21st January 2026 – API Access & Usage Policy Update
We’ve updated the API Access & Usage Policy to protect creators from social engineering attacks targeting Third-Party Application credentials.
What’s Changed?
Definitions
- Added definitions for Third-Party Application and Application Credentials to clarify OAuth-related terminology.
Section 5 - Prohibited Use
- Explicitly prohibited creating applications at the request of third parties.
- Prohibited sharing Application Credentials (client secrets, redirect URIs, webhook callbacks) with others.
- Prohibited instructing others to create applications or share credentials in violation of the Policy.
Section 10 - Security Requirements
- Added comprehensive guidance on Third-Party Application security.
- Detailed steps to revoke access and delete compromised applications.
- Specific warnings about social engineering tactics, including chatbots asking creators to create apps on their behalf.
Section 11 - Termination, Suspension & Versioning
- Clarified that Fanvue may take immediate action against accounts involved in credential sharing or facilitating unauthorised access.
Why These Changes?
These updates respond to observed social engineering attempts where malicious services have asked creators to create Third-Party Applications and share credentials, enabling unauthorised access to creator accounts and data.
Need to Check Your Account?
If you have previously created a Third-Party Application at someone else’s request, or shared credentials with a third-party service:
- Revoke third-party access: Settings → Account → Third Party Apps Consent → Revoke
- Delete any compromised applications: Creator Tools → Build → [Select App] → Delete
- Contact support if you believe your account may have been compromised: support@fanvue.com
