Polotno SDK lets developers integrate their own authentication and user management systems, ensuring full control over access, permissions, and usage. The SDK itself doesn’t enforce login logic — it connects seamlessly to your existing identity infrastructure so you decide who can edit, render, or access specific features. Authentication covers both client-side embedding and backend rendering workflows. Whether you use OAuth, JWT, API keys, or a custom token flow, Polotno works with any framework or backend.
Key features
Bring your own auth
Integrate any authentication method — OAuth, SSO, JWT, session tokens, or API keys. The SDK simply consumes verified credentials from your app without handling user data directly.
Role-based permissions
Control access to editing, rendering, and asset libraries based on user roles or subscription tiers. You can gate premium templates, advanced exports, or brand-restricted assets.
Secure rendering and automation
When using the Cloud Render API, include your own server-validated tokens in each request. For self-hosted rendering, you can enforce any internal authorization logic before jobs are queued.
Token-based session flow
Each Polotno session can be initialized with your own authentication payload, ensuring users operate within their allowed scope — number of renders, storage access, or API limits.
Server-side verification
All API calls for rendering, uploads, or automation can route through your backend for validation. This prevents direct access to Polotno endpoints from untrusted clients.
Multi-tenant and white-label setups
Manage multiple organizations or customer environments with isolated tokens and configuration sets. Perfect for SaaS platforms embedding Polotno in client workspaces.
Self-hosted deployment
When you run Polotno SDK or rendering services on your own infrastructure, authentication and authorization remain fully under your control — no external dependencies, complete data privacy.
Example use cases
SaaS design platforms – Integrate Polotno into existing user accounts and billing systems.
Enterprise portals – Enforce SSO and internal directory permissions for internal editors.
Creative agencies – Restrict brand asset access per client workspace.
Automation tools – Validate API requests before running renders or template creation jobs.
White-label apps – Generate signed session tokens for each tenant instance.
Developer benefits
Works with any existing authentication provider or backend.
No vendor lock-in — you own all user and session data.
Secure cloud rendering through signed server-validated tokens.
Full compatibility with self-hosted setups.
Supports granular permission logic across users and teams.
FAQs
Does Polotno include built-in authentication?
No. You implement your own — Polotno only consumes tokens or session data from your system.
Can I restrict access to certain features or templates?
Yes. You can apply logic based on roles, plans, or tokens before initializing the editor.
How is authentication handled for rendering APIs?
All render requests can include your own server-signed headers or tokens for validation.
Can I use Polotno with SSO or OAuth providers?
Yes. Any authentication flow that results in a verified token can be passed to Polotno.
Is user data stored by Polotno?
No. Authentication, permissions, and user metadata remain entirely within your infrastructure.