Technology

Secreto Mio Launches Content Network for Adult Studios

Secreto Mio introduces a Content Network where adult studios share video content via a standardized JSON manifest, retaining full control over ad revenue through ExoClick zone integration.

Secreto Mio Launches Content Network for Adult Studios

The Problem

Content sharing concept
Each studio maintains their own feed and controls their own revenue

Adult studios today face a frustrating reality: centralized platforms take massive revenue cuts, impose unpredictable content policies, and offer no real infrastructure for cross-site sharing. If you run an independent adult site, you're an island. Your content lives and dies on your domain alone, with no standardized way to share it with partner sites while keeping your ad revenue.

We set out to change that. Secreto Mio is launching a Content Network — an open standard that lets studios publish a JSON feed manifest on their own infrastructure. Any participating site can pull that feed and display the content, complete with the studio's own ad tags. Revenue flows directly to the studio. No middleman. No platform cuts on shared content.

At a higher level, you can think of it as the ultimate parasite killer. The user flow is conceptually the same as uploading your content to a massive tube platform, with one critical difference: it physically strips middlemen of the ability to dictate your revenue split. By locking the raw video segments behind a cryptographic token that only unlocks after your own ad tags have fired, the power dynamic is inverted. Tube sites are reduced back to what they should have been all along: discoverability engines. They still benefit from displaying thousands of high-quality clips to attract traffic to their domain, but they are mathematically forced to route 100% of the in-video ad revenue directly to the studio.

AVN covered the announcement, calling it a step toward meaningful studio independence in the adult industry.

FeatureTube Sites (Pornhub, XVideos, xHamster)Content Network
Ad RevenuePlatform keeps the majority, pays studios a fractionYou keep 100% — ads are embedded in your feed and travel with your content
Revenue RatePlatform-dictated CPM, no negotiationYour ad network, your CPM, your terms
Content OwnershipLives on their servers, removable without noticeYou host on your own infrastructure — nobody can touch it
Platform RiskOne ban or algorithm change wipes your income overnightNo single point of failure — feed lives on your own storage
Rules & ModerationSpam flags, rank penalties, quality flags throttling your reachNo arbitrary platform rules suppressing your content
DiscoveryAlgorithm favours big studios and platform-preferred channelsCross-studio discovery — audiences find you through other studios' sites organically
Traffic Diversity100% dependent on one platformDistributed across multiple independent sites naturally
PiracyContent ripped and rehosted with no compensation, endless DMCAGives pirates a legitimate sharing path — converts theft into compensated distribution
Infrastructure CostPlatform extracts revenue to cover costs they controlYou only pay for your own storage regardless of how many sites embed your feed
ReliabilityContent still goes down, gets corrupted, performs slowly — no tools given to studios to monitor itSame real-world risks exist, but health monitoring is built in from day one — availability, speed, broken links, and security threats scanned automatically, so you're always ahead of the problem
New Site LaunchRequires massive content budget and infrastructure investmentAny new site can launch with a full content library from day one by aggregating existing feeds
Long-Term IndependenceAlways one policy change away from losing everythingYour audience and revenue are yours — no platform can revoke them

The Problem with iFrame Embeds

A common question is: Why build a robust JSON feed API with token-gated streams instead of just letting people copy-paste <iframe> embeds like traditional tube sites?

While iframe embeds are straightforward to copy-paste, they come with massive compromises that make them unsuitable for a professional content ecosystem:

  1. Complete White-Labeling & UX Control: An iframe forces the origin's video player, branding, watermark, and custom controls onto the host's website. With our JSON feed, consumers get the underlying .m3u8 playlist. The video plays natively inside their player (⁠like Video.js or FluidPlayer⁠). The end-user never realizes the video is hosted externally, allowing partner sites to build a seamless, premium Netflix-like experience.
  2. Automated SEO & Headless Metadata: If a partner site embeds thousands of iframes, they must manually type out their metadata or build fragile DOM scrapers to steal it. With the JSON API, partners automatically ingest the title, duration, tags, and thumbnail directly into their database. The feed acts exactly like a Headless CMS.
  3. Performance & Page Speed: iFrames are incredibly heavy. Loading an iframe forces the browser to resolve a complete secondary HTML document, download disjointed CSS payloads, and execute redundant tracking scripts. Passing a raw stream to the host's native player keeps the consumer's web application lightning fast.
  4. Advanced Analytics & Event Tracking: When a video is trapped inside a cross-origin iframe, the host site has absolutely no idea if the user paused the video, skipped to the middle, or dropped off after 5 seconds. By binding the video natively to their own DOM, consumers can hook into precise analytics to measure player engagement.

In short: if you just want to share a clip on a forum, an iframe is fine. But we are building a true Content Network. By supplying independent sites with raw foundational data blocks, they can build massively performant video platforms on top of standard infrastructure, while the network mathematically guarantees you get paid for your native impressions.

How It Works

The system is built on three simple ideas:

  1. You host your own feed. A JSON file on your CDN or server, following a standardized schema.
  2. You register with the network. Visit secretomio.com/studios and submit your site. Your feed URL is stored, not your content.
  3. Consuming sites pull your feed and serve your ads. When another site displays your videos, they use your ExoClick zone IDs. You earn the ad revenue.

There's no central database of video metadata. No approval queue. No moderation gate. Each studio is the single source of truth for their own content. Secreto Mio stores only your registration record (⁠name, domain, feed URL, contact info⁠). This is truly an open network — like how Google indexes the web without hosting it.

The 1-Click Feed Generator

We understand that manually writing JSON files and maintaining CDNs is a massive technical barrier for studios and independent producers. To solve this, Secreto Mio provides an open-source, executable 1-Click Feed Generator tool for Windows, Mac, and Linux.

Simply download and run the tool, and an interactive terminal will guide you through creating, updating, or deleting your feed. It integrates directly with popular adult-friendly CDNs (⁠like Bunny.net⁠). If you don't have a CDN yet, the tool provides step-by-step instructions and affiliate links to get you set up in minutes. No coding required—just plug in your keys, and the tool builds the manifest for you.

The Feed Specification

The feed is a standard JSON document with three required top-level fields: version, producer, and items. Here's a minimal example:

{
  "version": "1.0",
  "producer": {
    "name": "My Studio",
    "website": "https://mystudio.com",
    "2257": "https://mystudio.com/legal/2257",
    "logo": "https://mystudio.com/logo.png"
  },
  "items": [
    {
      "id": "video-001",
      "title": "My First Video",
      "thumbnail": "https://cdn.mystudio.com/thumb-001.jpg",
      "video": {
        "hls": "https://cdn.mystudio.com/video-001/master.m3u8"
      },
      "duration": 420,
      "categories": ["Amateur"],
      "models": ["Jane Doe"],
      "date": "2026-03-01"
    }
  ]
}

Each item represents a video with its metadata, thumbnail, and HLS streaming URL. All URLs must be absolute HTTPS and publicly accessible.

Required Fields

  • version: String. Must be "1.0" to match current spec.
  • producer.name: String. The studio or studio display name.
  • producer.website: String. The full website URL of the studio.
  • producer.2257: String. Complete URL to the publisher's 2257 compliance and record-keeping document.
  • items: Array. List of content item objects.
  • item.id: String. Unique content identifier.
  • item.title: String. Display title of the content.
  • item.thumbnail: String. Absolute HTTPS URL to the full thumbnail image.
  • item.video: Object. Required for video content.
  • item.video.hls: String. Absolute HTTPS URL to the HLS master playlist (⁠.m3u8⁠).
  • item.image: Object. Required for image content.
  • item.image.src: String. Absolute HTTPS URL to the high-res image.

Optional Fields

  • producer.logo: String. URL to the logo image (⁠1:1 ratio recommended⁠).
  • item.description: String. Brief description or alternative title.
  • item.duration: Number. Duration of the video in seconds (⁠0 or omitted for images⁠).
  • item.external_url: String. Optional URL routing to a third-party site if the content cannot be hosted natively.
  • item.categories: Array. List of category strings (⁠e.g., ["Amateur", "POV"]⁠).
  • item.tags: Array. List of tag strings.
  • item.models: Array. List of model/performer names.
  • item.date: String. Release date in ISO format (⁠YYYY-MM-DD⁠).

Paywalled Content & Affiliate Sharing

The standard also fully supports syndicating exclusive, paywalled content. If a video is premium, the feed item must OMIT the raw video.hls block (⁠to keep the full video secure⁠) and instead provide a monetization block alongside a preview_video teaser. Third-party sites can ingest this feed to act as affiliates, driving direct PPV or subscription sales in exchange for a revenue share.

"monetization": {
  "type": "ppv",
  "price_usd": 1.00,
  "checkout_url": "https://mystudio.com/watch/video-001?ref={affiliate_id}"
},
"preview_video": {
  "hls": "https://cdn.mystudio.com/video-001-teaser/master.m3u8"
}

When a consumer clicks to unlock the video on a partner site, they are redirected to your checkout_url. You process the payment, secure the media playback, and credit the partner site their affiliate kickback.

Content Routing & UI Surfacing

The feed schema is designed to intelligently route your content to the correct UI surfaces based on its properties. Secreto Mio (⁠and other partner networks⁠) act as traffic directors:

  • Exclusive Page (⁠PPV⁠): Any item containing a monetization object is automatically routed to the premium/exclusive catalog.
  • SFW Swipe / Feed: If the categories array lacks the string "NSFW", the content is considered Safe For Work and is distributed to swipe-style SFW feeds.
  • NSFW Tube: If the categories array contains "NSFW", the content is routed to standard adult tube layouts.

Ad Revenue Integration

Ad revenue flow diagram
Studios control their own ad zones — revenue flows directly to them

This is where it gets interesting. The feed includes an optional ads block where you specify your ExoClick zone IDs. When a consuming site plays your video, it loads your VAST preroll and your banner zones. The impressions are tracked in your ExoClick account. You keep 100% of the shared ad revenue.

"ads": {
  "exoclick": {
    "preroll_vast": "https://s.magsrv.com/v1/vast.php?idzone=YOUR_ZONE",
    "banner_zone": "YOUR_BANNER_ZONE",
    "overrides": {
      "partnersite.com": {
        "preroll_vast": "https://s.magsrv.com/v1/vast.php?idzone=PARTNER_ZONE"
      }
    }
  }
}

The overrides key is for studios who provision per-domain zones in ExoClick (⁠recommended for best fill rates⁠). If a consuming site isn't in your overrides, the global zone IDs are used as fallback. ExoClick's Sub ID feature (⁠&sub=consumer-domain⁠) enables tracking which partner site generated each impression.

Per-Model Revenue Tracking via Filters

Secreto Mio takes this further with dynamic feed filtering. Instead of one monolithic feed, you can filter the /api/studios/secretomio.com/feeds endpoint by specific attributes to isolate content and dedicated ExoClick ad zones:

GET /api/studios/secretomio.com/feeds?tier=free&model=charlot-silver
GET /api/studios/secretomio.com/feeds?tier=free&model=babeeeluuu
GET /api/studios/secretomio.com/feeds?tier=paid&series=skip-the-intro

This means revenue can be attributed to each individual model, enabling exact payment based on what their content actually earned. No more splitting a global ad revenue pool — each model's earnings are tracked independently via their dedicated ad zones.

Testing the Embed API

We provide a dedicated Embed Playground that allows partners to simulate consuming the API. You can explore filtering, verify media security, and test playback across free and paid content directly from our interface. Just click the code icon (⁠</>⁠) located at the top-right of our feed pages.

Player Integrations (Implementing the VAST Preroll)

Once you have the VAST tag (⁠item.ads.exoclick.preroll_vast⁠), you need to instruct your video player to load it. Open-source players are highly recommended because they parse the XML natively:

  • Video.js: Use the videojs-contrib-ads and videojs-vast-vpaid plugins to pass the tag directly into the setup options.
  • Fluid Player: VAST is built directly into Fluid Player's core. Simply pass { vastOptions: { adList: [{ roll: 'pre', vastTag: feedItem.ads.exoclick.preroll_vast }] } }.
  • JW Player: Use the built-in advertising client: { advertising: { client: 'vast', schedule: { adbreak: { offset: 'pre', tag: feedItem.ads.exoclick.preroll_vast } } } }.

Vanilla HTML5 <video> (Quickstart UI)

If you are strictly using vanilla HTML5 <video> tags with HLS.js (⁠like the native Secreto Mio player does for maximum performance⁠), incorporating VAST requires fetching and parsing the XML manually, as well as looping through the feed API to draw the video cards. Best of all, because the API sets Access-Control-Allow-Origin: *, you do not have to worry about CORS! Any frontend code from any domain can fetch the feeds natively.

Here is a complete skeleton layout for drawing the video grid and preparing the player modal:

<!-- The Player Overlay -->
<div id="player-modal" style="display:none; position:fixed; top:0; left:0; width:100%; height:100%; background:black; z-index:100">
  <button onclick="document.getElementById('player-modal').style.display='none'">Close</button>
  <video id="main-video" controls playsinline style="width:100%; height:80vh"></video>
  <!-- The Ad Player goes ON TOP of the main video -->
  <video id="ad-overlay" playsinline muted style="display:none; position:absolute; top:0; left:0; width:100%; height:80vh"></video>
</div>

<!-- The Feed Grid -->
<div id="feed-grid"></div>

And the Javascript to pull the feed payloads into cards. We iterate over data.items and append them to the UI, applying event listeners to invoke the ad wrapper:

fetch('https://public.secretomio.com/api/studios/secretomio.com/feeds/abraham-bach')
  .then(res => res.json())
  .then(data => {
    const grid = document.getElementById('feed-grid');
    
    // 1. Loop through the items array
    data.items.forEach(item => {
      const card = document.createElement('div');
      card.className = 'video-card';
      card.innerHTML = `
        <img src="${item.thumbnail}" alt="Thumbnail" style="width:100%">
        <h3>${item.title}</h3>
        <p>${item.description || ''}</p>
        <small>${item.date || ''}</small>
      `;
      
      // 2. Play video click handler
      card.onclick = () => {
         const hlsUrl = item.video?.hls;
         let vastUrl = null;
         
         // Inherit ad zones natively from the payload
         if (item.ads?.exoclick?.preroll_vast) vastUrl = item.ads.exoclick.preroll_vast;
         else if (data.ads?.exoclick?.preroll_vast) vastUrl = data.ads.exoclick.preroll_vast;
         
         openPlayer(hlsUrl, vastUrl);
      };
      grid.appendChild(card);
    });
  });

When a video is clicked, we pass the VAST tag to the pre-roll invocation wrapper:

function openPlayer(hlsUrl, vastUrl) {
  document.getElementById('player-modal').style.display = 'block';
  if (vastUrl) playPreRoll(vastUrl, hlsUrl);
  else authorizeAndPlay(hlsUrl);
}

function playPreRoll(vastUrl, targetHlsUrl) {
  const adVideo = document.getElementById('ad-overlay');
  
  fetch(vastUrl)
    .then(r => r.text())
    .then(xmlString => {
      const doc = new DOMParser().parseFromString(xmlString, 'text/xml');
      
      // Follow any VAST wrappers if Exoclick proxies the tag
      const wrapper = doc.querySelector('VASTAdTagURI');
      if (wrapper) return playPreRoll(wrapper.textContent.trim(), targetHlsUrl);
      
      // Find the MP4 MediaFile
      const mediaFiles = Array.from(doc.querySelectorAll('MediaFile'));
      const targetFile = mediaFiles.find(tag => tag.getAttribute('type') === 'video/mp4');
      if (!targetFile) return authorizeAndPlay(targetHlsUrl);

      // Show ad overlay over the main video
      adVideo.src = targetFile.textContent.trim();
      adVideo.style.display = 'block';
      
      // Resume main video authorization when ad ends!
      adVideo.onended = () => {
        adVideo.style.display = 'none';
        authorizeAndPlay(targetHlsUrl);
      };
      adVideo.play();
    });
}

For production, your custom parser should also collect <TrackingEvents> (⁠like start, firstQuartile, complete⁠) and fire them by triggering background fetch(⁠⁠) requests so ExoClick effectively registers the completion rates to calculate the CPM. If you don't parse the tracking events you will lose out on fill rate!

VAST Proof-of-Play & Token Gating

A major challenge with cross-site video sharing is ensuring that third-party tube sites actually show your ads before playing your content. A malicious consumer could easily strip the VAST tag and serve your raw .m3u8 feed ad-free, depriving studios of revenue.

To solve this, Secreto Mio has pioneered a rigorous Token-Gated Stream Architecture mechanism that strictly forces downstream consumers to prove VAST compliance before HLS video chunks are unlocked:

  1. Restricted Master Playlist: The raw master.m3u8 URLs generated in the feed cannot be hotlinked. Fetching them directly will result in an immediate 403 Forbidden from the media CDN edge worker.
  2. Ad-Completion API Handshake: Downstream consumers must fully render the VAST preroll overlay on their frontend. ONLY once the onended VAST tracking completes does their web client negotiate with the central API endpoint (⁠POST /api/tokens/stream⁠), signaling proof of ad completion.
  3. Time-Limited Cryptographic Signatures: Upon receiving the completion signal, the API issues an HMAC-SHA256 signed, 4-hour temporal token strictly bound to that specific video path.
  4. Session Cookie Hand-off: The video player makes the authorized request via query parameter ?token=XYZ. The edge media proxy mathematically verifies the signature. Rather than returning the file naked—which would cause subsequent nested .ts chunk requests to fail since native HTML5 players strip query parameters during sub-manifest execution—the proxy transparently issues an HttpOnly stream session cookie to gracefully authorize all child resources seamlessly.

This guarantees a zero-trust model where third-party integrators cannot siphon shared video bandwidth without engaging in the ad protocol. Below is the authorizeAndPlay(⁠⁠) snippet that invokes the token exchange and connects the stream to video.js or hls.js:

function authorizeAndPlay(hlsUrl) {
  const urlObj = new URL(hlsUrl);
  
  fetch('https://public.secretomio.com/api/tokens/stream', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ videoPath: urlObj.pathname, action: 'ad_complete' })
  })
  .then(res => res.json())
  .then(data => {
    const authorizedUrl = hlsUrl + '?token=' + data.token;
    const mainVideo = document.getElementById('main-video');
    
    // Render using standard HLS engine
    if (Hls.isSupported()) {
      const hls = new Hls();
      hls.loadSource(authorizedUrl);
      hls.attachMedia(mainVideo);
      hls.on(Hls.Events.MANIFEST_PARSED, () => mainVideo.play());
    } else if (mainVideo.canPlayType('application/vnd.apple.mpegurl')) {
      mainVideo.src = authorizedUrl;
      mainVideo.play();
    }
  });
}

Best Practices for Integrating Feeds

When building a consumer application or tube site that integrates third-party feeds, you will encounter significant reliability and SEO challenges if you fetch remote feeds on-the-fly. To maintain a professional user experience, consider the following architecture:

  • The Aggregation Pattern (⁠Cron Engine⁠): Do not fetch JSON URLs live when a user loads a page. Instead, build a background worker that periodically polls your registered feeds and stores the active ones in your own local database. Serve your frontend entirely from your fast local cache.
  • Handle Degraded Feeds Gracefully: Track consecutive fetch failures. If a studio's server goes offline, quarantine their feed dynamically so your application's UX does not suffer from 404s or infinite loading spinners.
  • Feed Health Synchronization: Before displaying thumbnails or constructing links to a model's videos, verify their feed's structural integrity using the GET /api/studios/{domain}/health endpoint. If a feed reports poor health due to validation failures or broken media, do not attempt to play its videos or render its cards in your user interface.
  • SEO & The noindex Rule: Because shared content is hosted independently and can disappear, you must not index third-party feed items on Google. Apply <meta name="robots" content="noindex, nofollow"> to dynamic watch pages to prevent search engines from hitting dead links and penalizing your site's overall discoverability.

Security & Validation

Before any studio registration is persisted, submitted feed URLs are fetched and validated server-side:

  • Valid JSON parsing and schema compliance via strict Zod typing
  • SQL injection payload escaping via the sqlstring library and heuristics
  • XSS vector destruction via DOM payload testing utilizing the xss engine
  • URL scheme validation (⁠HTTPS only, no data: or javascript: schemes⁠)
  • 10MB size cap to prevent abuse
  • Captcha on the registration form to prevent automated submissions

The Official Open-Source Reference Implementation

To completely eliminate the technical barrier to entry for this standard, we have published the studio-paysite repository on GitHub. This open-source 'Paysite-in-a-Box' infrastructure gives any independent studio enterprise-grade Cloudflare video transcoding and secure HLS streaming. It natively generates a perfectly formatted feed.json out of the box, ensuring instant compatibility with any adult content network. Your only dev work is setting up the UI and connecting a payment gateway.

How to Join

Visit secretomio.com/studios to download the 1-Click Feed Generator or to register an existing feed. You'll need your site name, domain, contact email, your feed URL (⁠which must contain your publisher's 2257 compliance link inside the producer block⁠), and optionally a logo. Registration is instant — there's no approval queue. Once registered, your listing appears on the network and other sites can discover your feed.

The technical specification and full payload structure is detailed above. If you're a developer integrating consuming sites, you can also browse the unified API directly:

GET /api/studios                              List all studios
GET /api/studios/{domain}                     Get a specific studio
GET /api/studios/{domain}/health              Get the current health status of a studio feed
GET /api/studios/{domain}/feeds               List available feeds
GET /api/studios/{domain}/feeds/{handle}      Get a specific feed

Read the AVN article for more background on the vision behind this project.

#Technology#Studios#Sharing#Revenue#Network

Comments

Loading comments...