1. OnlyFans Authentication
  2. Integrating OFAuth into your application

OnlyFans Authentication

Integrating OFAuth into your application

This guide will walk you through the process of implementing OnlyFans authentication using OFAuth's Account Linking Service.

Prerequisites

Before you begin, make sure you have:

  1. Generated an access key with Account Linking permissions
  2. Set up a webhook URL to receive users' session data

Implementation Steps

Step 1: Generate a Client Session

Create an endpoint in your application to generate a client session:

  1. Make a POST request to https://api.ofauth.com/v2/link/init
  2. Include the following headers:
    • Content-Type: application/json
    • apiKey: your_api_key_here
  3. Send this JSON body:
        {
	"mode": "hosted", // Optional: "hosted" | "api" (contact support for API mode)
	"hosted": {
		"returnUrl": "https://your-app.com/cancel", // Optional: URL to redirect to if user cancels (recommended if not using embedded form)
		"successUrl": "https://your-app.com/success", // Optional: URL to redirect to after successful login (recommended if not using embedded form)
		"clientReferenceId": "unique_id" // Required for hosted mode: used to identify the session in webhooks
	}
}
  1. You'll receive a response like this:
        {
	"clientSecret": "cs_xxxxxxxxxxxx",
	"url": "https://link.ofauth.com/s/cs_xxxxxxxxxxxx",
	"expiresAt": "2024-01-28T12:00:00.000Z"
}

Step 2: Implement the Login Flow

You have two options for implementing the login flow:

Integrate OFAuth's login directly into your website using our embed library:

Simple Implementation (Code Snippet)

Add this HTML snippet to your website:

        <a href="CLIENT_SESSION_URL" data-ofauth-link data-ofauth-theme="light">
	Link account using OFAuth
</a>
<script
	src="https://unpkg.com/@ofauth/link-embed/dist/embed.global.js"
	defer
	data-auto-init
></script>
Advanced Implementation (JavaScript Library)

For more advanced projects, install the Link embed library:

        npm install @ofauth/link-embed

Then implement it in your code:

        import { OFAuthLinkEmbed } from '@ofauth/link-embed';
import { useEffect } from 'react';

const LinkAccount = () => {
	useEffect(() => {
		OFAuthLinkEmbed.init();
	}, []);

	return (
		<a href="CLIENT_SESSION_URL" data-ofauth-link data-ofauth-theme="light">
			Link account using OFAuth
		</a>
	);
};

export default LinkAccount;
TIP

You can style the trigger element any way you want, just make sure to keep the data-ofauth-link attribute.

Option 2: API Mode (Advanced)

If you have API mode permissions, you can handle the login flow programmatically:

  1. Make a POST request to https://api.ofauth.com/v2/link/cs_xxxxxxxxxxxx with:
        {
	"email": "[email protected]",
	"password": "dXNlcnBhc3N3b3Jk", // base64 encoded !!
	"proxy": {
		"geo": {
			"country": "US",
			"state": "California",
			"city": "San Francisco"
		},
		"url": "http://your-proxy-url.com"
	}
}
  1. Poll the status by making GET requests to https://api.ofauth.com/v2/link/cs_xxxxxxxxxxxx. You'll receive one of these responses:
        {
	"status": "initialized"
}

{
	"status": "processing"
}

{
	"status": "awaiting_otp",
	"data": {
		"phoneLast4": "1234"
	}
}

{
	"status": "completed",
	"data": {
		"id": "as_xxxxx",
		"platformUserId": "144857123",
		"session": {
			"user-id": "144857123",
			"user-agent": "Mozilla/5.0 ...",
			"cookie": "sess=xxxxx;",
			"x-bc": "xxxxx"
		},
		"user": {
			"userId": "144857123",
			"name": "User Name",
			"username": "username",
			"avatar": "https://example.com/avatar.jpg"
		}
	}
}

{
	"status": "invalid_credentials"
}

{
	"status": "failed"
}
  1. If OTP (one-time password) is required (status is awaiting_otp), submit the code:
        {
	"code": "123456"
}

{
	"status": "completed",
	"success": true,
	"data": {
		"id": "as_xxxxx",
		"session": {
			"user-id": "144857123",
			"user-agent": "Mozilla/5.0 ...",
			"cookie": "sess=xxxxx;",
			"x-bc": "xxxxx"
		},
		"platformUserId": "144857123",
		"user": {
			"userId": "144857123",
			"name": "User Name",
			"username": "username",
			"avatar": "https://example.com/avatar.jpg"
		}
	}
}
TIP

When polling the status endpoint:

  • Poll every 1-2 seconds initially
  • Implement exponential backoff for longer operations
  • Stop polling if the status is "completed", "invalid_credentials", or "failed"

Step 3: Handle Webhook Events

When a user successfully links their account, we'll send a POST request to your webhook URL. The request will include an x-webhook-secret header that you should verify against your webhook secret.

The webhook payload will have this structure:

        {
	"webhookSecret": "whsec_xxxxx", // Verify this or header value matches your webhook secret
	"eventType": "link.success",
	"live": true,
	"activeSession": {
		"id": "as_xxxxx",
		"platformUserId": "144857123",
		"session": {
			"user-agent": "Mozilla/5.0 ...",
			"cookie": "sess=xxxxx;",
			"x-bc": "xxxxx",
			"user-id": "144857123"
		},
		"user": {
			"name": "User Name",
			"username": "username",
			"avatar": "https://example.com/avatar.jpg",
			"userId": "144857123"
		}
	},
	"clientReferenceId": "unique_id" // The ID you provided in step 1
}

In your webhook handler:

  1. Verify the x-webhook-secret header matches your webhook secret
  2. Use the clientReferenceId to identify the user/session (for successful links)
  3. Store the session data securely for future API requests
  4. Return a 2xx status code to acknowledge receipt
TIP

If your webhook handler fails to process an event, we'll retry the delivery with exponential backoff. You can view and manually retry failed webhook deliveries in your webhooks dashboard.

Managing Active Sessions

You can view and manage authenticated accounts from your OFAuth dashboard:

  • View active sessions and their status
  • Monitor session data and usage
  • Terminate sessions when needed

Access your dashboard here

Need Help?

If you encounter any issues or have questions:

Previous <- Signing algorithm
Next Frontend components ->