s native format, PSD, is a must-have service for many content creators. These files are notable for their immense pixel retention; they store an incredible amount of color and exhibit excellent quality relative to their size. The “Convert Image to PSD” API iteration will help you prepare images intended for Photoshop manipulation at scale; once your photo editing operations are complete, you can then convert the edited images back into another of our supported image formats just as easily.

BMP & TIFF Conversions

Original bitmap files like BMP and TIFF are decades old, yet they remain very popular among photographers due to their natural affinity for storing high-quality images. One of the chief advantages of using BMP is its ease of compatibility with Windows operating systems, whereas TIFF format offers considerably more flexibility (supporting lossy AND lossless images), dominating within the photo printing and publishing fields. Our “Convert Image to BMP” and “Convert Image to TIFF” APIs will make either format transition a seamless addition to your image processing operations.

WebP Conversions

While JPG and PNG format are exceedingly common image formats, they also have a quiet tendency to slow web pages down – at least, relative to WebP. This relatively lesser-known format (originating circa 2010) is the product of Google’s attempt to increase web page loading speeds with a new, lightweight file type. With WebP files, you can achieve an excellent degree of image quality at around 75% of the size of PNG and JPG formats. Most common browsers now support WebP natively, and Google Chrome will even encourage the conversion of files to WebP format. It’s a no-brainer conversion if you’re looking to speed up your web pages, and our “Convert Image to WebP” API makes it straightforward to accomplish that transition in a single step.

API Spotlight: Cloudmersive Barcode APIs
11/14/2022 - Brian O'Neill

API Spotlight: Cloudmersive Barcode APIs

Barcode Scan

Thousands of global businesses - especially those involved in the retail, healthcare, and transportation sectors - need the help of consistent, reliable barcode services to operate at peak efficiency. All told, that means having the capacity to lookup, scan, and generate barcodes on command - and thankfully, there are Cloudmersive APIs available for all those needs. With access to our Barcode API endpoint, you can quickly generate a variety of the most common barcode types (including QR, UPC & EAN) as PNG files and scan/recognize images of many diverse barcode types with ease. In addition to those options, you can search & return information specifically for EAN barcode values (using the numerical barcode value only).

Below, we’ll take a closer look at our barcode scanning and barcode generation services.

Barcode Generation

Our Barcode Generation APIs represent three of the most common barcode types used across the globe: QR, UPC, and EAN. While QR codes have gained widespread contemporary popularity largely in thanks to the proliferation of smartphones, the latter two options are older GS1 standards with decades of history in international commerce. UPC and EAN barcodes are very similar in practice, and the primary difference between them comes down to regional/geographical preference; UPC barcodes are used most commonly in the USA and Canada, while EAN barcodes are more widely seen throughout the rest of the world.

Generating QR barcodes with our QR API is as simple as inputting any text string of your choosing; the API will return a 2D PNG file containing a unique QR barcode which can be scanned by any handheld photographic device. QR codes offer a fantastic way to make a variety of content - such as websites, menus, or notes of any kind - available for anyone with a smartphone camera.

If it’s EAN or UPC barcodes you’re looking for, there’s a crucial distinction to be made within each category: does your product require EAN-13 or EAN-8; UPC-A or UPC-E? While EAN-13 and UPC-A barcodes are the “standard” barcode length for each category, the reality is that not all retail products are physically big enough to present these 13- & 12-digit barcode values (or the larger line patterns that represent them). For smaller products with less real estate to offer, EAN-8 and UPC-E offer a compact solution, containing only 8 and 6 digits respectively - and significantly compressed line patterns. All four of these common barcode types are readily available to you via their own individual Barcode API iterations, requiring nothing more than numerical barcode values to generate linear codes for your business at scale.

Barcode Scanning

If a huge number of businesses require the capacity to generate barcodes, exponentially more require the ability to scan them. Accepting inputs in common image formats (i.e., PNG, JPG, etc.), our Scan Barcode Image API will return clearly labeled strings identifying both the general barcode type and the specific barcode number represented within the input barcode image. A variety of barcode types are supported for this operation, including some of the most common (UPC, EAN, QR, etc.) and relatively less common (AZTEC, CODABAR, MSI, etc.) types out there.

As a final note - for any EAN product values obtained through this Barcode Scanning operation, you can employ our EAN Lookup API to instantly return detailed product data.

API Spotlight: Natural Language Processing Analytics
11/7/2022 - Brian O'Neill

Have you ever wondered if there’s a way to quantify how customers collectively feel about your products based on online reviews? Alternatively, perhaps you’ve wondered if there’s a way to systematically protect all your content from profane language and hate speech? With the help of NLP Analytics, you can accomplish all the above, uncovering important customer insights, more easily moderating your online content, and much more. In this article, we’ll take a closer look at three of our five NLP Analytics APIs and how they can make a big difference for your business.

silver laptop

Sentiment Analysis & Classification API

The purpose of Sentiment Analysis is to find out how a certain person – or group of people – feels about a given subject based on how they write about it. Are their feelings positive, negative, or neutral? With a Sentiment Analysis API in your toolbelt, you can gain a better understanding of how your customers feel about your products and make better informed marketing decisions as a result. Its use isn’t limited to only customer centric businesses, however – there are relevant applications of this technology in just about any professional sector you can think of.

To quantify written feelings, this advanced API rigorously analyzes language in a body of text and provides a Sentiment Classification Score value between -1.0 and 1.0. Scores closer to -1.0 indicate a negative view on a given subject, while values closer to 1.0 indicate a positive view; scores closest to zero instead suggest a more neutral sentiment. This API additionally returns a Sentiment Classification Result string based on the score provided; the possible responses are positive, negative, or neutral.

Profanity & Obscenity Detection API

Bad language is a bad representation of your brand – even if it comes from voices outside your organization. When customers come away feeling disappointed, aggrieved, or even elated from an experience with any of your products, they can occasionally express themselves with inappropriate language, which – especially in the case of online reviews – can create an unsavory environment for new patrons. This API performs a practical content moderation service by employing advanced analysis to detect profane/obscene language from text; it returns a Profanity Score Result between 0.0 – 1.0, with values closer to 0.0 suggesting very little profanity, and values closer to 1.0 indicating a high degree of profanity.

Hate Speech Detection API

It goes without saying that content containing Hate Speech should have no place anywhere on any company’s platform. Considering the overwhelming importance of flagging and removing Hate Speech content – paired with the difficulty human content moderation teams face in scouring insurmountable written materials online – Hate Speech Detection can make a huge difference, reducing the burden of manual review through automatic detection of discriminatory language in various forms. Much like the previously described Profanity Detection API, this API provides a Hate Speech Score Result between 0.0 and 1.0, with values on the lower end of the spectrum indicating very little (or no) hate speech was detected, and scores on the higher end of the spectrum suggesting Hate Speech was, in fact, present. Values above 0.8 indicate a particularly high likelihood that Hate Speech was rampant in a body of text, making it easy for content moderation groups to efficiently triage their response.

API Spotlight: Virus Scanning APIs
8/5/2022 - Brian O'Neill


vertical view of typing

When it comes to protecting your data in-storage against viruses, malware, and other dangerous files, Cloudmersive Storage Protect offers comprehensive & customizable solutions to fit your business’ needs. But what does the heavy lifting behind the scenes? Your answer: the Cloudmersive Virus Scanning APIs. In this article, we’re going to shift our gaze away from the Storage Protect product and train it on those underlying Virus Scanning APIs instead. They can be used independently to scan individual files and websites for malicious content, each benefitting from constant cloud-based updates to stay ahead of the curve. With fast (sub-second) response times, you can ensure you’re instantly capable of uncovering threats hidden within a suspicious file or link.


The first iteration of the Virus Scanning API offers a simple and effective method for scanning individual files for viruses. To that end, this API leverages more than 17 million virus and malware signatures – and that list grows constantly with continuous cloud-based updates to bolster its policies against evolving threats. Files containing viruses, malware, trojans, ransomware & spyware (among others) can be identified immediately and quarantined or deleted in subsequent operations (for example, you may use our Zip, Encrypt & Quarantine API to automatically create an encrypted zip file composed of the infected file or files). The API response will first show a Boolean indicating if there was a clean result, and if False, it will display the name of the infected file along with the name/type of virus identified within it.


Building on the basic file scanning iteration, the Advanced Scan version simply expands security coverage to identify a wider variety of threats. That means you’re still covered when it comes to viruses, malware & the like, and you’re now well-positioned to deal with invalid files, executable files, scripts, and much more. This iteration allows you to customize (via Booleans) whether various threats such as Insecure Deserialization strings, Macros, XML External Entities, and Password Protected Files should be blocked outright (the default & recommended option is to block all the above). The API response will include Booleans indicating which content threats were present. In addition, it will provide strings indicating the file name of any files containing viruses & the type of virus which was detected. This API iteration will also provide basic content information about whether scanned files contained JSON or XML, and if any of the included file contained an image within them.


Website URLs represent a slightly different threat potential than objects/files and serialized strings. The website threat detection iteration of the Virus Scanning API can uncover common threats hidden within a website URL, such as phishing attempts, which seek to mimic landing pages and login pages of legitimate websites to fool unsuspecting people. This iteration will also identify any viruses found in files within the input website. If a threat is identified, the API response will first identify which type of threat was represented, before divulging the name of any infected files & the viruses those files contained. Social engineering scams like phishing are designed to exploit our implicit trust of URLs that look and feel the way they should, and most often were sent from sources we typically trust – so it’s important to implement comprehensive, “no-stone-unturned” policies against them.

API Spotlight: Image Optical Character Recognition APIs
7/26/2022 -

filling out document

Image OCR Overview

This week, we’re putting a spotlight on our Image Optical Character Recognition (Image OCR) APIs. These APIs make it possible to extract text directly out of scanned images and photographs of documents, and several are designed with specific use-cases like Receipt expensing, Business Card information extraction, and Business Form processing. All are equipped to recognize dozens of common international languages, with English set as the default unless specified otherwise. In addition, all employ an advanced ‘recognition mode’ option by default which increases the fault tolerance for skewed document images, consuming around 28-30 API calls to ensure the highest possible end-product. Let’s take a closer look at how our Image OCR APIs can impact your business.

Converting Scanned Documents into Text

There are three iterations of our OCR API designed specifically to recognize images of documents which have been scanned rather than photographed (i.e., with a phone or other handheld device). These iterations include:

  • Convert Scanned Images to Text
    • This iteration executes a vanilla OCR operation on scanned images, returning a text result with a “MeanConfidenceLevel” score indicating the degree to which the API believes the operation was successful.
  • Convert Scanned Images to Words/Text with Location
    • This iteration returns scanned image text with metadata about the words within the image. This includes a “WordText” string, line & word numbers, x/y coordinate locations, width, height, and more.
  • Convert Scanned Images to Lines/Text with Location
    • This iteration returns scanned image text with metadata about specific lines within the document. This includes information about each word within the specified line, including a “WordText” string and other metadata also returned by the Words/Text API iteration.

Converting Photographs of Documents into Text

These iterations of the Image OCR API are intended only for use on images captured by a smartphone or other handheld convenience-based devices. They automatically attempt to compensate for problems commonly found in handheld photos of documents, such as crooked backgrounds and uncertain lighting. These iterations include:

  • Convert a Photo of a Document into Text
    • This iteration will return text from the input photo along with a “MeanConfidenceLevel” score indicating the degree to which the API feels it was successful.
  • Convert a Photo of a Document OR Receipt into Words with Location
    • This iteration returns photos of generic documents or receipts with the location of each text element. It can be used effectively on receipts, though not with the same degree of accuracy as the Receipt OCR API. A diagnostics mode can be enabled for this API by entering a ‘true’ Boolean in the relevant parameter; this is set to ‘False’ by default to streamline performance.

Converting Receipts, Business Cards, Generic Forms & Stored Template Forms into Structured Text

These last iterations of the Image OCR API are excellent at digitizing text from photographs (NOT scanned images) of documents with specific structures. Such documents include Receipts (most often used for expensing employee transactions), Business Cards (most often containing useful information for generating sales leads), and Business Forms (may include basic new-employee handouts invoices, and more). These iterations include:

  • Recognize a Photo of a Receipt; Extract Key Business Information
    • Along with the receipt total & subtotal, this iteration will extract key information from a receipt including the name, website, physical address & phone number of the business in question, as well as a complete list of items on the receipt and their respective prices.
  • Recognize a Photo of a Business Card; Extract Key Business Information
    • This iteration will extract key information from an input photo of a business card, including the name & title of the person on the card, the name of their business & their business address, and any phone number and email that is available on the card.
  • Recognize a Photo of a Form; Extract Key Fields & Business Information
    • This iteration allows you to pull specific data from a photo of a Business Form by customizing the fields of data to be extracted. There are a wide variety of options available with this iteration; to view the entire response model, refer to this iteration’s documentation dropdown on the Cloudmersive API Console.
  • Recognize a Photo of a Form, Extract Key Fields using Stored Templates
    • This iteration allows you to extract information from a form using stored templates. These templates can be configured in a configuration bucket by logging into the Cloudmersive Management Portal and navigating settings > API Configuration > Create Bucket. The bucket ID and Secret Key are required to execute OCR based on the stored template.

API Spotlight: Speech Recognition (Speech-To-Text Conversion)
7/22/2022 - Brian O'Neill

Mic in front of camera

Speech Recognition Overview

Speech recognition technologies have quietly proliferated throughout the consumer hardware & software technology landscape over the last decade. In a consumer context, it’s easy to think of speech recognition as little more than a useful gimmick, resigned to helping us find out the day’s weather or record our shopping lists on the fly. This consumer application of speech recognition is only the tip of the iceberg, however. Speech recognition has exciting commercial applications, offering enterprises the ability to transcribe audio more efficiently into plain text and derive meaningful insights from it.

The Cloudmersive Speech Recognition API leverages deep-learning artificial intelligence to transcribe audio files into plain text, and it supports either MP3 or WAV file input. With the Cloudmersive Speech Recognition API, speech-to-text can begin to play a supplementary role in your business’ content moderation efforts. Further, it can transform the way your business extracts value from lectures, interviews, and other industry events where spoken language dominates the playing field, and it can even increase the access that physically impaired website visitors or employees have to your online resources.

Speech Recognition for Content Moderation

Nearly all forms of externally sourced media pose some risk to your system, whether from a security or NSFW (not safe for work) point of view. Image and video files, for example, are not just at risk of containing viruses and malware – they can contain pornography or racy material as well, which can leave your business in a sticky legal situation. Valid audio files can similarly hide NSFW policy breaches, and that content can go undetected if an effective audio content moderation solution is not introduced. Speech recognition technology plays a pivotal role in moderating audio content, providing the means to transcribe audio into plain text for subsequent NSFW text analysis. By incorporating a combination of Cloudmersive Speech Recognition and NLP (Natural Language Processing) APIs, your business can rapidly uncover profanity, hate speech and other forms of inappropriate language or harassment hiding within the waves of an audio file.

Speech Recognition for Speech-To-Text Analysis

Content moderation isn’t the only reason to convert speech to text. Audio files can arrive in your database as raw recordings of lectures, speeches, interviews, or other impromptu oratory from relevant industry events. Speech-to-text deeply enhances the value of such audio, first by cutting out the need to take attention-diverting notes at the event itself (or waste precious time manually transcribing audio recordings later). The automatically transcribed text from such audio files not only creates a better form of storage redundancy & search optimization for its recorded contents, but it also opens a door to analyze the extracted text more efficiently and derive deeper insights from it. For example, text can be processed through your Cloudmersive Sentiment Analysis API to classify if the speaker had a positive, negative, or neutral feeling towards a given subject. In the same way, it can undergo Subjectivity Analysis to help identify the degree to which the speaker might’ve been subjective or objective regarding their topic. If two lecturers spoke on the same subject, Semantic Similarity Analysis can be applied to determine the degree to which they might’ve meant the same or different things based on the phrasing they employed. Deploying our Speech APIs in conjunction with your Cloudmersive NLP APIs can transform the value of your recorded audio and establish the value of its content.

Speech Recognition for Physically Impaired Users

In the context of both consumer and commercial technology, Speech Recognition can be leveraged to assist people who are managing short or long-term physical impairments. By providing a means of transforming dictated audio into text, your business can empower those who are physically unable to type effectively on a keyboard and expand their access to important resources. This application of Speech Recognition can help transform the way your business interacts with its users and employees alike.

Announcing Storage Protect for Azure Blob
6/14/2022 - Brian O'Neill


Tech office

We’re excited to announce the newest release of our Storage Protect Cloud Security solution for Azure Blob. This product now has 4 unique iterations for protecting Azure Blob, Google Cloud Storage, AWS S3 and SharePoint Online Site Drive instances.

Threats to your data storage can include a wide variety of viruses and malware, scripts, executables (and much more), and they can even include breaches of NSFW policy in image files. Storage Protect provides dynamic layers of protection against a huge number of potential threats to your data storage, and it leverages two powerful Cloudmersive APIs to get the job done.


Every cloud storage product, including Azure Blob, contains built-in security policies designed to protect your data in basic ways. These policies aren’t enough to stay on top of the ever-evolving threat landscape, however; that’s why our Virus Scanning API uses a growing list of 17 million+ virus and malware signatures to always keep your threat profile ahead of the curve.

Security policy customization is key to ensure our product fits your organization's needs. To that end, Storage Protect allows you to configure one of two iterations of the Cloudmersive Virus Scanning API to dictate your own policies. These iterations are displayed as Basic and Advanced options when configuring your product. With the Basic API capabilities, you’ll enable multi-threat scanning across viruses, malware, trojans, ransomware, and spyware, with a wide variety of file formats supported. The Advanced option builds on the Basic option to block additional threats beyond the scope of viruses and malware, such as scripts, executables, invalid files, and more.

Each Virus Scanning API iteration boasts a sub-second response time, so you’ll get the results of your scan almost instantaneously. To help you manage scenarios where threats are identified, Storage Protect provides simple, customizable outcome actions allowing you to delete or quarantine the infected files outright. Clean files can be just as easily tagged as “Clean”, so you’ll always end up with an easy-to-navigate scan result no matter what.


Protecting your data isn’t always about scanning for viruses and malware. Image files stored in your database can quietly contain breaches of NSFW (Not Safe for Work) policies, such as pornographic or racy material, and unsolicited viewership of such images can sometimes result in sexual harassment litigation.

Storage Protect now offers AI Content Moderation services specifically geared towards identifying racy or pornographic material within images by automatically reviewing each file's respective pixels. This task is performed by the underlying NSFW Classification API, which provides a score between 0.0 – 1.0 for each image file based on the degree to which the contents of the file consist of racy or pornographic content. Files with zero racy content typically get scores between 0.0 – 0.2 and receive an accompanying Classification Result string which appropriately describes the score range as “Low Probability.” Scores between 0.2 – 0.8 have an increasing likelihood to contain some degree of racy content and receive a “Medium Probability” string. Any scores above 0.8 are considered “High Probability” to contain illicit content; scores closest to 1.0 are the most likely to contain outright pornography.

This AI Content Moderation feature can be enabled by electing the Advanced Scan option in Storage Protect. Using the dynamic scoring system provided through the NSFW Classification API, you can easily tailor NSFW content scans to identify images based on your company’s specific NSFW policies. With this feature configured, your business can save a lot of time, energy and resources that might’ve otherwise spent manually reviewing image uploads to achieve the same classification result.


When we add new features to Storage Protect, you’ll be the first to know about it. We’ll keep you posted as our flagship security product continues to evolve in new and exciting directions.

Announcing Storage Protect for Google Cloud
5/24/2022 - Brian O'Neill


Data is the most precious commodity for any online business. However, that data can sometimes work against us, containing hidden threats and breaches of policy. What if a few new files in your Google Cloud storage instance are hiding ‘dormant’ viruses or malware? What if a website user uploaded a product review photo that contains sexually explicit content, violating your company’s NSFW (not safe for work) policy? These deceptive, threat-bearing files create big problems when they’re mistakenly trusted and opened. It’s easy to assume that internally stored files are always safe by right of existing inside a professional database, and not outside of it. For that reason, it’s best to check your data for hidden threats in storage.

Thankfully, with Cloudmersive Storage Protect for Google Cloud, you can easily scan new files as they enter Google Cloud storage to find out if any viruses or malware lay hidden within them. Further, you can configure an AI Content Moderation feature which scans image files and determines if they contain NSFW (Not Safe for Work) image content of a racy or pornographic nature.


Equipped with over 17 million virus and malware signatures and bolstered with regular cloud-based updates, the underlying Cloudmersive Virus Scanning API in Storage Protect checks underneath the ‘hood’ of each new file in Google Cloud storage and finds out if any such file contains a threat.

This flagship content security feature can be configured to perform either Basic or Advanced scans, with the former covering primarily virus and malware detection, and the latter expanding upon that coverage to include 360-degree content protection across executables, invalid files, scripts, and restrictions on accepted file types.
After each scan, problematic files can be assigned special outcome actions, including the option to quarantine or delete those files outright. Clean files can be easily filtered and tagged as well, ensuring you have full control on either end of the spectrum.


The Cloudmersive NSFW Image Classification API is deployed alongside the Cloudmersive Virus Scanning API in Storage Protect, leveraging Machine Learning to ensure image files in storage are safe and appropriate for everyone to view (based on each customer’s unique NSFW policy). This NSFW Classification feature can be configured by enabling the Advanced Scan feature of Storage Protect.

With NSFW scanning option configured, new image files entering cloud storage will be analyzed and categorized based on the degree of racy or pornographic content contained within them. To quantify such content, a “Profanity Score Result” is automatically provided for each scanned image, with values ranging from 0.0 to 1.0. Scores on the bottom end of that range indicate a lower likelihood that the image contains racy or pornographic content, while higher numbers indicate that such content is likely to exist in the image. Accompanying the Profanity Score Result value, a natural language description is provided indicating whether the image has a Low (0.0 – 0.2), Medium (0.2 – 0.8) or High (0.8 – 1.0) probability to contain NSFW content.

Storage Protect is also currently available for AWS S3, Azure Blob & SharePoint Online Site Drive storage instances.

New AI Content Moderation Feature Added to Storage Protect
5/6/2022 - Brian O'Neill

AI Content Moderation for Storage Protect

We are excited to announce the addition of a brand-new AI Content Moderation feature to Storage Protect. This new feature uses Machine Learning to automatically review and classify image files uploaded to cloud storage based on the degree to which they may be NSFW (Not Safe for Work).

The type of Not Safe for Work (NSFW) content being screened for by this new addition is strictly that of a racy or pornographic nature.

Storage Protect Overview

Storage Protect is Cloudmersive’s leading edge in-storage cloud security product, designed to accompany Amazon Web Services (AWS) S3, Azure Blob, Google Cloud (GCP) and SharePoint Online Site Drive storage.

Storage Protect: Virus Scanning Service

Under the hood, the baseline Storage Protect product calls upon the Cloudmersive Virus Scanning API to scan new files as they enter a customer’s cloud storage instance. The Virus Scanning API is equipped with over 17 million virus and malware signatures and boasts a sub-second typical response time due to high-speed, in-memory scanning.

Customers can configure Storage Protect to perform either Basic or Advanced scans. The former checks files for viruses, malware, trojans, ransomware & spyware, and the latter expands that list to include executables, invalid files, scripts, and more. Files are classified as “clean” or “infected’ post-scan and any identified threats can then be quarantined, deleted, or otherwise dealt with based on outcome actions predetermined by the customer.

Storage Protect: AI Content Moderation Service

Storage Protect now includes the services of the Cloudmersive NSFW Image Classification API. This additional API uses Machine Learning to scour the pixels within each newly uploaded image file and classify the degree to which that content is racy or pornographic (or neither).

This operation returns both a classification score (scaled between 0 and 1, with lower values indicating very little racy content was detected) and a probabilistic description of the degree of raciness in the image based on that score (0 – 0.2 is low probability; 0.2 – 0.8 is medium probability; 0.8 – 1.0 is high probability) for each file.

For any additional information, review our whitepaper on AI Content Moderation for Storage Protect, or contact your Cloudmersive representative more details.

JSON Insecure Deserialization API Spotlight
5/4/2022 - Brian O'Neill

Content Security APIs

What is JSON Insecure Deserialization?

Better known as a “JID Attack” in short form, JSON Insecure Deserialization is a form of cyber-attack in which data, controlled by a malicious user, is deserialized by a website.

Serialization refers to the course of turning complex data structures into a format that can be exchanged as a stream of sequential bytes, and Deserialization refers to the process of turning that byte stream back into a replicated version of the original object (same state as when the original data was serialized) so that the website can interact with it.

When this serialization process is manipulated successfully by an attacker, a major vulnerability has been exposed. The attacker can now sneak harmful data into your application’s code, causing all kinds of problems.

JSON Insecure Deserialization Detection API

If there’s a JSON Insecure Deserialization attempt hiding in suspicious text input, the JID Detection API will know all about it.

When that text input is provided, the JID Detection API responds in seconds by determining first if the operation was successful (providing a true or false value). If true, the following response will indicate whether the text input contained a JID attack (again providing a true or false value).

Cloudmersive Content Threat Detection

It doesn’t stop with just JSON Insecure Deserialization attacks – there are several other forms of text threats that can cause immense harm to your applications. Cloudmersive has you covered with APIs detecting SQL Injection Attacks, Cross-Site Scripting Attacks and XML External Entity Attacks.

API Spotlight: Simple Barcode Generation for your Business
8/19/2021 - Laura Bouchard

API Spotlight - Barcode APIs

Barcodes are used by businesses all over the world to aid in tracking, purchasing, inventory, and more. By leveraging these codes, organizations can keep accurate records of their products, supplies and inventory that are essential to operations. This week we will be shining our API spotlight on a few of our Barcode APIs that can assist in improving the overall experience from both a user and business standpoint.

UPC-A Barcode API 

The first function we will discuss is the full email address validation API. Email is one of the most universal communication tools across the world, which also means it is one of the most popular targets for attacks. This API allows you to check for syntactic correctness, identify the mail server, and contact the server to validate the existence of the account without sending any emails.

EAN-13 Barcode API 

Next up is our full URL validation API; similar to the previous function, this validation API will perform a full, in-depth validation of its target input, which in this case is a URL address. By checking if the input URL is syntactically valid, whether it exists, and whether the endpoints pass virus scan checks, you can ensure each URL you interact with is free from threats.

QR Barcode API

Our last featured API is the IP Intelligence API. This is a multi-use function that will not only scan a single IP address against a database of known threat IPs, bots, and Tor exit nodes, but will also provide the physical location of the address.

We will be sharing API spotlights and new features over the coming weeks, so be sure to check back in with us soon.

New Convert API to Transform your DOCX Tables
8/12/2021 - Laura Bouchard

Convert Fill DOCX Table API

One of our company’s most important goals is to create new and innovative solutions to make your job easier. We know how difficult it can be to edit an online document, so we have several APIs available in our library that can assist you with the undertaking. Today, we are pleased to share that we have added a new Convert API to our offerings that can be used to transform your Word DOCX files by instantly filling in tables with data.

Obtain an Editing URL

Before you can use this new API, you will need to open up the process and obtain an editing URL by using the Begin Editing API function, which can be found in the Convert API library. To ensure the security of your information, the URL is stored in-memory cache and expires after 30 minutes.

Filling the Table with Data

Once you have the editing URL, you are ready to call the Table Fill In function. This easy process will allow you to replace placeholder rows in a table in a DOCX file using one or more templates. For the input request, you will need the following information: File URL, File Data, Table Start Tag, Table End Tag, Data to Fill in, Cells, Target Tag (string), and Replacement Value (string).

Downloading the Result

Once you have completed the editing of your Word document, you can use the Finish Editing API function to close out processing and download the updated result.

Each of these APIs, including the new, featured API, are available for testing and use in a variety of programming languages in our API Console.

Now Introducing: The Security Threat Detection API
7/29/2021 - Laura Bouchard

Security Threat Detection

The threats that we encounter in cyber space are constantly growing and changing; it seems that as soon as we protect ourselves from one type of attack, another new or customized attack emerges. Here at Cloudmersive, we are dedicated to providing you with high-quality and up-to-date security coverage to keep you ahead of the curve in the current, dynamic environment. As part of this commitment, we are excited to announce the launch of our new Security Threat Detection API and Insecure Deserialization JSON API. Both APIs are detailed below and are available in the newly added Security API section of our API Console, which features several of our currently existing security APIs as well.

Security Threat Detection API

This new API takes several types of threat detection and combines them into one, convenient package. Using Cloudmersive Intelligent Threat Detection, you can automatically scan any input string for a wide range of threats including Cross-Site Scripting (XSS), SQL Injection (SQLI), XML External Entities (XXE), Server-Side Request Forgeries (SSRF), and JSON Insecure Deserialization (JID).

JSON Insecure Deserialization (JID) API

JSON Insecure deserialization is yet another type of cyber attack that is becoming prominent across the web. The threat involves the passing of manipulated objects through a web application that eventually results in control of the application. If the attack is successful, it can lead to denial of service, malicious code execution, and more. To protect against this vulnerability, the JID API will instantly detect these type of attacks from text input.

For more information on these and our other security APIs, check out our Security Threat Detection API page.

XXE Threat Detection Now Available in Advanced Virus Scan API
7/15/2021 - Laura Bouchard

XML External Entity Threat Detection API

We are excited to announce that we have added an XXE threat detection feature to our Advanced Virus Scan API! XML External Entity (XXE) threats are targeted attacks that exploit vulnerabilities within Document Type Definitions (DTD) in XML parsers to replace entities and cause a denial of service; they can also utilize Server-Side Request Forgery (SSRF) to gain access to sensitive data. Since these threats fall outside the protection of your basic anti-virus software, the job of protecting a web application from these attacks will often fall to the developer – this is where our new capability steps in.

Advanced Virus Scanning API

Our Advanced Virus Scan API provides 360-degree content security with customizable parameters to meet your needs. The AllowXMLExternalEntities feature joins several other options such as AllowMacros, AllowExecutables, and AllowInvalidFiles to assist in fully protecting you and your customers.

How It Works

This capability is very easy to set up; simply set the parameter to false to block XML External Entities, other threats embedded in XML files, and other files that contain embedded content threats. If you wish to allow these file types, you can set the parameter to true, but the default setting is false (recommended).

Additional Features Added to Cloud Storage Protect
7/8/2021 - Laura Bouchard

Cloud Storage Virus Scanning

Just a few months ago, we released our Cloud Storage Protect service and shared how you can integrate it into your AWS S3 and Azure Blob cloud storage. In case you missed it, this code-free service allows you to protect your content from viruses, malware, and other threats by automatically scanning uploaded files and objects according to security policies that you set up within your cloud storage containers. Now, we are excited to share that new features have been added which will enable you to take your virus scanning capabilities to the next level; details on the features are provided below.

Advanced Scanning Options

Cloud Storage Protect now offers the same security policies that are available in our Advanced Virus Scan API; this includes the option to allow/block executables, scripts, macros, invalid files, password-protected files, and more.

Block Download

Our next enhancement provides the option to block a download and/or move a file while scanning, enhancing the overall convenience and functionality of the service.

Learn More

If you want to learn more about Cloud Storage Protect and see it in action, we have video tutorials for setting up and using the service in both AWS S3 and Azure Blob.

How to Scan AWS S3 File Uploads for Viruses

How to Scan an Azure Blob Files for Viruses

Check out our New Document Conversion APIs
7/1/2021 - Laura Bouchard

Cloud Document Conversion API

Here at Cloudmersive, we know how important it is to establish a professional and engaging platform. This means that we are always looking for more possibilities to automate and streamline processes and improve the overall experience for developers and users. To assist with this goal, we would like to introduce seven new document conversion APIs that will optimize the processing of HTML documents.

Append an HTML Tag to the HEAD Section

This function will allow you to add an HTML tag to the HEAD section of an HTML document.

Get the Language Code

With this, you can quickly retrieve the language code of an HTML document, such as ‘en’ (English) and ‘de’ (German).

Set the Language Code

Parallel to the above function, this function will allow you to set the language code of an HTML document; hundreds of country codes supported.

Get the Rel Canonical URL

This function provides a quick way to retrieve the rel canonical URL, or preferred URL, from an HTML document.

Set the Rel Canonical URL

In order to avoid duplicate content issues that can arise when the same content can be accessed from multiple URLs, this API allows you to set a rel canonical URL for an HTML document.

Get the Sitemap URL

This function will retrieve the sitemap URL from an HTML document which will provide you with information on each URL, such as when it was last updated and how relevant it is in relation to other site URLs.

Set the Sitemap URL

Our last function allows you to set the sitemap URL of an HTML document; this will assist search engines in locating all related URLs.

All of these APIs are available for use in our wide selection of programming languages and can be found in the Cloudmersive API Console.

New API Offerings Added to Cloudmersive Mendix Connector
6/24/2021 - Laura Bouchard

In January, we shared details on our partnership with Mendix, a low-code platform that rapidly creates applications to serve business needs. Our offerings in the Cloudmersive Mendix Connector started out with some of our most popular APIs (virus scan, image recognition/processing, document conversion), and now we are pleased to announce that we have added a few new offerings to the portfolio! These new features are detailed below and can be accessed via the Virus Scan section of the connector.

Zip/Unzip Files

Zip and Unzip options have been added that will allow you to create a Zip file from uploaded documents or unzip an unencrypted Zip file with just the click of a button.

Encrypt/Decrypt ZIP Files

Within the Zip option, there is an ‘Encrypted Zip’ box you can check, which will prompt a password box to appear. Once your Zip file is created, you will be required to enter the password for access. On the flip side, we have also added a ‘Unzip Encrypted Zip’ option to the dashboard, which will allow you to automatically decrypt an encrypted Zip file.

URL Screenshot

Our last addition is a URL Screenshot feature that allows you to screenshot a URL prior to clicking on it; this will provide an additional layer of security against potentially harmful links.

See for Yourself:

If you would like a demonstration of these features, check out the short video we just released on our YouTube channel that will walk you through each of them:

How to Zip and Encrypt a File or Screenshot a URL in Mendix

Virus Scanning Reverse Proxy Server Now Available for Debian 10 Linux
6/17/2021 - Laura Bouchard

We are excited to announce that our Virus Scanning Reverse Proxy Server is now available for Debian 10 Linux! This installation option is in addition to the Windows 2016 server and will improve the accessibility of the Reverse Proxy Server for more users. In case you need a reminder, our Reverse Proxy service is a no-code solution that can be integrated into your web application to automatically scan files for viruses before they reach your server. Now, we will take a quick look at what you need for the Debian 10 Linux installation.

Installation Pre-requisites

Debian 10 with a graphical user interface (GUI) enabled is required, and you should be sure to run the latest software updates prior to initiating the installation.

Hardware Provisioning

You will need to provision the hardware or virtual machines and the associated infrastructure. For single-node operation, a single server is required; for high-availability, a minimum of two nodes is required.

Performing the Installation

To perform the installation, simply navigate to the Cloudmersive Management portal, log in, and click on Private Cloud Deployment. To install a node in the cluster, you will select the corresponding node, then click on Debian 10 Linux and follow the instructions for your environment.

Outbound Network Connectivity

Some outbound network connectivity from your Linux Server to Cloudmersive services is required; refer to the instructions to whitelist or allow the outbound network connectivity where appropriate.

New Export Feature Added to API Analytics
6/10/2021 - Laura Bouchard

Our API Analytics function, which allows you to monitor API usage for each of your API keys via audit log, just got even better with the addition of an export feature. This new feature will export your usage data to an Excel document, which can provide organized and valuable insight on which APIs you or your business are utilizing the most.

Step 1 – Access API Analytics

To access API Analytics, simply head to your Cloudmersive Management Portal and select the API Analytics function.

Step 2 – View & Export Logs

Once you reach the API Analytics page, you will encounter a few drop-down menus. Here, you will select the API key, API type (i.e. Document and Conversion API, OCR API, etc.), and the maximum number of results you wish to view. Now, before you click the ‘View Logs’ button, you can check the ‘Enable Export’ box to generate an Excel report of the results.

Step 3 – Download Results

At the top of the Data section, there will be a Download Excel link with an arrow next to it; to download your results, simply click on the link and open the newly generated Excel file.

That’s it for this week, but be sure to check back in with us soon as we share more featured APIs and new services in the coming weeks.

API Spotlight: Validation APIs to Protect Your Data
6/3/2021 - Laura Bouchard

Last week we highlighted a couple of our conversion APIs, so this week we will be switching things around and shining the spotlight on a few of our validation APIs. The following APIs can be used alone or in tandem to protect your personal or business data from various cyber threats.

Full Email Address Validation API

The first function we will discuss is the full email address validation API. Email is one of the most universal communication tools across the world, which also means it is one of the most popular targets for attacks. This API allows you to check for syntactic correctness, identify the mail server, and contact the server to validate the existence of the account without sending any emails.

Full URL Validation API

Next up is our full URL validation API; similar to the previous function, this validation API will perform a full, in-depth validation of its target input, which in this case is a URL address. By checking if the input URL is syntactically valid, whether it exists, and whether the endpoints pass virus scan checks, you can ensure each URL you interact with is free from threats.

IP Intelligence Validation API

Our last featured API is the IP Intelligence API. This is a multi-use function that will not only scan a single IP address against a database of known threat IPs, bots, and Tor exit nodes, but will also provide the physical location of the address.

We will be sharing more API spotlights and new features over the coming weeks, so be sure to check back in with us soon.

API Spotlight: Edit PDFs to Fit Your Needs
5/27/2021 - Laura Bouchard

When you think of conversion APIs, you generally think of converting a document from one format to another, such as CSV to XLSX or DOCX to PDF. However, in today’s blog post, I’d like to shine the spotlight on a couple of our popular PDF conversion APIs that allow you to edit a PDF document to (literally) fit your needs.

Reduce PDF File Size API

Our first featured API reduces PDF file size by digitally compressing and optimizing its contents. This can be particularly helpful when sharing large documents such as contracts or manuals via email.

Resize PDF API

While the previous API focuses on changing the file size of a PDF, this API focuses on altering the actual paper size. This function will allow you to instantly adjust the paper size of a PDF document to meet the requirements of any project. The paper sizes run from A7 (the smallest) to A0 (the largest); for reference, the standard letter size is A4.

As a reminder, these conversion APIs can be used in over a dozen programming languages, as well as no-code/low-code connectors such as Power Automate and Logic Apps. To test them out, simply head over to the Convert API section of our API Console.

Feel the Flow with our Power Automate Connector How-to Videos
5/12/2021 - Laura Bouchard

Since launching our YouTube channel in October, we have created 25+ instructional videos on how to utilize our API connectors in Power Automate. The goal of the videos is to provide comprehensive, real-time walkthroughs for the wide range of functions available through the connectors.

If you are unfamiliar with our API connectors, we have a great lineup available in Power Automate and Logic Apps that reflect similar categories to our APIs, e.g. Document Conversion, Data Validation, Virus Scan, Natural Language Processing, etc. I’ve provided a varied selection of video examples below that you can incorporate into your workflows to improve productivity and efficiency.

Check them out here:

How to Convert an Excel File to JSON in Power Automate and Logic Apps

How to Get PDF Metadata in Power Automate and Logic Apps

How to Virus Scan and Quarantine a File in Power Automate and Logic Apps

How to Generate a QR Code in Power Automate and Logic Apps

How to Convert Word Documents to PDF in Power Automate and Logic Apps

Customizable Protection: Cloudmersive Reverse Proxy Server Policies
5/4/2021 - Laura Bouchard

In December, we introduced you to our Virus Scanning Reverse Proxy service; as a reminder, this no-code solution automatically protects web applications from threats before they get a chance to reach your server. In today’s blog post, I am going to dive a bit deeper into the solution by providing a brief overview of the security policies that you can set up according to your company’s needs.

Virus Scan File Uploads (mulitpart/form-data) – Regular or Advanced Scan

Our most popular security policy, application of this setting will automatically scan any file uploads to your site via multipart/form-data and block the request from passing to the target server if the request is contaminated. Target threat types include viruses and malware, with the option to allow/block executables, scripts, macros, invalid files, password-protected files, and specific file types as well.

Virus Scan JSON Binary Data – Regular or Advanced Scan

Application of this policy will allow you to automatically scan base-64 encoded binary file data in JSON requests. Additional options include setting a URL Match Regular Expression, setting a URL for a virus found notification page or error page, and configuring specific JSON fields to virus scan by specifying a JSON path.

SQL Injection Protection

The SQLI protection policy will guard your web application from SQL Injection attacks by automatically scanning text inputs.

XXE Protection

Similar to the SQLI protection policy, the XXE protection policy will automatically scan text inputs for XML External Entity attacks.

XSS Protection for Request Parameters

This policy enables you to block Cross-Site Scripting (XSS) attack requests.

IP Blocklist and IP Allowlist

The IP Blocklist policy will allow you to block access from any IP addresses specified on the blocklist, and the IP Allowlist policy will allow you to block access from any IP addresses NOT specified on the allowlist. The latter policy is primarily used for internal services/APIs.

Rate Limit

Configure a Rate Limit policy to automatically block client IP addresses that exceed the defined rate limit; this is achieved by defining the rate limit value and unit of time (per second/per minute).

Block Known Bot, Threat, or Tor Clients

The titles of these three policies are basically self-explanatory; you can choose to block known bot clients, threat clients, or Tor clients by configuring any or all of the policies.

If you have questions or would like more information, you can contact our knowledgeable team, who are always happy to help.

New Validation APIs to Up your Security Game
4/27/2021 - Laura Bouchard

It seems that the list of online threats is constantly growing, which is why our engineers at Cloudmersive are continually researching and developing new APIs and services to protect you from all angles. This week, I’m excited to share four new data validation APIs that have been designed to scan for threats that fly under the radar of basic anti-virus software. These functions have been uploaded and are available for use in our API Console.

Scan Text for Structured Query Language (SQL) Injection Attacks

We have added two new APIs that will scan a single text input or multiple text inputs in batch for SQL injection attacks; these attacks target security vulnerabilities within website or database form fields and have become a serious online threat to many companies. Integration of these APIs will allow you to automatically detect an SQLI attack and define the threat detection level you want to utilize; set it to Normal to target a high-security SQL Injection detection level with a very low false positive rate, or select High to target a very-high security SQL Injection detection level with higher false positives. Default is Normal (recommended).

Check Text for XML External Entity (XXE) Attacks

Similar to the above APIs, our next validation APIs were also designed to scan a single text input or multiple text inputs in batch. However, these functions target XXE attacks, which are a type of cyber-threat that exploits an opening that occurs when an application parses an XML request to create an output. In addition to scanning the input text for XXE attacks, this API includes optional parameters to block internet-based dependency URLs such as DTDs or create lists of safe/un-safe URLs.

Keep an eye out for our next update which will be coming soon! If you have questions about these APIs or any of our other services, you can reach out to our expert team, who will be happy to assist.

Cloudmersive Storage Protect: Azure Blob Edition
4/23/2021 - Laura Bouchard

In our previous blog post, I shared how you can use our Cloudmersive Storage Protect service for AWS S3. Now – as promised – I’m going to discuss how to use it to protect files uploaded to an Azure Blob.

Process Overview

Similar to the AWS S3 process, the Cloudmersive Storage Protection system integrates with your Azure Blob system to apply security policies for all files that are uploaded to a Blob container. Notifications will be sent when new files are created or updated, and the service will automatically respond with the necessary action.

Flexible Deployment

Again, deployment for your Azure Blob storage will be very similar to the AWS S3 options. You can choose to use Cloudmersive Storage Protection in a Managed Instance or in a Private Cloud self-managed deployment. For both models, you will need to contact your Cloudmersive rep to provision the required instance or licenses.

Connection and Setup

The setup for your Azure Blob service is very simple and can be completed within 5 minutes.

The first step is to navigate to the Cloudmersive Account Portal to add a connection by filling in the required fields and specifying the outcome actions you want to occur when Clean or Infected files are identified.

Then you will configure the callback from Azure Storage to Cloudmersive Storage Protect by managing the connection you created in the previous step, adding your API key, and following the instructions provided to setup the Azure Blob Storage notifications to your Cloudmersive server.

Want more details? We created a video on our YouTube channel which showcases the process step-by-step. Check it out here:

How to Scan Azure Blob Files for Viruses

Introducing Cloudmersive Storage Protect for AWS S3
4/16/2021 - Laura Bouchard

Have you checked out our Cloudmersive Storage Protect service yet? It allows you to protect your cloud storage from viruses, malware, and other threats by automatically scanning files and objects uploaded to AWS S3 or Azure - no coding required! In this post, I’m going to give you a quick rundown of what the process looks like for AWS S3 and how the setup works.

Seamless Integration

The Cloudmersive Storage Protection system integrates with your AWS S3 system, allowing you to apply security policies for all files that are uploaded to AWS S3. You’ll get notified when new files are created or updated, and the service will automatically respond with the necessary action.

Flexible Deployment

You can choose to use Cloudmersive Storage Protect in a Managed Instance or in a Private Cloud self-managed deployment. For both options, you will need to contact your Cloudmersive rep to provision the required instance or licenses.

Get Connected

Setup for this service is super quick and efficient.

First, you’ll create a secure cloud connection between Cloudmersive Storage Protect and AWS S3; you can specify the outcome actions for what you want to happen when Clean or Infected files are found, allowing for a fully customized experience.

After that, all you’ll need to do is connect AWS S3 back to Cloudmersive Storage Protect by managing the connection you created and setting up notifications to the Cloudmersive server.

Keep an eye out for our next blog post, which will discuss how to use Cloudmersive Storage Protect for Azure Blob! If you have any questions, reach out to our excellent sales team, who are always happy to help.

We've Added New Programming Languages to our Library
4/8/2021 - Laura Bouchard

Here at Cloudmersive, we are constantly exploring opportunities to enhance our product line and improve the overall experience for our customers. In the previous blog post, I hinted that we had some exciting new capabilities added, and now I am pleased to announce that five new programming languages are available across our entire library of APIs! The additional languages have already been uploaded to our API Console, so you can check them out at your convenience.


One of the most popular programming languages out there, JavaScript was a no-brainer addition to the library. Along with HTML and CSS, it’s a core online technology and an essential piece of web applications.


Developed by Apple and the open-source community as an updated and more secure replacement for Objective-C, Swift is one of the fastest-growing programming languages.


C++ was created as an extension of the C programming language, and while they are very similar, they do have some significant differences. For the APIs, we have consolidated them under one option, and the developer can specify which language they want to use.


Go is a programming language that was designed by Google to improve programming productivity and provide an alternative that took some of the positives from other programming languages and left out the negatives.


Client URL (cURL) is a little different than the above additions, but valuable nonetheless; it is a computer software project which provides a library and command-line tool that allows you to transfer data via various network protocols.

New AllowMacros Feature Added to Advanced Virus Scan API
3/23/2021 - Laura Bouchard

Macros have two sides; on one hand they can be incredibly helpful for automating repetitive tasks and saving time, but on the other hand, they have a history of being the vehicles for malicious content distribution online. To guard against the less desirable side of macros, we have added a new AllowMacros feature to our Advanced Virus Scan API.

Advanced Virus Scan

As a reminder, our Advanced Virus Scan API provides 360-degree content protection with customizable rules to meet your business’s needs. The AllowMacros feature joins several other parameters such as AllowExecutables, AllowScripts, and AllowInvalidFiles to assist in protecting you and your customers. To activate these features, you simply set the parameter to false to block the potential threat.

Broad Content Security

If set to false, the AllowMacros component will shield you from threats embedded in document files such as Word, Excel, and PowerPoint embedded macros, as well as other embedded content threats.

Stay Tuned

We have been adding new APIs and programming languages over the past few weeks, so we will be sharing info about those soon! Keep checking back for updates and if you have questions, never hesitate to contact our knowledgeable Sales team.

Cloudmersive Meets Mendix: A New and Exciting Partnership
1/14/2021 - Laura Bouchard

We are pleased to share that the Cloudmersive API Suite is now available on Mendix, a low-code platform that rapidly creates applications to serve business needs. Implementation and sign-up for a free account can be done in just five minutes; once complete, you will have access to all the Cloudmersive APIs with one plan/pricing model and end-to-end support and services.

How It Works

The Cloudmersive Mendix Connector takes some of our most popular APIs and uses visual development tools to enable quick results with minimal manual coding.

Key Features

  • Scan files for viruses, generate PDF/Word files, convert documents, resize/manipulate images
  • Seamless integration in your project with reusable components
  • Example workflows and use cases to enable smart automation of your app
  • Easily extendable new features

Current Offerings

  • Virus scan
  • Image recognition/processing
  • Generation of Word Docs/PDFs based on templates
  • Content moderation for images and files with not-safe-for-work content

Future Offerings

  • Document & Data Conversion – automated file conversion for all popular file formats
  • Receipt scanning and business data extraction from photos
  • Malware scan for website URLs
  • Convert/encode/transcode videos
  • Speech-to-text

Superior Security

When using the Cloudmersive Mendix Connector, you will receive the same top-notch security that you would when using our APIs as a stand-alone. Payload data is not stored or retained after each transaction is completed, which provides you with optimal security, privacy, and performance. For more information, check out our Cloudmersive Security page.

Our Newest Service: Virus Scanning Reverse Proxy Server
12/9/2020 - Katherine Coyle

We are excited to announce the introduction of our newest service, the Virus Scanning Reverse Proxy Server. This feature can be used to automatically protect any web application or API from viruses and malware, with no code changes.

Scan and Block Malware

Stop malware uploads before they reach your server, and protect against viruses in base-64 binary data in JSON and XML APIs.

Wide Protection with No Code Changes

With a single deployment and easy management, you can utilize virus and malware protection across all your applications with no need for code changes.

Advanced Protection and Mission Critical Performance

With advanced virus scanning capabilities, this feature can scan for over 17 million virus and malware signatures, provide 360-degree content verification, and ensure multi-factor threat analysis. All of this will be partnered with high availability, disaster recovery, and multi-node and multi-datacenter region deployments to ensure mission critical infrastructure and performance.

If you’d like to learn more, contact our expert team, who are always happy to help.

Take a Look at our New Data Validation APIs
12/1/2020 - Katherine Coyle

We know how important it is to have a polished, professional platform available for use by your organization and users. This means automating and simplifying as much as possible to create a streamlined, easy-to-use site that provides all necessary data without having to perform any external queries. We are making this even more attainable by introducing five new data validation APIs to our library that will retrieve and verify information for location and time.

Normalize a Street Address

This function will take a structured street address, parse it, and return its parts as separate, normalized objects including the latitude and longitude of the location.

Get the Current Date and Time

With this, you can return the current date and time for your location. Its response is synchronized with atomic clocks so it will always be consistent and accurate.

Retrieve a list of all Public Holidays

This will enumerate a list of all the public holidays for a given country in a specified year, with support for over 100 countries.

Parse a Structured Date and Time Object

With this function, you can parse a structured date and time string into a date/time object. This is intended for standardized date strings that adhere to formatting conventions, rather than natural language input.

Use NLP to Parse Unstructured Date/Time Objects

Unlike the function above, this API will parse unstructured date/time strings. It is intended for lightweight human-entered input, such as “tomorrow at 3pm” or "Tuesday," and will be verified using Natural Language Processing to retrieve the structured time information for the input.

We’ve Added New File Conversion APIs to our Library
11/16/2020 - Katherine Coyle

I am excited to announce that we have recently updated one of our most popular offerings, our Conversion APIs! These updates include new functions that will help you automate and optimize your business such as Data File Conversion, PDF Editing and Conversion, and Document Conversion.

Convert Data Files


We have added two new APIs for converting data to XML from CSV and XLSX. XML is a universal file format that is older and more widely used that JSON. This format is computer-readable and thus it is similar to HTML easily processed by online systems. However, it is not as constrained, as it is designed for storing any data type.

Edit PDF Documents


This API will convert PDF files to PDF/A-1b or PDF/A-2b standardized documents. PDF/A is an internationally standardized form of PDF in that it meets universal compliance and compatibility standards that may not be possible with the original PDF file type. Because of this, a PDF/A file will look the same across platforms while a PDF might become corrupted or face formatting errors.

PDF Reduce File Size

This function will optimize the content of a PDF document to minimize its file size. This is useful when scanning and sharing contracts or other signed documents, as the original PDF file may be too large to email. With this function, you can reduce the size of the file by digitally compressing its contents.

PDF Linearize

With this API, you can linearize the content of a PDF file to optimize it for streaming download, particularly over web streaming. By performing the function, your PDF file will be simplified internally, with the contents stored in the correct order for viewing. Thus, large files can be viewed while its contents are downloaded to improve your overall efficiency.

Revert Office Documents to Legacy Format


For those who work with older versions of the Microsoft Office Suite, or who have partners that maintain usage of these programs, these new APIs will give you the capability to downgrade your Word (DOCX), Excel (XLSX), and PowerPoint (PPTX) documents to their legacy formats: DOC, XLS, and PPT.

Introducing Our New “How To” YouTube Channel
10/15/2020 - Katherine Coyle

To better assist you in utilizing our top-tier APIs, we have just launched our new “How To” channel over on YouTube!

The goal for this channel is to provide comprehensive, real-time walkthroughs for our functions in programs like Power Automate, Azure Logic Apps, and more. Ultimately, adding these to your workflow will not only vastly increase overall working speed but also radically boost your business’ digital capabilities with a few clicks of a button.

We already have a few videos posted for some of our Power Automate connectors.

Check them out here:

How to Convert an Excel Spreadsheet to PDF in Power Automate and Logic Apps

How to Convert a Single Excel Worksheet to PDF in Power Automate and Logic Apps

How to Convert a CSV File to JSON in Power Automate and Logic Apps

How to Convert a JPG Image to PNG in Power Automate and Logic Apps

Upgrade Security with our New IP Address and Domain Name APIs
10/5/2020 - Katherine Coyle

The security of your organization and your clients’ information is always at the forefront of our innovations. Thus, we are pleased to announce our newest IP Address and Domain Name APIs. These updates are all based around increasing your organization’s online security and protecting you from any known or unknown threats. Go check out our API Console where these functions are now up and available.

Scan for Known IP Address Threats

Boost your site’s security by allowing our IP Threat Detection API to scan any incoming IP Addresses for known botnets, bad IPs, compromised servers, and other lists of threats.

Tor Exit Node Server Detection

This function can detect if an input IP Address is a Tor exit node server. This will let you know if, and when, a user’s IP address is hidden behind a privacy wall.

Return Domain Name Quality Score

This new Domain Name API can be used to check the quality of a domain name. These scores indicate the authority of a domain name, with high scores equating to more trustworthy sites.

Keep checking back here as we continue to add to and improve our library of APIs. If you’d like to learn more, contact our expert team, who are always happy to help.

Introducing our Address Validation APIs!
9/25/2020 - Katherine Coyle

At Cloudmersive we are working constantly to increase your business capabilities through advanced, class-leading API technology. Because of that, we are always looking for new ways to add to our extensive library of APIs. Thus, we are excited to introduce our new, secure Address Validation APIs! These functions are available in our API Console now, so go take a look and check out all of their new capabilities.

Parse Addresses

You can now input unstructured text strings and our function will use Natural Language Processing (NLP) to return a formatted address with support for international and other formatting norms.

Validate Address Information

If you need to extract specific data from an input address, our APIs will parse and give select output on:

  • Street Address

  • City

  • State

  • Postal code

  • Country

  • Regional Information

This capability has support for all major international addresses and will return the latitude and longitude of the location.

Populate a List of Countries

Our Country List API will now allow you to enumerate a list of ISO 3166-1 countries including country codes, currency, region, and EU Membership.

Check European Union Membership

For those who do business internationally, we now have a function specifically for validating EU membership for an input address. This will aid in following GDPR and other EU specific regulations and cut down on hassle during international transactions.

Retrieve Currency, Region, and Time Zone Information

If you are solely looking for regional data from an address, a few of our new APIs will extract currency, continent, and time zone data directly to cut down on time and improve your workflow.

Make sure to keep an eye out for our next update so that you can stay at the cutting-edge of the API world. If you’d like to learn more about our constantly updating library of APIs, you can contact our team of experts, who are always happy to help!

Our Newest Service - Currency and Exchange Rate APIs
9/21/2020 - Katherine Coyle

Here at Cloudmersive, we aim to offer you class-leading, enterprise-grade solutions with our secure APIs. With that in mind, we are excited to announce some of our newest API offerings (available now!), Currency APIs! Within this category, we are introducing three different APIs that will enable you to easily convert prices and track and display current exchange rate data.

Convert Prices Between 30+ Currencies

This API will allow you to convert prices between international currencies automatically at your Point of Sale. Along with the price conversion, this process will return the appropriate currency symbol and ISO currency code.

Exchange Rate Data

Within this category, we have two APIs that will provide you with constantly updating exchange rate data. The first will populate a list of all available currencies along with their currency symbol, country of origin, and EU membership status, while the second will specify the exchange rates between specific source and destination currencies.

With these top-of-the-line API solutions, you can upgrade your online commerce operations and improve your productivity in an instant! For inquests concerning this or one of our many other APIs, you can contact our Cloudmersive team for help.

New Cloudmersive Enterprise Management Capabilities
9/17/2020 - Katherine Coyle

In our continued efforts to optimize your Cloudmersive experience through our secure, enterprise-grade API platform, we have rolled out a new feature on your Account Dashboard! When logging into your Cloudmersive Account, check for our latest update, the Security Center.

With this feature, you now have direct access to monitor your API Keys and usage as well as account security measures and more. This page also features two new tools for our partners on Business level and above, Two-Factor Authentication management and an API Analytics viewer.

Manage Two-Factor Authentication

Our Two-Factor Authentication helps protect your information by adding increased security to your account.

View API Analytics

The API Analytics viewer allows review of all individual API calls made through your Cloudmersive account to help you manage your end-to-end performance. This tool will also track your granular API-level access logs and provide you with real-time analytics.

The next time you access your Cloudmersive account, make sure to check out these new features and see how we are working to keep you protected and moving forward. Our team is available to help, so contact your Cloudmersive representative to learn more about everything Cloudmersive has to offer.

Video and Media Services API Released
8/10/2020 - Juanzi Li

We are excited to announce that the Cloudmersive Video and Media Services API has just been released to general availability. This powerful new API enables rapid conversion, encoding, moderation, editing and processing of video and audio content at scale.

Video Conversion and Encoding

Programmatically convert and encode videos on-demand with our powerful video encoding pipeline APIs. Leverage key formats such as MP4, MOV, WEBM, and GIF. Our high-performance APIs rapidly process input files.

Get great results by default, or customize and fine-tune encoding parameters.

Audio Conversion and Encoding

Use a similar approach for the most widely used audio formats in the industry as well. Programmatically convert and encode audio on-demand with our powerful video encoding pipeline APIs. Leverage key formats such as MP3, M4A, WAV and AAC.

Video Editing

Programmatically edit and split video streams, with support for a wide range of video formats.

Video Resize

Programmatically resize video streams, with or without aspect ratio preservation, with support for a wide range of video formats.

Video Thumbnail Extraction

Programmatically extract thumbnails from input videos.

Automated Video Moderation

Automatically scan input videos for moderation criteria, such as nudity and not-safe-for-work (NSFW) content using our advanced Deep Learning APIs.

Metadata Extraction

Programmatically extract data from existing videos, including format, size, type.

New Document Conversion APIs Released
8/3/2020 - Juanzi Li

We are excited to announce the availability of a number of key new Document Conversion and Processing APIs as well as some key improvements.

New DOCX and PPTX Replace All APIs

We released new APIs to replace single or multiple strings in DOCX and PPTX files. This makes it very easy to use a DOCX or PPTX as a template, and fill in dynamic data through multiple string replacements.

New HTML Edit APIs

We released new HTML APIs to quickly and easily build HTML documents and reports. These documents can then be used together with our HTML to PDF, HTML to image, or HTML to DOCX APIs to build reports and images quickly and easily.

Improvements to HTML to PDF APIs

We enhanced our HTML to PDF APIs to support scale factor as a parameter, and the option to render background graphics.


We released new APIs that enable CSV to HTML, XLSX to HTML, and CSV to PDF.

File Processing Connector for PowerAutomate and Azure Logic Apps Released
8/1/2020 - Juanzi Li

We are excited to announce the availability of the Cloudmersive File Processing Connector for Microsoft Power Automate, Azure Logic Apps, and Microsoft PowerApps worldwide. This connector enables the processing of files at scale for a wide array of business use cases.

Zip File Processing

Create, compress, and extract zip files. Add encryption or decryption, and password protection.

Text Processing

Encode and decode text, process and parse text, and generate text output for reporting. Manage whitespace, line endings, find and replace and more.

We Are Hiring - Technical Writer
5/12/2020 - Juanzi Li

Are you passionate about building great technical documentation and articles for developers and businesses? Then this post is for you.

Come join our talented team of technical writers doing great work. We are excited to announce a new technical writer position at Cloudmersive. Apply today through our website.

COVID 19 Response
3/3/2020 - Juanzi Li

We are reaching out to update you on Cloudmersive's response to the COVID-19 pandemic. We are committed to keeping communication lines open and strong during this time of global uncertainty. We are committed to keeping the safety and wellbeing of our employees and customers our number one priority. We understand that many of our customers are experiencing great disruptions to their work and personal lives. We are here for you during this time of need.

Commitment to Continued Service

Cloudmersive's number one value is trust. Our Disaster Recovery and Business Continuity Teams have been carefully monitoring global changes as they occur to keep us informed and prepared. Our incredible teams of dedicated employees are working to ensure guaranteed continued service. We understand that you rely on us to help your business run, and we are committed to keeping you informed. At this time, we do not expect COVID-19 to affect the quality of your service. We will, of course, continue to keep you informed.

Cloudmersive Employee Safety

Our adaptive team members will continue to support you from the safety of their homes, while continuing to keep your security and service needs a top priority. Cloudmersive is committed to the safety of our employees and our communities. By keeping our employees home and suspending all business travel until further notice, we are doing our part to help flatten the curve.

Here to Support You

Cloudmersive remains committed to ensuring customer success. We understand that your needs may change as the world adapts to COVID-19. We are dedicated to maintaining customer success through the duration of this crisis. Our communication lines are open, and we welcome you to let us know if your needs change during this trying time.

Should you have any questions or concerns please feel free to reach out to our support team. We are always happy to answer any questions you may have.

Thank you for your support and understanding.

The Cloudmersive Team

We Are Hiring - Senior Software Engineer
1/15/2020 - Juanzi Li

Are you passionate about building amazing API products for leading businesses all the around the world? Then this message is for you.

We are excited to announce that we are hiring for a Senior Software Engineer position.

This position offers key perks such as remote working, and a high level of responsibility within Cloudmersive. Apply today through our website.

800 free API calls/month, with no expiration

Get started now! or Sign in with Google

Questions? We'll be your guide.

Contact Sales