Skip to main content
Prerequisites: You need an OFAuth account. Sign up here if you don’t have one.
Use Sandbox for testing! Before testing with real OnlyFans accounts, use the Sandbox environment with test credentials. Too many login attempts on production accounts can trigger OnlyFans “suspicious activity” detection, which may cause account resets.

Step 1: Get Your API Key

1

Go to your dashboard

Open app.ofauth.com/platform/developers/keys
2

Copy your API key

Your API key looks like sk_live_... (production) or sk_sandbox_... (testing). Keep it secure—don’t commit it to version control.
Verify it works: 
curl https://api.ofauth.com/v2/account/whoami \
  -H "apikey: YOUR_API_KEY"
You should see your organization details. If you get an error, double-check your API key.

Step 2: Connect an OnlyFans Account

Create a Link session to authenticate a user: 
curl -X POST https://api.ofauth.com/v2/link/init \
  -H "apikey: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "redirectUrl": "https://yourapp.com/callback"
  }'
What happens:
  1. You get a url in the response
  2. Redirect the user to that URL
  3. They authenticate on OFAuth’s secure page
  4. On success, they’re redirected to your redirectUrl with connection_id as a query parameter
For testing, use a Sandbox API key (sk_sandbox_...) with test credentials.

Step 3: Fetch Data

Once you have a Connection ID, use it to access OnlyFans data: 
curl https://api.ofauth.com/v2/access/self \
  -H "apikey: YOUR_API_KEY" \
  -H "x-connection-id: conn_YOUR_CONNECTION_ID"
That’s it! You’ve connected an OnlyFans account and fetched data through OFAuth.

What’s Next?

Send Messages

Learn to send messages and manage chats

List Fans

Get subscriber lists and fan data

TypeScript SDK

Use our SDK for type-safe development

Set Up Webhooks

Get notified when connections change

Common Issues

Check that your API key is correct and included in the apikey header.
The Connection ID may have expired or be invalid. Create a new Link session.
OnlyFans sessions expire periodically. The user needs to re-authenticate via Link.

Need Help?

Contact our support team for assistance