I understand the question such that your actual files in the server side file system do have file name extensions ("/path/to/xxx.pdf"), but that this extension is missing in the requested URLs. If that assumption is corrrect (your question is vage...), then this probably is what you are looking for:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}.pdf -f
RewriteRule ^/?(.+)$ /$1.pdf [END]
Here it is important that you do not simply copy and paste that snippet, but that you actually understand what is coded there, so that you can adapt it to your specific needs. The excellent documentation of the rewriting module is a good help in that: https://httpd.apache.org/docs/current/mod/mod_rewrite.html
In case you receive an internal server error (http status 500) using the rule above then chances are that you operate a very old version of the apache http server. You will see a definite hint to an unsupported [END]
flag in your http servers error log file in that case. You can either try to upgrade or use the older [L]
flag, it probably will work the same in this situation, though that depends a bit on your setup.
This rule will work likewise in the http servers host configuration or inside a dynamic configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT
folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).