Back to all articlesProduct Update

Introducing the Easy2257 Partner API: Add 2257 Compliance to Any Platform in a Day

Easy2257 Team
April 23, 2026
6 min read

The Problem Every Platform Developer Faces

If you build software for adult content — a creator platform, a clip site, a UGC marketplace — you know the compliance question comes up fast. Every performer who posts explicit content triggers 18 U.S.C. § 2257 obligations: government-issued ID on file, records cross-indexed to every piece of content, a Custodian of Records address on every page, 7-year retention enforced at the record level. That's before you get to Mastercard AN 5196, Visa VIRP, or the TAKE IT DOWN Act.

Building all of that yourself is a 6–12 month engineering project, plus ongoing maintenance, plus legal review. Most platforms either skip it (enormous liability) or bolt on a manual process that breaks under scale.

Today we're shipping a better option.

The Easy2257 Partner API

The Partner API lets your platform outsource the entire 2257 compliance stack to Easy2257 in a single integration. Here's the complete picture:

3 API calls + 1 redirect + 3 webhook handlers.

That's the surface area of a full compliance integration. Here's what each piece does:

Provisioning: POST /api/v1/solo-accounts

When a creator signs up on your platform, you call this endpoint with their email and your internal user ID. We create an Easy2257 account, return an onboardingUrl, and you redirect the creator there. They scan their government ID via Veriff, subscribe, and we send you a solo_account.verified webhook. At that point, the creator has an active Custodian of Records on file and you can enable uploads.

Idempotent — calling it twice with the same user ID returns the existing account. Safe to call on every login if you want to re-surface the onboarding URL for incomplete accounts.

Content Logging: POST /api/v1/solo-accounts/{id}/content

After a creator publishes explicit content, call this with the content URL, title, and media type. We create a cross-reference entry linking the content to the creator's identity record. This is the per-depiction audit trail required by 28 CFR 75.2 — the index the DOJ would pull in an inspection.

Include a SHA-256 hash of the file and we'll store that too (28 CFR 75.2(f) integrity requirement). Pass your internal content ID as externalContentId for idempotency — calling it twice for the same piece of content returns the existing record.

Status Polling: GET /api/v1/solo-accounts/{id}

Returns current account status plus a fresh onboardingUrl if onboarding is incomplete and the previous token expired. Use this to build a "complete your compliance setup" banner in your creator dashboard.

Three Webhooks

solo_account.created — fires immediately when the account is provisioned. Store the accountId against your user record.

solo_account.verified — fires when the creator completes ID verification and subscribes. Gate upload access on this event. Don't poll; don't guess; wait for the webhook.

solo_account.suspended — fires if we suspend the account (compliance issue, failed ID re-verification, subscription lapse). Revoke upload access immediately.

The Compliance Package

For platforms handling multi-performer productions or studios, the Verifications API handles more complex workflows: create a verification request for a list of performers, Easy2257 sends invites, each performer completes their own ID verification, and when everyone is verified you can download the full 2257 compliance package.

GET /api/v1/verifications/{id}/compliance returns:

  • Custodian statement — pre-formatted text ready to publish on the content page (*"Records required under 18 U.S.C. § 2257 are maintained by..."*). Display verbatim.
  • Per-performer records — legal name, DOB, ID verification status and method, signed documents
  • Compliance report URL — a stable canonical URL for this package, usable in audit responses

This is what you hand to a payment processor asking for compliance documentation. It's also what satisfies a DOJ inspection request.

What This Covers

A fully integrated platform satisfies:

  • 18 U.S.C. § 2257 and 28 CFR Part 75 — performer ID verification, cross-reference index, 7-year retention, COR designation, inspection readiness
  • Mastercard AN 5196 and Visa VIRP — model release requirement (signed during onboarding), depicted-person removal portal (live at easy2257.com/report/removal), monthly acquirer compliance reports (auto-generated on the 2nd of each month)
  • TAKE IT DOWN Act (2025) — 48-hour NCII takedown SLA with automatic NCMEC escalation for CSAM
  • State-level age verification — defensible audit trail for state AG inquiries

You get all of this by shipping one API integration. We maintain it, respond to inspections, and generate the monthly reports.

Full Documentation Live at docs.easy2257.com

We've published a full developer reference at [docs.easy2257.com](https://docs.easy2257.com). It includes:

  • [Quickstart guide](https://docs.easy2257.com/docs/quickstart) — working integration in 5 steps with TypeScript code
  • [Interactive API reference](https://docs.easy2257.com/docs/api) — try every endpoint from the browser, generated from the live OpenAPI spec
  • [Platform integration guide](https://docs.easy2257.com/docs/guides/platform-integration) — full reference implementation with error handling, webhook verification, and the compliance display pattern
  • [Webhook signatures](https://docs.easy2257.com/docs/webhooks/signatures) — verification examples in TypeScript, Express, C#, Python (Flask + FastAPI), and PHP (Laravel + plain)
  • [Why 2257 compliance matters](https://docs.easy2257.com/docs/compliance/why-compliance-matters) — if you need to explain the compliance requirement to your legal team or co-founder

Getting API Access

The Partner API is available to approved partners. To apply:

  1. Go to [easy2257.com/profile/partner/apply](/profile/partner/apply)
  2. Describe your platform and expected integration use case
  3. We'll review and issue sandbox keys (ez_test_ prefix) within 2 business days
  4. Build against sandbox — Veriff auto-approves after 10 seconds, Stripe uses test mode
  5. Request production keys when you're ready to go live

Questions before applying? Email api@easy2257.com. We're happy to scope the integration with you before you write a line of code.

The Bigger Picture

Compliance infrastructure is table stakes for any platform that accepts payments for explicit content. Visa and Mastercard have made it explicit — documented compliance isn't optional, and the monthly reporting burden is real. The platforms that build compliance in from day one have a defensible posture with processors, with acquirers, and with their legal team.

The ones that don't eventually have a very bad day.

The Partner API exists so "building compliance in from day one" takes one sprint, not one quarter.

[Start with the docs →](https://docs.easy2257.com)

This article is for informational purposes only and does not constitute legal advice.

Ready to Get Compliant?

Start managing your 2257 records today. COR service included with every plan.

Get StartedView Pricing