Send NCMEC Report via Callback URL
This feature allows NCMEC report information to be sent in the NCMEC callback instead of being sent directly to NCMEC. This allows you to have complete control over the report being sent to NCMEC, while still being able to use the Moderation Dashboard’s review feed features / NCMEC report data collection. This setting can be enabled under the Thorn/NCMEC applications setting tab, under the checkbox Send NCMEC Report via Callback URL.
NoteThis feature requires the NCMEC callback url to be defined.
Callback Format
The previous callback format had the following structure:
interface NcmecCallbackPayload {
report_id: string;
post_id: string;
user_id: string;
image_url: string;
moderator_email: string;
}With this setting enabled, the callback structure will look as follows:
interface NcmecCallbackPayload {
report_id?: string;
post_id: string;
user_id: string;
image_url: string;
moderator_email: string;
report_data?: ReportDataType;
}The report_id will only be available if the report was sent to NCMEC, and the report_data will only be available if the Send NCMEC Report via Callback URL setting is enabled, and will contain all the data that would have been included in the NCMEC report.
Report Data Format
The type for report_data is attached below. This format follows the same structure as in the NCMEC API docs.
interface ReportDataType {
incidentSummary: {
incidentType: NcmecIncidentType,
ncmecEscalationReason?: string,
incidentDateTime: string,
},
internetDetails: {
webPageIncident?: {
additionalInfo: string
},
peer2peerIncident?: {
ipCaptureEvent: IpCaptureEvent[]
}
}[],
reporter: {
reportingPerson: {
firstName: string,
lastName: string,
email: string,
dateOfBirth?: string
},
contactPerson?: {
firstName?: string,
lastName?: string,
phone?: string,
email?: string,
address? : {
address?: string,
city?: string,
zipCode?: string,
state?: string,
nonUsaState?: string,
country?: string
},
},
companyTemplate?: string,
termsOfService?: string,
legalURL?: string,
},
personOrUserReported : {
personOrUserReportedPerson? : {
firstName? : string,
lastName? : string,
phone? : string,
email? : string,
address? : {
country? : string,
},
age? : number,
dateOfBirth? : string,
},
espIdentifier : string,
screenName? : string,
ipCaptureEvent? : IpCaptureEvent[],
associatedAccount? : AssociatedAccount[],
},
intendedRecipient? : {
intendedRecipientPerson? : {
dateOfBirth? : string,
},
screenName? : string,
ipCaptureEvent? : IpCaptureEvent[],
},
victim? : {
victimPerson : {
dateOfBirth? : string,
},
screenName? : string,
ipCaptureEvent? : IpCaptureEvent[],
},
viewed_by_esp?: boolean,
is_generative_ai? : boolean,
}All of these fields except viewed_by_esp and is_generative_ai are those used in NCMEC’s /submit route. viewed_by_esp and is_generative_ai are fields used in the /fileinfo route. The definitions for supplemental types are defined as follows:
interface IpCaptureEvent {
ipAddress: string;
eventName?: NcmecIpEventName;
dateTime?: string; // ISO 8601 format
}
interface AssociatedAccountType {
accountType? : string,
platform? : string,
thirdPartyUser? : string,
firstName? : string,
lastName? : string,
dateOfBirth? : string,
email? : string,
phone? : string,
espIdentifier? : string,
profileUrl? : string,
screenName? : string
}
enum NcmecIncidentType {
CHILD_PORNOGRAPHY = 'Child Pornography (possession, manufacture, and distribution)',
CHILD_SEX_TRAFFICKING = 'Child Sex Trafficking',
CHILD_SEX_TOURISM = 'Child Sex Tourism',
CHILD_SEXUAL_MOLESTATION = 'Child Sexual Molestation',
MISLEADING_DOMAIN_NAME = 'Misleading Domain Name',
MISLEADING_WORDS_IMAGES = 'Misleading Words or Digital Images on the Internet',
ONLINE_ENTICEMENT = 'Online Enticement of Children for Sexual Acts',
UNSOLICITED_MATERIAL = 'Unsolicited Obscene Material Sent to a Child',
}
enum NcmecIpEventName {
LOGIN = 'Login',
REGISTRATION = 'Registration',
PURCHASE = 'Purchase',
UPLOAD = 'Upload',
OTHER = 'Other',
UNKNOWN = 'Unknown',
}Updated about 2 hours ago