Getting Started
This guide walks you through your first Creatorlayer integration. By the end you will have initiated a creator verification, understood the consent flow, received a Risk Tape, and set up a webhook.
If you are building in Node.js, the official SDK handles auth, retries, and webhook signature verification for you — skip the raw curl examples below.
1. Get an API key
Contact hello@creatorlayer.eu to request API access. You will receive:
- A
BearerAPI key scoped to your lender account - Access to the sandbox environment at
https://api-sandbox.creatorlayer.eu - A copy of the DPA template to execute before going live
All examples below target the sandbox — replace api-sandbox.creatorlayer.eu with api.creatorlayer.eu when you go live.
2. Create a verification
A verification request tells Creatorlayer which creator to verify and which platforms to pull income data from.
curl -X POST https://api-sandbox.creatorlayer.eu/api/v1/verifications \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"obligor_reference": "creator-abc-123",
"creator_platforms": ["youtube", "stripe"],
"lender_name": "Acme Finance",
"product_type": "rbf"
}'
Response:
{
"verification_id": "vrf_01JXXXXXXXXXXXXXXXXXXXXXXX",
"status": "pending_consent",
"consent_url": "https://consent.creatorlayer.eu/c/tok_xxxxxxx",
"expires_at": "2026-03-26T12:00:00Z"
}
| Field | Meaning |
|---|---|
verification_id | Unique ID — store this to poll for status and retrieve the Risk Tape |
consent_url | Send this URL to your creator so they can connect their platforms |
expires_at | Consent session expires after 7 days |
3. Consent flow (what the creator sees)
After you send the consent_url to the creator:
- The creator clicks the link and lands on the Creatorlayer consent page.
- They connect their YouTube and/or Stripe accounts via OAuth — no credentials are shared with you.
- Creatorlayer fetches income data (read-only scopes) and computes the Risk Tape.
- Your webhook receives a
verification.completedevent (see step 5).
The creator session is valid for 7 days. After that the consent URL expires and a new verification must be created.
4. Poll for status
While waiting for the creator to complete consent, you can poll the verification status:
curl https://api-sandbox.creatorlayer.eu/api/v1/verifications/vrf_01JXXXXXXXXXXXXXXXXXXXXXXX \
-H "Authorization: Bearer YOUR_API_KEY"
Possible status values:
| Status | Meaning |
|---|---|
pending_consent | Creator has not yet completed the consent flow |
processing | Creator consented; income data is being fetched and analysed |
completed | Risk Tape is ready — retrieve it now |
failed | An error occurred during data collection |
expired | Consent session expired without the creator completing it |
5. Retrieve the Risk Tape
Once status is completed, fetch the full Risk Tape:
curl https://api-sandbox.creatorlayer.eu/api/v1/verifications/vrf_01JXXXXXXXXXXXXXXXXXXXXXXX/tape \
-H "Authorization: Bearer YOUR_API_KEY"
Abbreviated response:
{
"schema_version": "1.0.0",
"verification_id": "vrf_01JXXXXXXXXXXXXXXXXXXXXXXX",
"obligor_reference": "creator-abc-123",
"tape_generated_at": "2026-03-19T14:32:00Z",
"eligibility": {
"tier": "prime",
"eligible": true,
"max_advance_eur": 15000,
"flags": []
},
"metrics": {
"monthly_revenue_avg_eur": 3200,
"revenue_volatility_cv": 0.18,
"platform_hhi": 0.52,
"trend_3m": "stable"
},
"data_quality": {
"score": 87,
"tier_a_fields_complete": 23,
"nd_codes": []
},
"platforms": ["youtube", "stripe"]
}
See the Schema Reference for all fields and the Eligibility guide for tier logic.
6. Set up webhooks
Instead of polling, configure a webhook endpoint to receive events the moment a verification completes.
Register your endpoint
curl -X POST https://api-sandbox.creatorlayer.eu/api/v1/webhooks \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"url": "https://your-app.example.com/webhooks/creatorlayer",
"events": ["verification.completed", "verification.failed"]
}'
Verify the signature
Every webhook request includes an X-Creatorlayer-Signature header — a HMAC-SHA256 of the raw request body signed with your webhook secret. Always verify this before processing.
import hmac, hashlib
def verify_webhook(body: bytes, signature: str, secret: str) -> bool:
expected = hmac.new(
secret.encode(),
body,
hashlib.sha256
).hexdigest()
return hmac.compare_digest(expected, signature)
Example event payload
{
"event": "verification.completed",
"verification_id": "vrf_01JXXXXXXXXXXXXXXXXXXXXXXX",
"obligor_reference": "creator-abc-123",
"occurred_at": "2026-03-19T14:32:00Z"
}
Fetch the full tape using the verification_id after receiving this event.
7. Next steps
| Topic | Link |
|---|---|
| Full field reference | Schema Reference |
| How metrics are computed | Metrics |
| Tier rules and advance limits | Eligibility |
| Data quality scoring | Data Quality |
| Complete API reference | API Reference |
| Authentication and roles | Authentication |
| Webhook events and delivery | Webhooks |
| Go-live readiness | Integration Checklist |
| GDPR and data processing | DPA |
Sandbox: https://api-sandbox.creatorlayer.eu — use any obligor_reference starting with test- to trigger synthetic responses without real platform connections.
Questions? Email hello@creatorlayer.eu.