Embedding a CMS inside your SaaS: what you actually need
If your product needs to give each customer their own content workspace, you need more than a headless CMS. You need tenant isolation, a licensing model that allows redistribution, and a setup that won't collapse under scale.
Priya M.
Engineering
Building a SaaS product often means eventually realising your customers need their own content layer. A church management platform needs each church to manage its own website copy. A franchise tool needs each location to manage their own menu. A booking platform needs each vendor to manage their own service descriptions.
The naive approach is to spin up a separate CMS instance per customer. That works until it doesn't — at 50 customers you have 50 deployments to maintain, 50 databases to back up, 50 sets of credentials to manage.
What tenant isolation actually means
The right architecture keeps everything in one deployment but isolates data at the database level. Each customer gets their own schema — a separate namespace in Postgres — so a query from Customer A can never accidentally touch Customer B's data.
Dyrected handles this with a query interceptor that sits between your application code and the database. Every query is automatically scoped to the current tenant's schema. You write normal queries; isolation is enforced transparently.
The licensing question
Most open-source CMSes have licenses that prohibit you from redistributing the CMS as part of your own product. If you embed it in your SaaS and charge customers for access to it, you're in violation.
Dyrected uses the Business Source License, which explicitly allows embedding for internal use. For commercial redistribution — charging your customers for access to a CMS you built on top of Dyrected — you need the Multi-Tenancy License. It's an annual agreement that grants those rights explicitly.
What to think about before building
Before embedding any CMS in your SaaS, answer these questions:
- Who controls the schema? Your customers, or you? If customers define their own field types, you need a much more complex system.
- How isolated does data need to be? Schema-level isolation in Postgres is sufficient for most cases. Row-level security adds another layer if needed.
- How do customers get provisioned? You need an automated provisioning flow — new customer signs up, workspace is created, schema is provisioned, admin user is created. This should take seconds, not a manual process.
Dyrected's provisioner handles all of this via `provisionWorkspaceSchema()`. Pair it with your existing onboarding flow and you're done.
Try Dyrected free
Self-host free or start a cloud trial. No credit card required.