What is the Zignature Embeddable Template Editor?

The Embeddable Template Editor lets you embed Zignature's full drag-and-drop document builder inside your own SaaS application via iframe. Your users get a complete template-building experience — placing signature fields, date pickers, text inputs, and more — without ever leaving your platform. You control branding, allowed field types, and receive events via postMessage.

How do I generate an embed URL for the template editor?

Make a POST request to /api/templates/:id/editor_session (or the alias /api/templates/:id/build_url) with your API key. The response includes a signed, time-limited editor_url. Load that URL in an iframe. The token expires automatically after the configured window (default 1 hour). No per-user auth setup required.

Can I restrict which field types are available in the embedded editor?

Yes. Pass an allowed_fields array in the editor session request to restrict the field palette. For example, pass ['signature', 'date', 'text'] to show only those three field types. Users cannot add any field type not in the list.

How do I know when the user saves or finishes editing?

The embedded editor sends postMessage events to the parent window: editor.ready (iframe loaded), editor.saved (user saved), editor.done (user clicked finish), editor.fields (field list changed), and editor.error. Listen for window.addEventListener('message', ...) in your app to react to each event in real time.

Does the embedded editor support custom branding?

Yes. Pass a theme object in the session request with accent_color, logo_url, and button_label. The editor adopts your colors and logo instantly. Combined with a custom domain, your users see a completely white-labeled document builder.

Embeddable Editor

Developer API

A full doc builder. Inside your app.

One API call gives your users a complete drag-and-drop template builder — embedded in an iframe, branded as yours, with real-time events piped back to your app.

One API call to embed — POST to get a signed URL, load it in an iframe. Done.

postMessage events — real-time notifications when the user saves, finishes, or edits

Your brand, your colors — custom logo, accent color, and button label per session

Restrict field types — allowlist exactly which fields your users can place

Start Building — Free API Docs

Works from any domain

Signed, expiring tokens

No X-Frame-Options issues

app.yourplatform.com/templates/edit/nda-template

Your App

Dashboard

Templates

Contacts

Reports

Settings

Active

NDA Template

SOW v2

MSA

Embedded via Zignature API — NDA Template

Live

Fields

✍️ Signature

📅 Date

Aa Text

☑ Checkbox

🖊 Initials

Signature — Party A

Date

MM / DD / YYYY

postMessage events

editor.ready

editor.field.added

editor.saved

editor.done

POST /api/templates/:id

/editor_session

200 OK — editor_url

Integration Guide

Five minutes from zero to embedded.

No OAuth dance. No SDK install. Just an API key and an iframe.

Create a template

Use the Zignature dashboard or API to create the base document template. This is your starting point — your users will customize it in the embedded editor.

POST /api/templates
Authorization: Token your-api-key

Request an editor session

POST to get a signed, time-limited URL. Pass your theme, allowed field types, and an optional webhook URL. The response gives you editor_url — that's your iframe src.

POST /api/templates/:id/editor_session
{
"theme": {
"accent_color": "#7c3aed",
"logo_url": "https://yourapp.com/logo.png",
"button_label": "Save Template"
},
"allowed_fields": ["signature", "date", "text"],
"expires_in": 3600
}

Embed and listen

Drop the URL into an iframe. Listen for postMessage events to know when your user saves, finishes, or makes field changes.

<iframe
src="{editor_url}"
style="width:100%;height:100%;border:none"
></iframe>
// Listen for events
window.addEventListener('message', (e) => {
if (e.data.event === 'editor.done') {
onTemplateSaved(e.data);
}
});

postMessage events reference

editor.ready

Fires when the iframe has fully loaded and the editor is interactive. Use this to hide your loading spinner.

editor.saved

User clicked Save. Template changes are persisted. Payload includes updated field list and template metadata.

editor.done

User clicked the finish button (your custom label). Redirect or close the iframe — the user is finished editing.

editor.field.added / .removed

Fires when a field is placed or removed. Payload includes field type, position, and the signer role it's assigned to.

editor.error

An error occurred inside the editor. Payload includes a human-readable message you can surface to the user.

Everything you'd build yourself — already done

Building a document template editor from scratch takes months. This one is ready in an afternoon.

Full theme control

Pass accent_color, logo_url, and button_label per session. Every embed looks like your product.

Field allowlisting

Restrict users to only the field types relevant to your use case. No rogue checkbox fields or payment fields where you don't want them.

Signed, expiring tokens

Editor URLs are cryptographically signed and expire after your configured window. No leaked URLs give strangers access to your users' templates.

No X-Frame-Options blocks

All /embed/ paths have X-Frame-Options permanently stripped at the Rack layer. Embed from any origin, no CORS wrestling.

Webhook notifications

Pass a webhook_url in the session to receive server-side callbacks when the template is saved — no polling required.

Metadata passthrough

Attach arbitrary JSON metadata to the session — customer ID, org ID, deal reference. It echoes back in every event and webhook payload.

What can you build with this?

Any SaaS product that involves documents can offer its users a powerful template builder — in a weekend.

HR & Onboarding Platforms

Let HR teams build their own offer letters, NDAs, and policy acknowledgments inside your platform — without exporting to Word or emailing PDF attachments.

CRM & Sales Platforms

Give sales reps a deal-room document builder. They set up proposals, SOWs, and contracts without leaving your CRM — and send for signing in the same workflow.

Real Estate & PropTech

Let brokers build custom listing agreements, disclosure forms, and lease addendums in your platform. Every form built once, used hundreds of times.

Developer FAQ

Is the embed URL cross-origin safe?

Yes. All /embed/ paths have X-Frame-Options and Content-Security-Policy frame headers permanently stripped by a dedicated Rack middleware layer. Load the iframe from any domain — no CORS configuration required on your end.

What happens when the token expires mid-session?

The editor fires an editor.error postMessage event with a session_expired reason. Your app can intercept this, request a new editor session, and swap the iframe src — the user sees a seamless refresh.

Can the embedded editor handle multi-signer templates?

Yes. The full template builder supports defining multiple signer roles, assigning fields to each role, and setting signing order. Everything available in the main Zignature builder is available in the embedded version.

What plan do I need to use the Embeddable Editor API?

API access including the embeddable editor is available on Business and Enterprise plans. You can test the integration in development on the free tier. See pricing →

A full doc builder. Inside your app.

Five minutes from zero to embedded.

Create a template

Request an editor session

Embed and listen

Everything you'd build yourself — already done

Full theme control

Field allowlisting

Signed, expiring tokens

No X-Frame-Options blocks

Webhook notifications

Metadata passthrough

What can you build with this?

HR & Onboarding Platforms

CRM & Sales Platforms

Real Estate & PropTech

Developer FAQ

Stop building document tooling.Ship your actual product.

Stop building document tooling.
Ship your actual product.