Skip to main content
Connect an OnlyFans account to interact with it via the OFAuth API - send messages, create posts, get subscriber data, view earnings, and more.
Using Node.js? Our TypeScript SDK provides wrapper methods for Link authentication with built-in error handling.

Prerequisites

1

OFAuth API Key

Get your API key from the OFAuth Dashboard
2

Configure Redirect URI

Add your callback URL to Allowed Redirect URIs in Dashboard → Developers → API
3

Configure User Data Permissions

Select which OnlyFans data your platform can access in Dashboard → Developers → API → User Data Permissions

Connection Flow

const response = await fetch("https://api.ofauth.com/v2/link/init", {
  method: "POST",
  headers: {
    apikey: "YOUR_API_KEY",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    redirectUrl: "https://yourapp.com/callback",
    clientReferenceId: "your-internal-user-id"  // Optional
  })
})

const { url } = await response.json()
console.log("Send user to:", url)
Response: 
{
  "url": "https://link.ofauth.com/cs_abc123...",
  "expiresAt": "2024-01-15T10:30:00Z"
}

Session Options

OptionTypeDescription
redirectUrlstringCallback URL (must be in Allowed Redirect URIs)
clientReferenceIdstringYour internal user ID for correlation
connectionIdstringExisting connection ID to reconnect

Step 2: Redirect User

Send the user to the url from Step 1: 
window.location.href = url
The user will:
  1. Enter their OnlyFans credentials
  2. Complete 2FA if enabled (handled automatically)
  3. Solve captcha challenges (handled automatically)
Embedded Flow: Want to keep users in your app? Use the Link Embed Library for a popup experience.

Step 3: Handle the Callback

After authentication, users are redirected to your URL with query parameters: 
https://yourapp.com/callback?status=success&connection_id=conn_abc123

const params = new URLSearchParams(window.location.search)
const status = params.get("status")
const connectionId = params.get("connection_id")

if (status === "success" && connectionId) {
  // Store the connection ID
  await saveConnectionId(userId, connectionId)
  redirect("/dashboard")
} else if (status === "cancelled") {
  const step = params.get("step")
  console.log("User cancelled at:", step)
} else if (status === "error") {
  const errorCode = params.get("error_code")
  console.error("Error:", errorCode)
}

Callback Parameters

ParameterDescription
statussuccess, cancelled, or error
connection_idThe connection ID (on success)
client_reference_idYour internal ID (if provided)
stepWhere user cancelled: pre-login, login, 2fa
error_codeError type: session_expired, invalid_credentials, account_locked, 2fa_failed

Step 4: Use the Connection

Make API calls with the connection ID: 
const response = await fetch("https://api.ofauth.com/v2/access/self/me", {
  headers: {
    apikey: "YOUR_API_KEY",
    "x-connection-id": connectionId
  }
})

const account = await response.json()
console.log("Connected as:", account.name)

Integration Options

OptionBest ForGuide
RedirectSimple setup, server-rendered appsThis page
Embed PopupBest UX, stays in your appLink Embed

Security Best Practices

Server-Side Verification

Always verify session status server-side, never trust client-side data

HTTPS Only

Use HTTPS for all redirect URLs and API communications

Session Expiry

Link sessions expire after 1 hour. Create a new session if expired.

Allowed URIs

Configure exact redirect URLs in your dashboard. No wildcards.

Billing

You’re only charged for active connections. Expired connections don’t count toward monthly usage—billing resumes only if the user re-authenticates.

Next Steps

Send a Message

Send your first message to a fan

Create a Post

Create your first post with media

Link Embed Library

Popup authentication for better UX

Hosted Mode Details

Advanced redirect flow options