A fully typed async client for the NCMEC CyberTipline Reporting API
Project description
ncmec-cybertip
A fully typed, async Python client for the NCMEC CyberTipline Reporting API
(ispws), built on httpx and
pydantic-xml.
The CyberTipline API lets Electronic Service Providers (ESPs) submit reports of apparent child sexual exploitation to the National Center for Missing & Exploited Children (NCMEC) programmatically, instead of via the web form. This library wraps all seven endpoints and models the full XML report / file-details schema as type-checked Python objects.
The XML documents produced by this library are built from the published technical documentation. NCMEC recommends validating submissions against the authoritative XSD (
GET /xsd) — see Validation.
Features
- Async client (
httpx.AsyncClient) covering all endpoints:status,xsd,submit,upload,fileinfo,finish,retract. - Fully typed report and file-details models (
pydantic-xml), with field validation (lengths, ranges, patterns, enums) mirroring the schema. - Presence flags (
<sextortion/>,<viral/>, …) modeled as plain booleans. - Structured errors: non-zero response codes raise
ApiErrorcarrying the code, description, report ID, andRequest-IDheader. - Ships with
py.typed; 100% test coverage;ruff+tyclean.
Installation
uv add ncmec-cybertip
# or
pip install ncmec-cybertip
Requires Python 3.13+.
Quick start
import asyncio
from datetime import datetime, timezone
from ncmec_cybertip import (
CyberTiplineClient,
Details,
Email,
EventName,
FileAnnotations,
FileDetails,
FileRelevance,
IncidentSummary,
IncidentType,
InternetDetails,
IpCaptureEvent,
NameValuePair,
OriginalFileHash,
Person,
Report,
Reporter,
TESTING_URL,
WebPageIncident,
file_hashes,
)
async def main() -> None:
report = Report(
incident_summary=IncidentSummary(
incident_type=IncidentType.CHILD_PORNOGRAPHY,
incident_date_time=datetime(2012, 10, 15, 8, tzinfo=timezone.utc),
),
internet_details=[
InternetDetails(
web_page_incident=WebPageIncident(url=["http://badsite.example/x"])
)
],
reporter=Reporter(
reporting_person=Person(
first_name="John",
last_name="Smith",
email=[Email(value="jsmith@example.com")],
)
),
)
async with CyberTiplineClient(
username="usr123",
password="pswd123",
base_url=TESTING_URL, # omit for production
) as client:
await client.status() # verify connectivity + auth
opened = await client.submit(report) # 1. open the report
report_id = opened.report_id
uploaded = await client.upload(report_id, "evidence.jpg") # 2. add a file
file_id = uploaded.file_id
# 3. optional: attach details/metadata for the uploaded file
details = FileDetails(
report_id=report_id,
file_id=file_id,
original_file_name="evidence.jpg",
file_relevance=FileRelevance.REPORTED,
file_viewed_by_esp=True,
exif_viewed_by_esp=True,
file_annotations=FileAnnotations(viral=True, generative_ai=True),
# Compute MD5 + SHA1 + SHA256 from the file with the standard library,
# or hand-build OriginalFileHash(value=..., hash_type=...) yourself.
original_file_hash=file_hashes("evidence.jpg"),
ip_capture_event=IpCaptureEvent(
ip_address="63.116.246.17",
event_name=EventName.UPLOAD,
date_time=datetime(2011, 10, 31, 12, tzinfo=timezone.utc),
port=443,
),
details=[
Details(
name_value_pair=[
NameValuePair(name="Make", value="Canon"),
NameValuePair(name="Model", value="EOS 5D"),
]
)
],
additional_info=["File was originally posted with 6 others"],
)
await client.file_info(details)
done = await client.finish(report_id) # 4. finish (files it!)
print("Filed report", done.report_id, "with files", done.file_ids)
asyncio.run(main())
The report lifecycle
submit(report)— opens a report, returns the assignedreport_id.upload(report_id, file)— optional, repeatable; returns afile_id+ MD5.file_info(file_details)— optional per file; adds metadata/annotations.finish(report_id)— files the report with NCMEC (irreversible).retract(report_id)— cancels an unfinished report.
An unfinished report is automatically deleted by NCMEC 24 hours after it is opened, or 1 hour after the last modification, whichever is later.
Authentication
GET/POST over HTTPS with HTTP Basic auth. Credentials are issued by NCMEC and
differ between the testing (https://exttest.cybertip.org/ispws) and
production (https://report.cybertip.org/ispws) environments — exposed as
TESTING_URL and PRODUCTION_URL. base_url defaults to production.
Error handling
from ncmec_cybertip import ApiError, ResponseCode
try:
await client.submit(report)
except ApiError as err:
print(err.response_code) # e.g. ResponseCode.VALIDATION_FAILED (4100)
print(err.description) # server-provided description
print(err.request_id) # Request-ID header — include when contacting NCMEC
Documented response codes are available as ResponseCode constants (the list is
non-exhaustive, so unknown codes still round-trip).
Uploading files
upload() accepts a path, raw bytes, or an open binary file object:
await client.upload(report_id, "photo.jpg") # path
await client.upload(report_id, raw_bytes, filename="x") # bytes
with open("photo.jpg", "rb") as fh:
await client.upload(report_id, fh, filename="photo.jpg")
File hashes
Original file hashes for FileDetails can be computed from the standard library
(hashlib) or built by hand. file_hashes() accepts a path, bytes, or a
binary file object and returns OriginalFileHash entries; it defaults to
MD5 + SHA1 + SHA256:
from ncmec_cybertip import OriginalFileHash, file_hashes
details.original_file_hash = file_hashes("evidence.jpg") # md5, sha1, sha256
details.original_file_hash = file_hashes(raw_bytes, algorithms=["sha256"])
# Single algorithm, or supply a precomputed digest yourself:
OriginalFileHash.compute(raw_bytes, "sha1")
OriginalFileHash(value="fafa5efeaf3cbe3b23b2748d13e629a1", hash_type="MD5")
The hashType label is the conventional upper-case form (MD5/SHA1/SHA256)
for known algorithms; any other hashlib name is upper-cased.
Industry classification
Files may optionally carry an ESP-designated IndustryClassification
(A1/A2/B1/B2), where the letter is the apparent age of the minor
(A = prepubescent, B = pubescent) and the digit is the content rank
(1 = sex act, 2 = lascivious exhibition):
from ncmec_cybertip import FileDetails, FileRelevance, IndustryClassification
details = FileDetails(
report_id=report_id,
file_id=file_id,
file_relevance=FileRelevance.REPORTED,
industry_classification=IndustryClassification.A1,
)
Per the schema, only Reported content may be classified: setting an
industry_classification (or a potential_meme annotation) on a
Supplemental Reported file raises ValidationError locally, before it would
be rejected by NCMEC at /finish.
Bring your own httpx client
Pass an existing httpx.AsyncClient (for custom transports, proxies, retries).
When you do, the library will not close it for you:
async with httpx.AsyncClient(...) as http:
client = CyberTiplineClient(username="u", password="p", client=http)
...
Validation
Model construction enforces the documented field rules (max lengths, numeric ranges, regex patterns, enum membership). For authoritative structural validation, fetch and validate against the live schema:
xsd = await client.get_xsd()
Development
uv sync
uv run ruff format .
uv run ruff check .
uv run ty check
uv run pytest --cov --cov-fail-under=100
Integration tests
Live tests are marked integration and skip unless credentials are provided
via environment variables. They are never run by default.
# Full submit -> retract cycle against the NCMEC TEST environment (exttest).
# Never calls finish(), so nothing is filed.
NCMEC_TEST_USER=... NCMEC_TEST_PASS=... uv run pytest -m integration
# Read-only auth smoke test against PRODUCTION /status (no report is submitted).
NCMEC_PROD_USER=... NCMEC_PROD_PASS=... uv run pytest -m integration \
tests/test_integration.py::test_status_live_prod
Releasing
Releases are automated via GitHub Actions + PyPI Trusted Publishing (OIDC — no API tokens). To cut a release:
-
Bump
versioninpyproject.toml(e.g.0.1.0->0.1.1). At the first stable release, also change theDevelopment Statusclassifier from4 - Betato5 - Production/Stable. -
Commit, then push a matching tag:
git tag v0.1.1 git push origin v0.1.1
The Release workflow then builds the sdist + wheel, verifies the tag matches
the package version, publishes to PyPI, and creates a GitHub Release with
generated notes and the built artifacts attached. A mismatch between the tag and
pyproject.toml version fails the build before anything is published.
Disclaimer
This is an unofficial client and is not affiliated with or endorsed by NCMEC. Reporting obligations and the meaning of each field are governed by NCMEC's documentation and applicable law (e.g. 18 U.S.C. § 2258A). Always validate against the official XSD before submitting in production.
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ncmec_cybertip-0.1.1.tar.gz.
File metadata
- Download URL: ncmec_cybertip-0.1.1.tar.gz
- Upload date:
- Size: 42.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
69081c827dac648ebe1800e67ba1f8832e8181434babe1ba4791793892d03dad
|
|
| MD5 |
8757d4893dbce1b393369773afea6517
|
|
| BLAKE2b-256 |
4208f1f1d0319624730ed2d4323253e48194943bb10b27573647bfd3c7a35cd1
|
Provenance
The following attestation bundles were made for ncmec_cybertip-0.1.1.tar.gz:
Publisher:
publish.yml on Nachtalb/ncmec-cybertip
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ncmec_cybertip-0.1.1.tar.gz -
Subject digest:
69081c827dac648ebe1800e67ba1f8832e8181434babe1ba4791793892d03dad - Sigstore transparency entry: 2194155836
- Sigstore integration time:
-
Permalink:
Nachtalb/ncmec-cybertip@ab2112756219b2d3a028c36143278fbaea25903a -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/Nachtalb
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ab2112756219b2d3a028c36143278fbaea25903a -
Trigger Event:
push
-
Statement type:
File details
Details for the file ncmec_cybertip-0.1.1-py3-none-any.whl.
File metadata
- Download URL: ncmec_cybertip-0.1.1-py3-none-any.whl
- Upload date:
- Size: 20.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
868736e9834f21811d3fc277fd5c60a98ad89bb145c20c968788a45f5b706c70
|
|
| MD5 |
3f6632d9f644cc003bfad8ff1a81980a
|
|
| BLAKE2b-256 |
84f7aa82b0bd7f65d9bd7b09b45a810d33076aca85708f5ce707225deb95a4ab
|
Provenance
The following attestation bundles were made for ncmec_cybertip-0.1.1-py3-none-any.whl:
Publisher:
publish.yml on Nachtalb/ncmec-cybertip
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ncmec_cybertip-0.1.1-py3-none-any.whl -
Subject digest:
868736e9834f21811d3fc277fd5c60a98ad89bb145c20c968788a45f5b706c70 - Sigstore transparency entry: 2194155840
- Sigstore integration time:
-
Permalink:
Nachtalb/ncmec-cybertip@ab2112756219b2d3a028c36143278fbaea25903a -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/Nachtalb
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ab2112756219b2d3a028c36143278fbaea25903a -
Trigger Event:
push
-
Statement type: