OnlyFans Authentication

The process

Using OFAuth's Account Linking Service is quite simple, although there are a few steps to follow.

In order to use the Account Linking Service, you will need to do the following:

• Generate an access key with Account Linking permissions ( Go here to generate an access key)
• Set a webhook URL to receive the users' session data when a successful login occurs ( Go here to set the webhook URL)

# The process

• Create an endpoint to generate a session key to start the login process
• Embed the login component into your app
• Create an endpoint to receive the webhook event

# 1. Generating a session key

Using your API key, make a POST request to auth.ofauth.com/api/init. Headers:

• Content-Type: application/json
• apiKey: your_api_key_here

Body:

        {
  "metadata": {"any_json_object": "here"},
  "proxy": "http://your_custom_proxy_url_here.com" // Optional
}

      

• metadata is used to store any information that you want to pass along in the webhook event. Use this to store the user's ID, username, or any other information you want to identify the user and connect the session to them.
• proxy is optional, and can be used to specify a custom proxy URL to be used for the request. If you do not specify a proxy, OFAuth will use a dedicated or shared proxy based on your plan.

Response:

        {
  "sessionKey": "your_session_key_here", // The session key to be used in the next step
  "expiresAt": "2024-01-01T00:00:00.000Z" // The time at which the session will expire
}

      

# 2. Embed the login component

Embed the JavaScript login component into your app. This can be done in a popup, or inline. Just make sure to pass the sessionKey from the previous step to the init function.

        <body>
    <div id="ofauth-container"></div>
    <script src="https://auth.ofauth.com/embed.js"></script>
    
    <script>
        OFAuthEmbed.init('ofauth-container', sessionKey, {
            width: '400px',
            onSuccess: function() {
                // Handle the success event - close the popup, redirect, etc.
            },
            onCancel: function() {
                console.log('User cancelled authentication');
                // Handle the cancel event - close the popup, redirect, etc.
            }
        });
    </script>
</body>

      

# 3. Create an endpoint to receive the webhook event

Set the webhook URL in your OFAuth dashboard, and make sure to create an endpoint on your server that can receive the webhook event.

When a user successfully logs in, OFAuth will make a POST request to the webhook URL with the following body:

        {
  "metadata": { "any": "metadata_object_from_step_1" },
  "secret": "whsec_DKkdOfafsdASrBFIDxrPZbKDagGF", // found on your dashboard -> webhooks
  "session": { 
    "x-bc": "c38dcvfvf5l111plph1ed52r5k0ql9gr", 
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36", 
    "cookie": "sess=qpr5vf070i4edsfcdrihi4jnck;", 
    "user-id": "144857123"
  }
}

      

1. Verify the secret is correct
2. Use the metadata to identify which user this session belongs to
3. Save the session object to your database, so that you can use it to make requests to the OnlyFans API

# Managing Active Accounts

On your OFAuth dashboard, you can view and manage your active accounts. (Accounts that have been authenticated, and are currently active.) You'll be able to see the session data and terminate sessions (log out).