Skip to main content
OFAuth provides a sandbox environment for safe development and testing. Use sandbox API keys to test all features without affecting real OnlyFans accounts.
Always use Sandbox for testing logins. Too many login attempts on production OnlyFans accounts can trigger “suspicious activity” detection, which may cause OnlyFans to reset the account.

How Environments Work

The environment is determined by your API key prefix:
Key PrefixEnvironmentPurpose
sk_live_...LiveProduction - real OnlyFans requests
sk_sandbox_...SandboxTesting - deterministic fixtures
Use a Sandbox API key during development and switch to a Live key for production. No code changes needed.

Creating API Keys

  1. Go to OFAuth Dashboard > Developers > API Keys
  2. Create keys for both environments:
    • Sandbox key for development and testing
    • Live key for production

Sandbox Test Credentials

Use these test accounts to complete Link authentication flows:
ScenarioEmail formatPasswordOTP
Creator (no 2FA){identifier}@creator.sandbox.comgood-password
Creator (with OTP){identifier}@creator-otp.sandbox.comgood-password123456
Fan (no 2FA){identifier}@fan.sandbox.comgood-password
Fan (with OTP){identifier}@fan-otp.sandbox.comgood-password123456
Examples: 
[email protected]          // Creator without 2FA
[email protected]      // Creator with OTP 123456
[email protected]             // Fan without 2FA
[email protected]         // Fan with OTP 123456
Any identifier works (e.g., demo, user123, test). The domain controls the behavior.

What You Can Test

FeatureSandbox Behavior
LinkFull auth flows with test credentials
Access APIReturns realistic fixture data
WebhooksSimulated events mirror production payloads
SDKIdentical behavior to production

Environment Differences

AspectSandboxLive
Data sourceDeterministic fixturesReal OnlyFans data
BillingFreePay per usage
Rate limitsSame as productionSame
API behaviorIdenticalIdentical

Switching Environments

Simply change your API key—no code changes required: 
// Development
const API_KEY = process.env.OFAUTH_SANDBOX_KEY // sk_sandbox_...

// Production
const API_KEY = process.env.OFAUTH_API_KEY // sk_live_...

// Same code works for both
const response = await fetch("https://api.ofauth.com/v2/account/whoami", {
  headers: { apikey: API_KEY }
})

Common Troubleshooting

Use good-password for all sandbox test accounts.
Only *-otp.sandbox.com accounts require OTP. The code is always 123456.
Verify the domain format: creator.sandbox.com, creator-otp.sandbox.com, fan.sandbox.com, or fan-otp.sandbox.com.
Sandbox data is deterministic fixtures, not persistent storage. Treat responses as test fixtures.

Next Steps

Quickstart

Get your first API call working

Link Authentication

Connect test accounts