Overview

The Dynamic Rules API provides request signing for direct OnlyFans API calls. Most applications should use the Access API instead, which handles signing automatically. Use Dynamic Rules only when you need to:

Make direct OnlyFans API calls outside of OFAuth
Implement custom request handling

OnlyFans changes signing requirements frequently. If you use Dynamic Rules directly, implement retry logic and handle 503 responses gracefully.

Base URL

https://api.ofauth.com/v2/dynamic-rules

Endpoints

Sign Request

Generate a signature for a specific OnlyFans API request.

POST /v2/dynamic-rules/sign

Request Body

Field	Type	Required	Description
`endpoint`	`string`	Yes	The OnlyFans API path (e.g., `/api2/v2/users/me`)
`time`	`number`	No	Unix timestamp to sign with (defaults to current time)
`user-id`	`string`	No	OnlyFans user ID for authenticated requests

Response

{
  "signed": {
    "sign": "generated_signature_string",
    "time": "1698400000000",
    "user-id": "12345",
    "app-token": "..."
  }
}

Get Status

Check if the signing service is operational.

GET /v2/dynamic-rules/status

Response

{
  "is_current": true,
  "access_granted": true
}

Authentication

apikey: YOUR_API_KEY

Subscribe to the rules.updated webhook in your Dashboard to be notified when signing requirements change.

When to Use

Use Case	Recommendation
Standard API access	Use the Access API - signing is automatic
Custom proxy setup	Use Dynamic Rules `/sign` endpoint
Checking service status	Use `/status` endpoint

Account API

Link API

Access API

Dynamic Rules API

Vault Cache API

Overview

Overview

Base URL

Endpoints

Sign Request

Get Status

Authentication

When to Use

Account API

Link API

Access API

Dynamic Rules API

Vault Cache API

​Overview

​Base URL

​Endpoints

​Sign Request

​Get Status

​Authentication

​When to Use

Overview

Base URL

Endpoints

Sign Request

Get Status

Authentication

When to Use