API Reference
Generate images and PDFs programmatically. Manage templates and list available fields, all via HTTP.

https://templateson.com/api/v1Authentication
Every request must include a valid API key. Keys are created in your dashboard.
Method 1: X-API-Key Header
The preferred method. Pass your key directly in the request header.
Method 2: Bearer Token
Compatible with OAuth tooling and standard Authorization headers.
API keys are prefixed with son_key_ and are sensitive, so treat them like passwords. Revoke and rotate if compromised.
POST /api/v1/image
X-API-Key: son_key_your_api_key_herePOST /api/v1/image
Authorization: Bearer son_key_your_api_key_here/api/v1/imageGenerate Image
Returns a PNG image. Supports two modes: Template Mode (use a saved template with optional parameter overrides) and Direct Mode (generate a styled text image on the fly without a template).
templateIdtemplate_idtemplateId[paramName]params)paramsformat"json" to receive a base64-encoded JSON response instead of binary"token-function">curl -X POST https://templateson.com/api/v1/image \ -H "X-API-Key: son_key_your_api_key_here" \ -H "Content-Type: application/json" \ -d '{ "templateId": "123e4567-e89b-12d3-a456-426614174000", "full_name": "Jane Smith", "job_title": "Product Designer" }' \ --output card.png
content"Hello World"width800height600fontSize32fontWeight400color"#000000"backgroundColor"#ffffff"textAlign"center"padding40curl "https://templateson.com/api/v1/image?content=Hello%20World&width=1200&height=630&fontSize=48&color=%23ffffff&backgroundColor=%23000000" \
-H "X-API-Key: son_key_your_api_key_here" \
--output image.pngformat=json or set Accept: application/json to receive a base64-encoded image in JSON. Useful for Zapier and no-code integrations. {
"success": true,
"format": "png",
"size": 48291,
"data": "iVBORw0KGgoAAAANS...",
"width": 1200,
"height": 630
}/api/v1/pdfGenerate PDF
Identical parameters to /image. Returns a PDF file instead of a PNG. Supports both Template Mode and Direct Mode with the same parameter set.
The PDF endpoint accepts the exact same parameters as /image. Use templateId for template-based generation, or pass direct styling parameters for simple text documents.
When format=json is passed, returns a base64-encoded PDF in the same JSON envelope as the image endpoint.
curl -X POST https://templateson.com/api/v1/pdf \
-H "X-API-Key: son_key_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"templateId": "123e4567-e89b-12d3-a456-426614174000",
"name": "Jane Smith",
"title": "Engineering Lead"
}' \
--output document.pdf/api/v1/templates/listList Templates
Returns all templates accessible to the authenticated API key: both public templates and templates owned by the key's account.
Authentication
Requires API key (X-API-Key or Bearer token).
Response
Returns a list of template summaries with id, name, and is_public status.
{
"templates": [
{
"id": "123e4567-e89b-12d3-a456-426614174000",
"name": "LinkedIn Banner",
"is_public": false
}
]
}/api/v1/templates/:id/fieldsGet Template Fields
Returns all dynamic fields (parameters) defined in a template. Use this to discover what parameter names to pass when generating images or PDFs.
:idtext or image. Use the title value as the key when passing template parameters. {
"template_id": "123e4567-...",
"template_name": "LinkedIn Banner",
"fields": [
{
"title": "full_name",
"type": "text"
},
{
"title": "profile_photo",
"type": "image"
}
]
}/api/v1/keys/validateValidate API Key
Check whether an API key is valid and retrieve its metadata. Useful for onboarding flows or integration setup wizards.
keyX-API-Key header.{
"valid": true,
"message": "API key is valid",
"key_info": {
"id": "key-uuid",
"prefix": "son_key_abc",
"label": "Production Key",
"created_at": "2025-01-01T00:00:00Z",
"last_used_at": "2025-04-15T10:30:00Z",
"owner": {
"id": "user-uuid",
"name": "Jane Doe",
"email": "jane@example.com"
}
}
}/api/v1/render/asyncAsync Render + Webhook
Submit a render job and have the result delivered to a URL you control. Accepts any normal /image, /pdf, or bulk body, plus a webhook_url. The response returns a job_id you can use to poll GET /api/v1/render/jobs/:id. When the render finishes, we POST the result to your webhook_url, signed so you can verify it came from us.
templateIdwebhook_urlformatimage (default) or pdf.records{
"job_id": "job-uuid",
"status": "completed"
}{
"job_id": "job-uuid",
"status": "completed",
"files": [{ "url": "https://.../0.png" }]
}Verifying Webhook Signatures
Every webhook delivery (and every webhook render destination) includes an X-Webhook-Signature header: an HMAC-SHA256 of the raw request body, hex-encoded, keyed with your API key’s webhook signing secret. Find that secret on your API keys page — it’s shown next to each key. Recompute the HMAC on your end and compare; if it matches, the request genuinely came from us. The secret is never sent in the request, so guard it like a password.
import { createHmac } from 'node:crypto'
// rawBody = the exact bytes you received (do NOT re-stringify a parsed object)
function isValid(rawBody, signatureHeader, secret) {
const expected = createHmac('sha256', secret).update(rawBody).digest('hex')
return expected === signatureHeader.trim().toLowerCase()
}Error Handling
All errors return standard HTTP status codes with a JSON body describing the failure.
{
"statusCode": 400,
"statusMessage": "Bad Request",
"message": "Validation failed: width: Width must be between 1 and 4096"
}Rate Limits
Limits are enforced per subscription plan. Exceeding them returns a 429 response.
Response Headers
Monitor these headers to track consumption and avoid hitting limits.
X-RateLimit-LimitYour total request quota for the current periodX-RateLimit-RemainingRequests remaining before the limit is hitX-RateLimit-ResetISO 8601 timestamp when the quota resetsUpgrade your plan in account settings to increase limits.
HTTP/1.1 200 OK
Content-Type: image/png
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 987
X-RateLimit-Reset: 2026-04-17T00:00:00ZHTTP/1.1 429 Too Many Requests
Content-Type: application/json
{
"statusCode": 429,
"statusMessage": "Rate Limit Exceeded",
"message": "You have exceeded your API usage limits."
}Response Formats
Generation endpoints return binary files by default. Pass format=json or set Accept: application/json to switch to base64 JSON, useful for platforms that don't support binary responses (Zapier, Make, etc.).
--output file.png in cURL or read the response as a Blob in JavaScript.{ success, format, size, data, width, height } where data is base64-encoded. Ideal for no-code platforms.Ready to build?
Generate your API key and start creating images and PDFs in minutes.
