Overview The Account module (sdk.account) provides access to account information. Webhook configuration is managed through the OFAuth Dashboard , not via API.
Account Module sdk.account - Account information
Webhook Configuration Webhooks are configured exclusively through the OFAuth Dashboard . From the Settings page you can:
Set your webhook endpoint URL (HTTPS required)
Select which events to subscribe to
View delivery history and retry failed events
Rotate webhook secrets
Webhook Events Event Types
Connection Events connection.created - New user connection
connection.updated - Connection status change
connection.expired - Connection expired
System Events rules.updated - API rules updated
Event Payload Structure All webhook events follow this structure:
{ event : string ; // Event type timestamp : string ; // ISO timestamp data : { connectionId ?: string ; // For connection events userId ?: string ; // OnlyFans user ID status ?: string ; // Connection status // ... other event-specific data }; signature : string ; // HMAC signature for verification } Webhook Security Verify Signatures : Always verify webhook signatures to ensure authenticity. Use your API key to validate the HMAC signature included in each webhook.
import crypto from 'crypto' ; function verifyWebhookSignature ( payload : string , signature : string , apiKey : string ) : boolean { const expectedSignature = crypto . createHmac ( 'sha256' , apiKey ) . update ( payload ) . digest ( 'hex' ); return crypto . timingSafeEqual ( Buffer . from ( signature , 'hex' ), Buffer . from ( expectedSignature , 'hex' ) ); } // Express.js webhook handler example app . post ( '/webhooks' , express . raw ({ type: 'application/json' }), ( req , res ) => { const signature = req . headers [ 'x-signature' ] as string ; const payload = req . body . toString (); if ( ! verifyWebhookSignature ( payload , signature , process . env . OFAUTH_API_KEY )) { return res . status ( 401 ). json ({ error: 'Invalid signature' }); } const event = JSON . parse ( payload ); handleWebhookEvent ( event ); res . status ( 200 ). json ({ received: true }); }); Integration Examples Event Handler function handleWebhookEvent ( event : any ) { switch ( event . event ) { case "connection.created" : console . log ( `New connection: ${ event . data . connectionId } ` ); onNewConnection ( event . data ); break ; case "connection.updated" : console . log ( `Connection updated: ${ event . data . connectionId } ` ); onConnectionUpdate ( event . data ); break ; case "connection.expired" : console . log ( `Connection expired: ${ event . data . connectionId } ` ); onConnectionExpired ( event . data ); break ; case "rules.updated" : console . log ( "API rules updated" ); onRulesUpdate ( event . data ); break ; default : console . log ( `Unknown event: ${ event . event } ` ); } } Best Practices
Security Secure webhooks
Always verify HMAC signatures
Use HTTPS endpoints only
Implement rate limiting
Log webhook events for debugging
Reliability Handle failures gracefully
Implement idempotent event processing
Monitor webhook delivery in the Dashboard
Have fallback polling mechanisms
For more details on webhook delivery behavior and retry policies, see the Webhooks guide . 
