How AI Summarize PDF works

1. Pick a provider and model. Anthropic (Claude) or OpenAI (GPT). The default is claude-sonnet-4-6 for Anthropic and gpt-4o-mini for OpenAI. The model field accepts any model ID the provider's API recognises — paste a different one if you want Opus, Haiku, GPT-4.1, an o-series reasoning model, or anything else they've shipped.
2. Paste your API key. The key field is a password input — masked by default, with an eye toggle if you need to verify. Tick "Remember this key on this device" to persist it in localStorage; leave it unticked on a shared machine. Clear wipes it in one click.
3. Pick a summary length. TL;DR (one sentence), Short (one paragraph), or Full (multi-section structured). The tool sends a different prompt template for each so the model knows the shape you want.
4. Drop a PDF in. PDF.js extracts the text page-by-page in your browser. You'll see the page count and the character count. Image-only scans extract empty text — run /ocr-pdf first if so.
5. Click Summarize. The browser POSTs the prompt and the extracted text directly to the provider with your API key in the headers. The streaming response writes into the textarea token-by-token as it arrives.
6. Copy or read. When the stream ends, you'll see the input/output token counts, the model used, and a rough cost estimate. Copy the summary into your notes, or click Stop mid-stream if it's heading the wrong direction.

The bring-your-own-key shape

Most "AI summarize PDF" tools take your file, run their own LLM call, and either bill you or rate-limit you. We don't, because the same call is cheaper and more transparent if you make it directly. Anthropic charges roughly $3 per million input tokens for Claude Sonnet; a 50-page PDF is around 30K tokens, which works out to about $0.09 per Sonnet summary. OpenAI's gpt-4o-mini lands around $0.005 per summary at the same length. Both provider dashboards show the exact charge.

The flip side: you need an account. Sign up at console.anthropic.com or platform.openai.com, add a payment method, generate an API key. Anthropic keys start with sk-ant- and OpenAI keys with sk- — the tool checks the prefix in the error message when a 401 comes back. The whole signup-to-first-summary flow takes about 10 minutes and is roughly the same cost as one month of an iLovePDF or Smallpdf subscription, except you pay per use and the tool runs on your hardware.

Privacy callout — what's in the network tab

When you click Summarize, exactly one network request goes out. Open DevTools → Network and watch it happen. The URL is https://api.anthropic.com/v1/messages (Anthropic) or https://api.openai.com/v1/chat/completions (OpenAI). The headers carry your API key (x-api-key for Anthropic, Authorization: Bearer for OpenAI). The body is JSON with the model name, the prompt, and the extracted PDF text.

No request goes to pdfmavericks.com. None. The tool itself is static JavaScript served from Firebase Hosting, and there's no pdfmavericks.com endpoint that touches your key or your PDF — there couldn't be, because we don't run a server in this stack. PostHog and Google Analytics fire on page load to count anonymous tool usage, but those events carry only metadata (tool name, page count, file-size bucket, duration). They don't carry the PDF text, the API key, or the summary. If you've blocked analytics with uBlock or a strict browser, those don't fire either, and the tool still works.

The Anthropic Messages API in particular requires the header anthropic-dangerous-direct-browser-access: true for browser fetches — this exists because the standard Anthropic recommendation is to call the API from a backend that hides the key. We don't have a backend. The user's key is in their browser by definition because they pasted it. Anthropic's header is essentially "yes, I know I'm shipping the key client-side, that's the design." It's the right call for a tool whose entire promise is that nothing is uploaded to us.

When this tool is right vs. wrong

Right: short-to-medium PDFs (1–50 pages), text-based, where you want a quick read or a structured note. Research papers, board memos, contracts under review, blog post drafts in PDF form, marketing decks where you want the gist.

Wrong: 500-page contracts (won't fit a single context window — chunk first), image-only scans (no extractable text — run OCR first), highly numerical reports where the model will hallucinate a percentage. For numeric reasoning, paste the table into a code interpreter or use a math-grounded tool, not a vanilla summarizer.

Right but careful: legal documents and confidential PDFs. Yes, the PDF text goes only to the provider. But the provider can store it in their training-data pipeline depending on your account settings. Both Anthropic and OpenAI offer no-train opt-outs at the API level by default for paid plans — verify the setting on your account before sending anything sensitive.

Wrong: as a substitute for actually reading. The summarizer is a filter, not a reader. Don't sign a contract because the AI summary said it was fine.

Failure modes the tool surfaces honestly

HTTP 401. The key was rejected. Usually pasted the wrong provider's key, or the key was rotated and you're using the old one. Check the prefix.

HTTP 429. Rate-limited. New accounts have low rate limits; usage tier increases as you spend. Wait a minute and retry, or upgrade your plan.

HTTP 400 with "context length exceeded". The PDF was too long for the model's window. Pick a longer-context model, pick a shorter summary length, or split the PDF first via /split.

HTTP 404. The model ID is wrong. Check the spelling on the provider's docs page; model IDs change with releases.

Empty extracted text. The PDF is image-only. The tool tells you to run /ocr-pdf first — Tesseract.js in your browser, no upload — and then re-run the summarizer.

CORS error in console. Should never happen with the published Anthropic / OpenAI endpoints — both allow direct browser calls when the dangerous-direct-browser-access header is set (Anthropic) or by default (OpenAI). If you see one, the provider is in maintenance or the model endpoint changed; check status.anthropic.com or status.openai.com.

Pairs with the AI summarize PDF blog post

Our deeper write-up on the bring-your-own-key approach for AI PDF summarization is at /blog/ai-summarize-pdf — it covers the cost arithmetic for typical PDF lengths, the privacy posture compared to upload-based competitors, and the case for the BYOK pattern more generally. If you're trying to decide whether to bring your own key here or pay for ChatPDF / iLovePDF AI / Smallpdf summarize, that post lays out the numbers.