OnlyFans Authentication
Integrating OFAuth into your application
This guide will walk you through the process of implementing OnlyFans authentication using OFAuth's Account Linking Service.
Prerequisites
Before you begin, make sure you have:
- Generated an access key with Account Linking permissions
- Set up a webhook URL to receive users' session data
Implementation Steps
Step 1: Generate a Client Session
Create an endpoint in your application to generate a client session:
- Make a POST request to
https://api.ofauth.com/v2/link/init
- Include the following headers:
Content-Type: application/json
apiKey: your_api_key_here
- Send this JSON body:
- You'll receive a response like this:
Step 2: Implement the Login Flow
You have two options for implementing the login flow:
Option 1: Using the Embed Library (Recommended)
Integrate OFAuth's login directly into your website using our embed library:
Simple Implementation (Code Snippet)
Add this HTML snippet to your website:
Advanced Implementation (JavaScript Library)
For more advanced projects, install the Link embed library:
Then implement it in your code:
You can style the trigger element any way you want, just make sure to keep the
data-ofauth-link
attribute.
Option 2: API Mode (Advanced)
If you have API mode permissions, you can handle the login flow programmatically:
- Make a POST request to
https://api.ofauth.com/v2/link/cs_xxxxxxxxxxxx
with:
- Poll the status by making GET requests to
https://api.ofauth.com/v2/link/cs_xxxxxxxxxxxx
. You'll receive one of these responses:
- If OTP (one-time password) is required (status is
awaiting_otp
), submit the code:
When polling the status endpoint:
- Poll every 1-2 seconds initially
- Implement exponential backoff for longer operations
- Stop polling if the status is "completed", "invalid_credentials", or "failed"
Step 3: Handle Webhook Events
When a user successfully links their account, we'll send a POST request to your webhook URL. The request will include an x-webhook-secret
header that you should verify against your webhook secret.
The webhook payload will have this structure:
In your webhook handler:
- Verify the
x-webhook-secret
header matches your webhook secret - Use the
clientReferenceId
to identify the user/session (for successful links) - Store the session data securely for future API requests
- Return a 2xx status code to acknowledge receipt
If your webhook handler fails to process an event, we'll retry the delivery with exponential backoff. You can view and manually retry failed webhook deliveries in your webhooks dashboard.
Managing Active Sessions
You can view and manage authenticated accounts from your OFAuth dashboard:
- View active sessions and their status
- Monitor session data and usage
- Terminate sessions when needed
Need Help?
If you encounter any issues or have questions:
- Check our API Reference
- Contact our support team