Signing Requests
Signing algorithm
The signing algorithm is used to generate the sign
value for OnlyFans API requests. It is a combination of the time
, user-id
, endpoint (requested url)
, and various other values (called "dynamic rules") that get updated periodically. If you're curious how often these values get updated, check out the Dynamic Rules Update Tracker.
In order to generate the sign
value, you'll need to get the latest dynamic rules from the GET /rules endpoint.
The general format of the sign
value is [start param]:[sha1 hash]:[checksum]:[end param]
-> 29764:eba737fa71ae7b9201b8f5ac345153cc8f28895d:a51:66e9ac08
The signing algorithm should be implemented like this:
JavaScript
Python
Golang
Testing your implementation
You can test your implementation by comparing the output of your function to the sign
value on a request from the OnlyFans website.
Step 1
Go to the OnlyFans website. Right click the page and select
Inspect
to open the developer tools.Step 2
Navigate to the
Network
tab. In the search bar typeapi2
.Step 3
Click on any of the requests in the list.
Step 4
Scroll to the bottom and you'll see the
sign
value andtime
value.Step 5
Test your implementation by using the same
time
value andendpoint
as the request you're trying to replicate.
If your implementation is correct, the output should be the same as the sign
value in the request.