Skip to main content

Overview

The OFAuth API implements a sophisticated token bucket rate limiting system designed to ensure fair usage while allowing burst capacity for real-time applications. This system protects against abuse while providing flexibility for legitimate use cases.

Rate Limits by Plan

Rate limits vary based on your subscription plan: Access API (per connection):
PlanRate LimitBurst Capacity
Pay as You Go60 req/min90 requests
Starter60 req/min90 requests
LaunchNo limit*No limit*
The standard tier (Pay as You Go and Starter) shares the same limit: a 60 requests per minute refill with a 90 request burst allowance. Launch customers inherit the same Access infrastructure and monitoring, but their buckets are uncapped so your throughput is only constrained by upstream OnlyFans limits. Other APIs (per organization):
API CategoryDefault LimitBurst Capacity
Dynamic Rules1 req/min3 requests
Sign10 req/min20 requests
LinkNo limit-
AccountNo limit-
*Launch plan has no OFAuth rate limits but is still subject to OnlyFans’ native rate limiting. OFAuth does not bypass OnlyFans’ rate limits.

Managing Rate Limits

OFAuth uses a token bucket system. Tokens replenish continuously, allowing short bursts as long as the bucket has capacity. When the bucket empties, the API responds with 429 Too Many Requests until enough tokens regenerate. Access limits apply per connection ID, while other APIs are scoped to the organization level.

Best Practices

  • Space out non-critical requests to avoid draining the burst bucket.
  • Implement exponential backoff with jitter whenever the API returns 429 responses.
  • Track the X-RateLimit-* response headers so you can alert before reaching zero remaining tokens.
  • Cache results and batch fetches where possible to reduce duplicate calls.
  • Distribute traffic across multiple connections if your use case supports parallelism.

Monitoring Tips

  • Watch the X-RateLimit-Reset header to know when full capacity returns.
  • Surface rate-limit telemetry alongside your application health dashboards.
  • Set alerts when remaining tokens fall below 20% of the current window.

Reduce Calls with Caching

Cache frequently read data and prefer incremental updates over full refreshes. During upstream incidents, extend cache TTLs and serve degraded-but-available experiences while OFAuth restores access.

Custom Rate Limits

Enterprise customers can request custom rate limits based on their use case. Contact support with:
  • Expected request volume
  • Usage patterns (bursts vs steady)
  • Business requirements
  • Current plan details

Next Steps

Error Handling

Error codes and debugging strategies

Access Guide

Using the Access API