Run a platform? Your creators can have proof on every upload.
ModelDirectory is an independent registry for 3D model provenance. We don't sell printers, we don't host a marketplace, and we don't compete for your uploads. What we do is one narrow thing well: prove that a specific file was published at a specific time, in a way anyone can check without trusting us or you.
Why platforms plug this in
- Creators stay where they feel protected. "Every upload gets independent, timestamped proof of authorship, free" is a reason to publish with you first, because publishing with you first becomes provable.
- When a paid file leaks, a screenshot is not evidence. A timestamped record anchored on Polygon and Bitcoin is. Your designers get real takedown ammunition.
- Zero build cost. We run the registry, the anchoring and the verify pages. You send one POST at publish time and show a badge. That's the whole integration.
- Independence is the point. A platform attesting "our creator was first" stops at its own walls. Proof means something when the referee doesn't play for either team and sees the whole field. We index five platforms and play for none of them.
The 60-second integration
At publish time, server side, any stack:
curl -X POST https://modeldirectory.org/api/partner/stamps \
-H "Authorization: Bearer md_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"sha256": "a3f1c2... 64 hex chars ...",
"name": "Cable Clip v2",
"creator": "janedoe",
"source_url": "https://your-platform.com/model/12345",
"license": "CC-BY-4.0",
"published_at": "2026-07-02T10:15:00Z"
}'
On the model page:
<a href="https://modeldirectory.org/verify.html?hash=a3f1c2...">
<img src="https://modeldirectory.org/api/badge/a3f1c2....svg"
alt="Origin verified by ModelDirectory" height="28" loading="lazy">
</a>
That's it. The badge starts as "Registered" and flips to "Origin verified" on its own once the Polygon transaction and the Bitcoin timestamp confirm. No second call, no polling.
Design decisions you'll appreciate
- We never ask for the file. You send the SHA-256, computed on your servers. No IP transfer, no bandwidth, no privacy question. The registry is proof about a hash, and that is all it needs.
- Idempotent everything. POST the same hash twice and you get the same record back with a 200. Retries are always safe. You never track "did I already register this".
- One secret. Authorization: Bearer md_live_... over HTTPS. No OAuth, no SDK, no signing on your side. Ten lines in any language.
- Test keys are free and instant. An md_test_ key runs the same API end to end, marked as test, without touching a chain. Wire up your publish flow before you commit to anything.
- Backfill is just a loop. The same endpoint takes your historical catalog at 120 requests a minute. No special import path.
- No cookies, no tracking on the badge. It's a cached SVG. Your visitors are your business.
Errors, exhaustively
| Code | Meaning |
|---|---|
| 400 | Bad input, the hint field says what to fix |
| 401 | Missing, malformed or revoked key |
| 403 | source_url not on your registered domain |
| 429 | Over 120 writes/min, batch your backfill or ask us to raise it |
| 500 | Us. Retrying is safe, everything is idempotent. |
Every error body is the same shape: { "error": "...", "hint": "..." }.
Webhooks, if you want them
Two events, HMAC-signed (X-MD-Signature: sha256=... over the raw body, with the secret you get at onboarding):
- stamp.anchored: a hash you registered is now confirmed on-chain.
- first_aired.elsewhere: a file first published on your platform has appeared somewhere else. Your support team decides what to do with that; we just hand you the record.
Delivery: POST, 10 second timeout, retries at 1m, 10m, 1h, 6h, 24h.
Checking our homework
You don't have to take any of this on faith. The registry contract is public at 0x687F...EB65, the verification method is documented on the provenance page, and there's an open-source verifier your engineers can read in a coffee break and run against any Polygon node they trust.
Getting a key
Onboarding is a short conversation, not a signup form, because we register your domain with the key and set up webhook secrets by hand. Write to [email protected] with the platform name and a technical contact. A pilot with a handful of volunteer creators is a fine way to start; that costs you nothing and needs no integration at all.