> ## Documentation Index
> Fetch the complete documentation index at: https://docs.craftkit.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Copy a template across projects

> Duplicate a template — its published layout/design, variable manifest, and
everything needed to derive its jsonSchema — from a SOURCE project into
THIS (target) project, published as version 1. Both the source and target
project must be owned by the authenticated account. `contentJson`,
`compiledHtml`, `variablesManifest`, and `pageConfig` are carried over
verbatim, so the copy renders byte-for-byte identically to the source.

Idempotent: if the target project already has a non-deleted template at
the resolved slug, that template is returned as-is (`200`,
`alreadyExisted: true`) instead of erroring or creating a duplicate.




## OpenAPI

````yaml /openapi.yaml post /v1/projects/{id}/templates/copy
openapi: 3.1.0
info:
  title: Craftkit API
  version: 1.0.0
  description: |
    The Craftkit public REST API. Design templates with typed variables, render
    PDFs asynchronously, share and track them, and send them out for digital
    signature.

    ## Authentication

    Most endpoints authenticate with a **project API key** as a bearer token:

    ```
    Authorization: Bearer ck_live_xxxxxxxxxxxxxxxx
    ```

    Keys come in `ck_live_` (production) and `ck_test_` (test) flavours. The
    `/v1/projects*` endpoints are the one exception — they authenticate with a
    separate **account API key** (`ck_acct_…`) instead, scoped to every
    project the account owns rather than to a single project. The two
    credential types are strictly disjoint: a project key is rejected on
    `/v1/projects*` and an account key is rejected everywhere else. See
    [Authentication](/guides/authentication).

    Embed iframe surfaces use a short-lived **embed session JWT** instead, and
    the admin provisioning endpoint uses the deployment-wide
    `CRAFTKIT_ADMIN_KEY`. Inbound webhooks (`/v1/hooks/*`) are not
    bearer-authed — they are verified by an HMAC signature header.

    ## Idempotency

    `POST /v1/templates/{slug}/render` and `POST /v1/signatures` accept an
    `Idempotency-Key` request header. Retrying with the same key returns the
    original resource instead of creating (and, for signatures, billing) a
    duplicate.

    ## Errors

    Application errors use a shared envelope:

    ```json
    { "error": { "code": "invalid_request", "message": "...", "issues": { } } }
    ```

    A small number of admin/embed endpoints return a flatter shape
    (`{ "error": "invalid_credentials" }`); those are documented inline.
servers:
  - url: https://api.craftkit.dev
    description: Production
security:
  - bearerApiKey: []
tags:
  - name: Projects
    description: >-
      Account-scoped project management and per-project key minting. Every
      operation requires an account key (`ck_acct_…`) — a project key
      (`ck_live_…`) is rejected.
  - name: Templates
    description: Create, list, fetch, republish, delete templates and enqueue renders.
  - name: Renders
    description: Poll render status, download PDFs, manage shares, email, and engagement.
  - name: Signatures
    description: >-
      Send rendered PDFs out for digital signatures via the signature service
      and track status.
  - name: Webhooks
    description: >-
      Outgoing event webhooks Craftkit POSTs to your subscription URL (render.*,
      document.*, signature.*), and the inbound webhook receiver
      (HMAC-authenticated, not bearer-authed).
  - name: Embed
    description: Embed session minting, catalogs, builder templates, form submission.
  - name: Admin
    description: Org provisioning (deployment admin key only).
  - name: System
    description: Health and status.
paths:
  /v1/projects/{id}/templates/copy:
    post:
      tags:
        - Projects
      summary: Copy a template across projects
      description: >
        Duplicate a template — its published layout/design, variable manifest,
        and

        everything needed to derive its jsonSchema — from a SOURCE project into

        THIS (target) project, published as version 1. Both the source and
        target

        project must be owned by the authenticated account. `contentJson`,

        `compiledHtml`, `variablesManifest`, and `pageConfig` are carried over

        verbatim, so the copy renders byte-for-byte identically to the source.


        Idempotent: if the target project already has a non-deleted template at

        the resolved slug, that template is returned as-is (`200`,

        `alreadyExisted: true`) instead of erroring or creating a duplicate.
      operationId: copyTemplate
      parameters:
        - $ref: '#/components/parameters/ProjectId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                sourceProjectId:
                  type: string
                  format: uuid
                  description: >-
                    UUID of the source project. Provide this or
                    sourceProjectSlug.
                sourceProjectSlug:
                  type: string
                  description: >-
                    Slug of the source project, scoped to the authenticated
                    account.
                sourceTemplateId:
                  type: string
                  format: uuid
                  description: >-
                    UUID of the template to copy, scoped to the source project.
                    Provide this or sourceTemplateSlug.
                sourceTemplateSlug:
                  type: string
                  description: Slug of the template to copy, scoped to the source project.
                name:
                  type: string
                  minLength: 1
                  maxLength: 120
                  description: >-
                    Display name for the copy. Omit to keep the source
                    template's name and slug unchanged; when provided, the
                    target slug is derived from it instead.
            example:
              sourceProjectSlug: template-library
              sourceTemplateSlug: e-charterparty
              name: E-Charterparty (Acme)
      responses:
        '200':
          description: >-
            Idempotent replay — the target project already had a template at the
            resolved slug.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CopyTemplateResult'
        '201':
          description: A new template was created from the source.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CopyTemplateResult'
              example:
                id: 3f9b6c2e-1a2b-4c3d-9e8f-7a6b5c4d3e2f
                projectId: 8f2a1c3e-4b5d-4e6f-9a1b-2c3d4e5f6a7b
                slug: e-charterparty-acme
                name: E-Charterparty (Acme)
                currentVersionNumber: 1
                sourceProjectId: 1d2e3f4a-5b6c-7d8e-9f0a-1b2c3d4e5f6a
                sourceTemplateId: 9e8f7a6b-5c4d-3e2f-1a2b-3f9b6c2e1a2b
                sourceVersionNumber: 6
                alreadyExisted: false
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          description: >-
            Either the TARGET project (path `id`) or the SOURCE project/template
            was not found/owned by this account — see `error.code` to
            distinguish (`not_found`, `source_project_not_found`,
            `source_template_not_found`).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
              example:
                error:
                  code: source_template_not_found
                  message: No template 'e-charterparty' in the source project.
        '409':
          description: >-
            The source template exists but has never been published — there is
            no design to copy.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
              example:
                error:
                  code: no_published_version
                  message: Source template has no published version to copy.
        '422':
          description: >-
            Neither sourceProjectId/sourceProjectSlug, or neither
            sourceTemplateId/sourceTemplateSlug, was provided; or name failed
            validation.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
              example:
                error:
                  code: invalid_request
                  message: sourceProjectId or sourceProjectSlug is required.
      security:
        - bearerAccountKey: []
components:
  parameters:
    ProjectId:
      name: id
      in: path
      required: true
      description: The project id.
      schema:
        type: string
        format: uuid
  schemas:
    CopyTemplateResult:
      type: object
      description: >-
        Response for POST /v1/projects/{id}/templates/copy. Identical shape for
        a freshly created copy (201) and an idempotent replay (200) — see
        `alreadyExisted`.
      required:
        - id
        - projectId
        - slug
        - name
        - currentVersionNumber
        - sourceProjectId
        - sourceTemplateId
        - sourceVersionNumber
        - alreadyExisted
      properties:
        id:
          type: string
          format: uuid
        projectId:
          type: string
          format: uuid
          description: The target project (echoes the path id).
        slug:
          type: string
        name:
          type: string
        currentVersionNumber:
          type: integer
          description: Always 1 for a freshly created copy.
        sourceProjectId:
          type: string
          format: uuid
        sourceTemplateId:
          type: string
          format: uuid
        sourceVersionNumber:
          type: integer
          description: The source's version number that was copied.
        alreadyExisted:
          type: boolean
          description: >-
            True when a pre-existing template at the target slug was returned
            instead of creating a duplicate.
    Error:
      type: object
      description: Shared application error envelope.
      required:
        - error
      properties:
        error:
          type: object
          required:
            - code
            - message
          properties:
            code:
              type: string
            message:
              type: string
            issues:
              description: Optional Zod flatten() / issues detail.
      example:
        error:
          code: invalid_request
          message: Request body did not match expected shape.
  responses:
    Unauthorized:
      description: Missing or invalid bearer token.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error:
              code: unauthorized
              message: Missing Bearer token.
  securitySchemes:
    bearerApiKey:
      type: http
      scheme: bearer
      description: >
        Project API key (`ck_live_…` or `ck_test_…`) presented as a bearer
        token.

        For embed partner endpoints this is the partner secret key, which is the

        same credential type.
    bearerAccountKey:
      type: http
      scheme: bearer
      description: |
        Account API key (`ck_acct_…`) presented as a bearer token. Distinct
        credential system from `bearerApiKey` — validated against a separate
        table, never against project keys or vice versa. Scoped to every
        project owned by the account; used **only** by the `/v1/projects*`
        endpoints below (each of which declares this scheme explicitly and
        does not inherit the document-level `bearerApiKey` default). Minted
        from the dashboard (**Account → API keys**) — there is no
        programmatic endpoint that issues an account key.

````