All credentials are encrypted with AES-256-GCM before being stored in PostgreSQL. The encryption key (
CREDENTIALS_ENC_KEY_B64) never leaves your server and is never transmitted to GenieHelper infrastructure.How the connection works
GenieHelper controls a real Chromium browser (via Playwright) on the server. It navigates OnlyFans exactly as a logged-in user would — loading your profile page, reading stats from the DOM, and extracting post metrics. No private API keys are required. Because OnlyFans actively detects and blocks headless Chrome sessions, GenieHelper uses two complementary strategies:Cookie injection
If you have an active session in the
platform_sessions collection, GenieHelper injects those encrypted cookies into the browser before navigating. This avoids the login flow entirely and is the preferred path.Credential login
If no valid session cookie exists, GenieHelper uses your stored email/password (or X/Twitter OAuth) to log in automatically and establish a new session.
Setup
Select OnlyFans
Choose OnlyFans from the platform grid. You can select multiple platforms in the same flow.
Choose an authentication method
Three options are available:
- Email / Password — GenieHelper logs in with your OnlyFans email and password. Enter your profile
@handle(used in your profile URL) separately from your login email. - X / Twitter OAuth — GenieHelper clicks “Sign in with X” on the OnlyFans login page and authenticates with your X/Twitter credentials. Requires 2FA to be disabled on your X account.
- Cookie only — No password stored. You provide session cookies manually using the browser extension after logging in yourself.
Enter your credentials
Fill in the required fields. All values are AES-256-GCM encrypted client-side before transmission and stored in the PostgreSQL vault.
Data collected
Thescrape_profile job extracts the following from your OnlyFans profile page:
| Field | Source | Collection |
|---|---|---|
| Follower count | Profile page DOM | platform_connections |
| Following count | Profile page DOM | platform_connections |
| Post count | Profile page DOM | platform_connections |
| Display name | Profile page DOM | platform_connections |
| Subscription price | Profile page DOM | platform_connections |
| Verification status | Profile page DOM | platform_connections |
| Bio text | Profile page DOM | platform_connections |
| Post caption | Per-post extraction | media_assets |
| Likes per post | Per-post extraction | media_assets |
| Comments per post | Per-post extraction | media_assets |
| PPV flag and price | Per-post extraction | media_assets |
| Posted date | Per-post extraction | media_assets |
scrape_post_performance job collects live engagement metrics for already-published posts:
| Metric | Collection |
|---|---|
| Likes | post_performance_snapshots |
| Comments | post_performance_snapshots |
| Views | post_performance_snapshots |
| Tips amount | post_performance_snapshots |
| PPV unlocks | post_performance_snapshots |
BullMQ jobs
All OnlyFans scraping runs through two job types on thescrape-jobs queue:
| Job | Trigger | What it does |
|---|---|---|
scrape_profile | Manual from dashboard, or every 6h via runScrapeScheduler | Scrapes profile stats and up to 20 recent posts |
scrape_post_performance | Manually triggered or via post scheduler | Fetches live metrics for a specific published post |
concurrency:1 to prevent simultaneous Stagehand sessions from exhausting server RAM.
Session management
After a successful login, GenieHelper stores your browser cookies in theplatform_sessions collection:
- Cookies are encrypted with AES-256-GCM using the same key as credentials
- The
statusfield tracks whether a session isactiveorrevoked - You can view and revoke active sessions from the Cookie Sessions tab in Platform Connections
- To manually import cookies (for cookie-only auth), use the browser extension or paste a cookie string in the Sessions tab
platform_sessions is filtered by both creator_profile_id and platform when injecting cookies.
Connection health monitoring
GenieHelper tracks the health of your OnlyFans connection in theplatform_health_checks collection. Each scrape job writes a health record with the result status. The TopCueRail in the dashboard reflects connection health:
| Status | Meaning |
|---|---|
connected | Last scrape succeeded |
scraping | A scrape job is currently running |
hitl_required | Login challenge was encountered — your action is needed |
failed | Last scrape failed — check logs |
pending_connection | Profile saved but not yet scraped |
HITL — human-in-the-loop login
When OnlyFans presents a login challenge that Stagehand cannot handle automatically (CAPTCHA, SMS code, email verification), the scrape job does the following:- Creates a record in
hitl_sessionswithstatus: pendingand a reason message - Sets
scrape_status: hitl_requiredon yourplatform_connectionsrecord - Surfaces a
scrape_alertin the dashboard Center Stage
Open the alert
The dashboard will switch to
scrape_alert mode automatically. Click the alert to see which platform needs attention.Log in manually in your browser
Open OnlyFans in your own browser, complete the login challenge, and ensure you are fully authenticated.
Capture your session cookies
Use the GenieHelper browser extension to export your session cookies, or paste them manually in the Cookie Sessions tab.