Template Editor API Integration
Integrate the DS Templates platform into your CMS — provide your users with a complete template library, editor, and template management, fully white-labeled under your own domain.
This document is confidential and intended for DS Templates integration partners only. It describes a reference integration and serves as a practical example of how the DS Templates platform can be embedded into a CMS. Every CMS provider has a unique architecture — we work closely with each partner to determine the optimal integration approach. The endpoints, data flows, and authentication methods can be adapted to your platform's needs.
Contact us to discuss how we can tailor the integration to your platform.
Core Components
The integration consists of three main components that together provide a complete template experience for your users.
| Component | Type | Description |
|---|---|---|
| Template Library | API | Retrieve all available templates with previews, thumbnails, and categories to present to your users |
| Template Editor | Iframe | Embedded editor where users customise templates with their own content |
| User Templates | API | Retrieve saved templates per user — the "My Templates" overview |
User Flow
The typical end-user journey follows four steps. Your CMS controls the UI; DS Templates provides the data and editor.
White-label & Custom Domain
All DS Templates URLs can be served from your own domain. Your end-users will never see or find the DS Templates brand.
| Default URL | Your domain |
|---|---|
https://content.ds-templates.com/... | https://templates.yourcms.com/... |
https://api.dstemplates.nl/v1/... | https://api.yourcms.com/templates/... |
White-label is configured by pointing a CNAME record to our servers. We handle SSL certificates automatically. Contact us to set up your custom domain.
Authentication
Authentication is handled via JWT tokens. Your CMS backend requests a token for a specific user, and that token is used for all subsequent API calls and to load the editor iframe.
Roles
| Role | Permissions |
|---|---|
viewer | Browse templates, view previews |
editor | Browse, edit, save, and manage own templates |
admin | Full access including user management |
Generate JWT Token
Your CMS backend requests a JWT token for a specific user. This token is then used for all authenticated operations.
{
"external_user_id": "cms-user-456",
"account_id": "company-123",
"role": "editor"
}| Field | Type | Required | Description |
|---|---|---|---|
external_user_id | string | Yes | The user's ID in your CMS |
account_id | string | Yes | The account/company ID in DS Templates |
role | string | Yes | One of: admin, editor, viewer |
{
"jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 3600
}Tokens are valid for 3600 seconds (1 hour). Implement token caching and refresh logic server-side. The JWT token is used both as a Bearer token for API calls and as a query parameter to load the editor iframe.
Manage Sub-users
Provision sub-users with specific roles for an account. Existing users (matched by external_user_id) are skipped.
| Parameter | Type | Description |
|---|---|---|
account_id | string | The account/company ID |
{
"subusers": [
{
"external_user_id": "cms-user-456",
"email": "user@company.com",
"role": "editor"
},
{
"external_user_id": "cms-user-789",
"email": "admin@company.com",
"role": "admin"
}
]
}{
"success": true,
"created": 2,
"skipped": 0
}Template Library
Retrieve all available templates to display in your CMS. This powers the template browser/library where users choose a template to edit.
| Parameter | Type | Required | Description |
|---|---|---|---|
category | string | No | Filter by category |
responsive | boolean | No | Filter by responsive support |
[
{
"template_id": "abc123",
"preview_url": "https://content.ds-templates.com/template/abc123/preview",
"editor_url": "https://content.ds-templates.com/editor/abc123",
"thumbnail_url": "https://content.ds-templates.com/template/abc123/thumbnail.jpg",
"category": "Information",
"responsive": true,
"is_active": true
},
{
"template_id": "def456",
"preview_url": "https://content.ds-templates.com/template/def456/preview",
"editor_url": "https://content.ds-templates.com/editor/def456",
"thumbnail_url": "https://content.ds-templates.com/template/def456/thumbnail.jpg",
"category": "Promotion",
"responsive": false,
"is_active": true
}
]Use the thumbnail_url and preview_url to build your template library UI. The editor_url is used to load the editor iframe for the selected template.
User Templates
Retrieve all saved templates for the authenticated user. This powers the "My Templates" view in your CMS.
Requires a valid JWT token as Bearer token in the Authorization header.
[
{
"template_id": "xyz789",
"template_url": "https://content.ds-templates.com/template/xyz789",
"preview_url": "https://content.ds-templates.com/template/xyz789/preview",
"duration": 15,
"thumbnail_url": "https://content.ds-templates.com/template/xyz789/thumbnail.jpg",
"creator": "Jan Jansen",
"last_edit": "2025-11-01T12:00:00Z",
"ratio": "16:9",
"language": "nl"
}
]The template_url points to the live renderable version of the saved template. Use this URL in your CMS playout or scheduling system. The preview_url provides a static preview.
Editor Iframe
The template editor is loaded in an iframe. The editor_url from the template library response is used as the iframe source, with the JWT token appended as a query parameter.
{editor_url}?token={jwt_token}The editor_url is returned by the GET /templates endpoint for each template. Append the user's JWT token as a query parameter. The editor handles all template editing, auto-saving, and preview generation within the iframe.
Embedding example
<div class="editor-container" style="width:100%;height:100vh"> <iframe id="template-editor" src="https://content.ds-templates.com/editor/abc123?token={jwt_token}" style="width:100%;height:100%;border:none" allow="clipboard-write" ></iframe> </div>
PostMessage Communication
The editor communicates bidirectionally with the parent window using the PostMessage API. Always validate event.origin before processing messages.
Editor → Parent Events
| Event | Description | Payload |
|---|---|---|
ready | Editor loaded and ready | Editor metadata |
form-changed | User made unsaved changes | — |
preview-data-updated | Preview refreshed | { previewUrl } |
save-started | Save operation initiated | — |
save-complete | Template saved successfully | { templateId, previewKey } |
save-error | Save operation failed | { error } |
aspect-ratio-changed | Template dimensions changed | { aspectRatio } |
Example: save-complete
{
"type": "save-complete",
"data": {
"templateId": "xyz789",
"message": "Template saved successfully",
"previewKey": "bb2534b15e5cca2de323c60aa44201f9"
}
}Parent → Editor Commands
| Command | Description |
|---|---|
save | Trigger save operation programmatically |
Event listener example
const ORIGIN = 'https://content.ds-templates.com'; const editor = document.getElementById('template-editor'); window.addEventListener('message', (event) => { if (event.origin !== ORIGIN) return; const { type, data } = event.data; switch (type) { case 'ready': console.log('Editor ready'); break; case 'save-complete': console.log('Template saved:', data.templateId); // Refresh your "My Templates" list refreshUserTemplates(); break; case 'save-error': console.error('Save failed:', data.error); break; } }); // Trigger save from your CMS UI function triggerSave() { editor.contentWindow.postMessage( { type: 'save' }, ORIGIN ); }
Additional Endpoints
Beyond the core endpoints documented above, DS Templates can provide additional API endpoints tailored to your platform. These capabilities are available on request and determined in collaboration with each CMS provider based on your specific requirements.
| Capability | Description | Direction |
|---|---|---|
Webhooks | Real-time HTTP callbacks for template events (saved, published, deleted) | DS Templates → CMS |
Content sync | Push or pull content data between platforms for seamless updates | Bidirectional |
Asset management | Upload and manage media assets (images, videos, fonts) per customer | Bidirectional |
Template categories | Manage and customise template categories for your platform | CMS → DS Templates |
Analytics | Usage statistics per template, user, and account | DS Templates → CMS |
Bulk operations | Create, update, or delete multiple user templates in a single request | CMS → DS Templates |
We analyse your platform's architecture and user workflows to design an integration that feels native to your product. The endpoints, data models, and communication patterns are fully customisable. Contact our integration team to get started.
Data Models
Reference for all data objects returned by the API.
Template (library item)
| Field | Type | Description |
|---|---|---|
template_id | string | Unique template identifier |
preview_url | string (URI) | URL to preview the template |
editor_url | string (URI) | URL to load the editor for this template |
thumbnail_url | string (URI) | Thumbnail image URL |
category | string | Template category |
responsive | boolean | Whether the template is responsive |
is_active | boolean | Whether the template is currently active |
MyTemplate (saved user template)
| Field | Type | Description |
|---|---|---|
template_id | string | Unique saved template identifier |
template_url | string (URI) | URL to the live renderable template |
preview_url | string (URI) | URL to preview the saved template |
duration | integer | Loop duration in seconds |
thumbnail_url | string (URI) | Thumbnail image URL |
creator | string | Name of the template creator |
last_edit | datetime | Last edit timestamp (ISO 8601) |
ratio | string | Aspect ratio: 16:9, 9:16, 4:3, 1:1 |
language | string | Language code: nl, en-US, de, fr, etc. |
Error Handling
All API endpoints return standard HTTP status codes with a consistent JSON error format.
| Code | Meaning | Common cause |
|---|---|---|
200 | Success | Request processed successfully |
201 | Created | Resource created successfully |
400 | Bad Request | Missing or invalid parameters |
401 | Unauthorized | Missing or invalid JWT token |
403 | Forbidden | Insufficient role/permissions or inactive licence |
404 | Not Found | Template or resource does not exist |
429 | Too Many Requests | Rate limit exceeded |
500 | Server Error | Internal error — contact support |
Error response format
{
"code": 401,
"message": "JWT token missing or invalid"
}Implement retry logic with exponential backoff for 429 and 5xx responses. For 401 errors, request a new JWT token and retry the original request.
Rate Limiting
API requests are rate-limited per account to ensure fair usage and platform stability. Exact limits are configured per partner and may differ from the defaults shown below.
| Endpoint | Limit | Window |
|---|---|---|
/auth/token | 60 requests | Per minute |
/accounts/{id}/subusers | 30 requests | Per minute |
| All other endpoints | 120 requests | Per minute |
X-RateLimit-Limit: 120 X-RateLimit-Remaining: 115 X-RateLimit-Reset: 1708300800
Security Best Practices
Follow these recommendations to ensure a secure integration.
- Server-side token generation — always request JWT tokens from your backend. Never expose your API credentials in client-side code.
- Token handling — pass the JWT token to the client only via the iframe URL query parameter. Do not store tokens in localStorage or cookies.
- Validate PostMessage origin — always verify
event.originbefore processing any message from the editor iframe. - HTTPS only — all communication must use HTTPS. HTTP requests are rejected.
- Principle of least privilege — assign users the minimum required role (
viewer,editor,admin). - Credential rotation — contact DS Templates to issue new credentials if you suspect a compromise.