> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ofauth.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Sandbox & Testing

> Test your integration safely with OFAuth's sandbox environment

OFAuth provides a sandbox environment for safe development and testing. Use sandbox API keys to test all features without affecting real OnlyFans accounts.

<Warning>
  **Always use Sandbox for testing logins.** Too many login attempts on production OnlyFans accounts can trigger "suspicious activity" detection, which may cause OnlyFans to reset the account.
</Warning>

## How Environments Work

The environment is determined by your API key prefix:

| Key Prefix       | Environment | Purpose                             |
| ---------------- | ----------- | ----------------------------------- |
| `sk_live_...`    | **Live**    | Production - real OnlyFans requests |
| `sk_sandbox_...` | **Sandbox** | Testing - deterministic fixtures    |

<Tip>
  Use a Sandbox API key during development and switch to a Live key for production. No code changes needed.
</Tip>

## Creating API Keys

1. Go to [OFAuth Dashboard > Developers > API Keys](https://app.ofauth.com/platform/developers/keys)
2. Create keys for both environments:
   * **Sandbox key** for development and testing
   * **Live key** for production

***

## Sandbox Test Credentials

Use these test accounts to complete Link authentication flows:

| Scenario           | Email format                           | Password        | OTP      |
| ------------------ | -------------------------------------- | --------------- | -------- |
| Creator (no 2FA)   | `{identifier}@creator.sandbox.com`     | `good-password` | —        |
| Creator (with OTP) | `{identifier}@creator-otp.sandbox.com` | `good-password` | `123456` |
| Fan (no 2FA)       | `{identifier}@fan.sandbox.com`         | `good-password` | —        |
| Fan (with OTP)     | `{identifier}@fan-otp.sandbox.com`     | `good-password` | `123456` |

**Examples:**

```text theme={null}
jane@creator.sandbox.com          // Creator without 2FA
alex@creator-otp.sandbox.com      // Creator with OTP 123456
marco@fan.sandbox.com             // Fan without 2FA
sasha@fan-otp.sandbox.com         // Fan with OTP 123456
```

<Info>
  Any identifier works (e.g., `demo`, `user123`, `test`). The domain controls the behavior.
</Info>

***

## What You Can Test

| Feature        | Sandbox Behavior                            |
| -------------- | ------------------------------------------- |
| **Link**       | Full auth flows with test credentials       |
| **Access API** | Returns realistic fixture data              |
| **Webhooks**   | Simulated events mirror production payloads |
| **SDK**        | Identical behavior to production            |

***

## Environment Differences

| Aspect           | Sandbox                | Live               |
| ---------------- | ---------------------- | ------------------ |
| **Data source**  | Deterministic fixtures | Real OnlyFans data |
| **Billing**      | Free                   | Pay per usage      |
| **Rate limits**  | Same as production     | Same               |
| **API behavior** | Identical              | Identical          |

***

## Switching Environments

Simply change your API key—no code changes required:

```javascript theme={null}
// Development
const API_KEY = process.env.OFAUTH_SANDBOX_KEY // sk_sandbox_...

// Production
const API_KEY = process.env.OFAUTH_API_KEY // sk_live_...

// Same code works for both
const response = await fetch("https://api.ofauth.com/v2/account/whoami", {
  headers: { apikey: API_KEY }
})
```

***

## Common Troubleshooting

<AccordionGroup>
  <Accordion title="Wrong password error">
    Use `good-password` for all sandbox test accounts.
  </Accordion>

  <Accordion title="OTP required but not expected">
    Only `*-otp.sandbox.com` accounts require OTP. The code is always `123456`.
  </Accordion>

  <Accordion title="Invalid email error">
    Verify the domain format: `creator.sandbox.com`, `creator-otp.sandbox.com`, `fan.sandbox.com`, or `fan-otp.sandbox.com`.
  </Accordion>

  <Accordion title="Data doesn't persist">
    Sandbox data is deterministic fixtures, not persistent storage. Treat responses as test fixtures.
  </Accordion>
</AccordionGroup>

***

## Next Steps

<CardGroup cols={2}>
  <Card title="Quickstart" icon="rocket" href="/quickstart">
    Get your first API call working
  </Card>

  <Card title="Link Authentication" icon="link" href="/guides/link">
    Connect test accounts
  </Card>
</CardGroup>
