Signing Requests
How to sign requests
Using the signing API, you can sign requests to the OnlyFans API. This is necessary to authenticate your requests and ensure that they are valid.
There's two ways to integrate the signing API into your application:
Sign Request Endpoint
Using the Sign Request endpoint is the easiest way to integrate the signing API into your application. You can use the endpoint to sign requests for any of the OnlyFans API endpoints.
To get started, you'll need an access key with rules permissions. You can create an access key here.
To sign a request, you'll need to send a POST request to the endpoint with the following JSON body:
endpoint(string): The URL of the OnlyFans API endpoint you're requesting.user_id(string, optional): The OnlyFans user account ID you're using to make the request. Not required unless you include theuser-idheader in the request to OnlyFans.timestamp(number, optional): The current timestamp in milliseconds (e.g.1726600781032). If not provided, the current timestamp will be used. This is used for verifying signatures are correct.
For example, to sign a request to the https://api.onlyfans.com/api2/v2/users/me endpoint, you would send the following JSON body:
The complete HTTP request would look like this:
The response will be a JSON object with the following fields:
Self-sign Requests
If your use case requires a large number of signed requests, you may want to self-sign requests. This means generating the sign value on your end, and sending it to the OnlyFans API directly.
To generate the sign value:
- Get the latest dynamic rules from the GET /rules endpoint.
- Implement the signing algorithm in your application.
- Pass the
signandtimevalues as headers in your request to the OnlyFans API.
Examples
Check out the examples on the public Github repository.