OnlyFans API Auth

# Quick Start (/auth/quickstart) import { Tabs, Tab } from "fumadocs-ui/components/tabs"; import { Step, Steps } from "fumadocs-ui/components/steps"; import { Callout } from "fumadocs-ui/components/callout"; ## Overview This guide will walk you through implementing `@onlyfansapi/auth` in your application. The authentication library provides a simple, secure way to authenticate users with their OnlyFans accounts. ## Before You Start Make sure you've completed the [installation](/auth/installation) steps first. You'll need: * The package installed in your project * An API key to create client session tokens * A client session token (starts with `ofapi_cs_`) to use with the library ## Basic Usage The library exports a single function `startOnlyFansAuthentication` that handles the entire authentication flow. When called, it opens a secure iframe modal where users can authenticate with their OnlyFans account. ### Import ```typescript twoslash import { startOnlyFansAuthentication } from '@onlyfansapi/auth'; ``` ### Function Signature ```typescript const startOnlyFansAuthentication: (clientSessionToken: string, options: { onSuccess: (data: AuthSuccessData) => void; onError: (error: AuthFailureError) => void; onContinue?: () => void; }) => void ``` **Parameters:** * `clientSecret` (string, required): Your client session token obtained from the [Create Client Session](/api-reference/client-sessions/create-client-session) API endpoint * `options.onSuccess` (function, required): Callback invoked when authentication succeeds * `options.onError` (function, required): Callback invoked when authentication fails ## Framework Examples ```tsx import React, { useState } from 'react'; import { startOnlyFansAuthentication } from '@onlyfansapi/auth'; export default function AuthComponent() { const [isLoading, setIsLoading] = useState(false); const [authData, setAuthData] = useState(null); const [error, setError] = useState(null); const handleAuthentication = () => { setIsLoading(true); setError(null); startOnlyFansAuthentication('ofapi_cs_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', { onSuccess: (data) => { console.log('Authentication successful:', data); setAuthData(data); setIsLoading(false); // data.accountId - The authenticated account ID // data.username - The authenticated username // data.response - Full response from the API }, onError: (error) => { console.error('Authentication failed:', error); setError(error); setIsLoading(false); // error.message - Error message // error.code - Error code (if available) // error.details - Additional error details (if available) }, }); }; return (

{authData && (

Authentication Successful!

Account ID: {authData.accountId}

Username: {authData.username}

)} {error && (

Authentication Failed

{error.message}

)}

); } ``` ```vue ``` ```svelte

{#if authData}

Authentication Successful!

Account ID: {authData.accountId}

Username: {authData.username}

{/if} {#if error}

Authentication Failed

{error.message}

{/if}

``` ```typescript import { Component } from '@angular/core'; import { startOnlyFansAuthentication } from '@onlyfansapi/auth'; @Component({ selector: 'app-auth', template: `

Authentication Successful!

Account ID: {{ authData.accountId }}

Username: {{ authData.username }}

Authentication Failed

` }) export class AuthComponent { isLoading = false; authData: any = null; error: any = null; handleAuthentication() { this.isLoading = true; this.error = null; startOnlyFansAuthentication('ofapi_cs_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', { onSuccess: (data) => { console.log('Authentication successful:', data); this.authData = data; this.isLoading = false; }, onError: (error) => { console.error('Authentication failed:', error); this.error = error; this.isLoading = false; }, }); } } ``` ```html OnlyFans API Auth

``` ## Response Data The library provides TypeScript types for better type safety. Import them if needed: ```typescript import type { AuthSuccessData, AuthError } from '@onlyfansapi/auth'; ``` ### Success Response When authentication is successful, the `onSuccess` callback receives an `AuthSuccessData` object: ```typescript interface AuthSuccessData { accountId: string; // The authenticated OnlyFans account ID username: string; // The authenticated OnlyFans username response: object; // Full response object from the API containing additional metadata } ``` **Example usage:** ```typescript onSuccess: (data) => { // Store the account ID for future API requests localStorage.setItem('ofAccountId', data.accountId); // Redirect to dashboard or update UI console.log(`Authenticated as ${data.username}`); } ``` ### Error Response When authentication fails, the `onError` callback receives an `AuthError` object: ```typescript interface AuthError { message: string; // Human-readable error message code?: string; // Error code (if available) for programmatic handling details?: object; // Additional error details (if available) } ``` **Common error scenarios:** * User cancels the authentication flow * Network connectivity issues * Invalid or expired client session token * OnlyFans account access issues **Example error handling:** ```typescript onError: (error) => { if (error.code === 'AUTH_CANCELLED') { // User closed the authentication modal console.log('Authentication cancelled by user'); } else { // Handle other errors console.error('Authentication failed:', error.message); // Display error to user } } ``` ## Security The authentication library implements multiple security measures to protect user data: * **Origin validation**: All communication with the authentication iframe is validated by origin * **Domain whitelisting**: Only messages from the configured OnlyFansAPI.com domain are accepted * **Secure token transmission**: Client session tokens are passed securely via URL parameters * **HTTPS required**: The library requires HTTPS connections in production environments ## Best Practices ### Storing Client Session Tokens Store your client session token securely: ```typescript // ✅ Good: Use environment variables (if using a build tool) const CLIENT_SECRET = process.env.NEXT_PUBLIC_OFAPI_CLIENT_SECRET; // ✅ Good: Fetch from your backend API (most secure) const clientSecret = await fetch('/api/client-secret').then(r => r.json()); // ❌ Bad: Hardcode in your source code const CLIENT_SECRET = 'ofapi_cs_...'; ``` ### Error Handling Always handle both success and error cases: ```typescript startOnlyFansAuthentication("clientSecret", { onSuccess: (data) => { // Update your application state // Persist authentication data if needed // Redirect or update UI }, onError: (error) => { // Log errors for debugging // Show user-friendly error messages // Provide fallback options }, }); ``` ### User Experience * Show a loading state while authentication is in progress * Disable the authentication button during the flow to prevent duplicate requests * Provide clear feedback on success or failure * Consider adding a "try again" option if authentication fails ## Troubleshooting ### Common Issues **Authentication modal doesn't open:** * Ensure your client session token is valid and properly formatted * Check browser console for any error messages * Verify that pop-ups aren't blocked by your browser **"Invalid client secret" error:** * Verify your client session token is correct (starts with `ofapi_cs_`) * Check that the token hasn't expired * Ensure you're using a token created via the [Create Client Session API](/api-reference/client-sessions/create-client-session) **Network errors:** * Check your internet connection * Verify OnlyFansAPI.com is accessible from your network * Some corporate firewalls may block the authentication iframe ## Next Steps * Review the [Installation Guide](/auth/installation) if you haven't already * Check out the [NPM package](https://www.npmjs.com/package/@onlyfansapi/auth) for the latest version and updates * Visit [onlyfansapi.com/auth](https://onlyfansapi.com/auth) for more information * Explore the [API Reference](/api-reference) to see what you can do with authenticated accounts