Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ofauth.com/llms.txt

Use this file to discover all available pages before exploring further.

Realtime OnlyFans Events delivers supported OnlyFans activity events to your webhook endpoint. Use it when you need low-latency event delivery for product activity instead of connection lifecycle or Dynamic Rules notifications.

Quick Reference

TypeDeliveryPurpose
OnlyFans eventsWebhookReceive supported OnlyFans activity events in real time

Configuration

Configure Realtime OnlyFans Events in the OFAuth Dashboard:
  • Set your webhook endpoint URL
  • Enable Realtime OnlyFans Events
  • Review delivery history and failures

API Overview

Review the top-level webhook contract and integration notes

System Webhook Events

Connection lifecycle events and Dynamic Rules notifications

Event Types

EventTrigger
of.websocket.event.receivedA supported OnlyFans event was delivered through Realtime
OnlyFans Events are currently in beta. The top-level webhook contract is stable, and the documented event categories may expand over time as coverage grows.

Payload Format

Realtime OnlyFans Events deliveries share the same top-level envelope: 
{
  "type": "of.websocket.event.received",
  "timestamp": "2024-01-15T10:30:00Z",
  "data": {
    "json": {
      "messageType": "typing",
      "...": "OnlyFans event payload"
    }
  }
}
The data.json object contains the underlying OnlyFans event payload. Route deliveries by the top-level keys present in data.json, and parse it defensively because additional event categories may be added over time.

Documented Event Schemas

The schema pages below are generated from the same OpenAPI spec as the webhook contract:

Delivery & Retries

  • Retry policy: exponential backoff with up to 5 attempts
  • Timeout: 10 seconds per request
  • Ordering: best effort per webhook endpoint
Your endpoint should return a 2xx response within 10 seconds.

Signature Verification

Every Realtime OnlyFans Events delivery includes an OFAuth-Signature header: 
OFAuth-Signature: t=1234567890,v1=abc123...
Verify requests by:
  1. Extracting the timestamp (t) and signature (v1)
  2. Rejecting requests older than 5 minutes
  3. Computing an HMAC-SHA256 of {timestamp}.{raw_body} using your signing secret
  4. Comparing the expected signature with a constant-time comparison

Implementation Checklist

  1. Parse the application/json body
  2. Verify the signature before processing
  3. Route the event by type and the event-specific keys inside data.json
  4. Return 2xx within 10 seconds
  5. Make handlers idempotent by storing processed event IDs

Troubleshooting

Ensure your endpoint is publicly reachable and returns a 2xx response within 10 seconds.
Verify the endpoint URL and selected subscriptions in the Dashboard.
Use the raw request body, not the parsed JSON body, and confirm the signing secret matches your Dashboard configuration.

Next Steps

API Overview

View the top-level Realtime webhook contract

Access API

Use connection IDs to read and write OnlyFans data

System Webhook Events

Connection lifecycle events and Dynamic Rules notifications