TikAPI is using a custom implementation of the OAuth 2.0 protocol.
By using our OAuth system you can get access to a user's TikTok account easily by just asking them for authorization.
How do I authorize users?
Let's get started
1. Share the Authorization Link
To get an Account Key, you need to ask the user to authorize your application.
You can do this by sharing your OAuth link to the user or by using the Popup Login Button.
Example OAuth Link:
https://tikapi.io/account/authorize?client_id=c_1234567890&redirect_uri=https://tikapi.io/success&scope=view_profile+explore
client_id required
- This is your application id, you can find it on your Developer Dashboard.
client_id required
- This is your application id, you can find it on your Developer Dashboard.
redirect_uri required
- The exact redirection link to your website should be set here and included in the OAuth Link. The user will be redirected here after a successful authorization and the query parameters
access_token,scope will be included. You must set your application redirect links on Developer Dashboard.
redirect_uri required
- The exact redirection link to your website should be set here and included in the OAuth Link. The user will be redirected here after a successful authorization and the query parameters
access_token,scopewill be included. You must set your application redirect links on Developer Dashboard.
scope optional
- A list of permissions separated with space or plus sign (+). User can choose to not allow some of these permissions.
Security Scheme Type OAuth2 implicit OAuth Flow Authorization URL: https://tikapi.io/account/authorizeScopes:view_profile - To read a user's profile info and activity
view_followers - To view a user's followers & following list
view_notifications - To view a user's notifications
view_analytics - To view a user's analytics
view_collections - To view a user's saved posts & playlists
view_messages - View a user's messages
view_coins - View a user's live coin history
edit_profile - Modify a user's profile
send_messages - Send DM & Live chat messages
conversation_requests - View and manage DM message requests
media_actions - To like or comment on videos
follow_actions - To follow or unfollow other users
live - Start, View & End Live videos
explore - To get profile information, feed, and other posts related information
state optional
- A custom state data to pass on.
scope optional
- A list of permissions separated with space or plus sign (+). User can choose to not allow some of these permissions.
Security Scheme Type OAuth2 implicit OAuth Flow Authorization URL: https://tikapi.io/account/authorizeScopes:view_profile-To read a user's profile info and activity
view_followers-To view a user's followers & following list
view_notifications-To view a user's notifications
view_analytics-To view a user's analytics
view_collections-To view a user's saved posts & playlists
view_messages-View a user's messages
view_coins-View a user's live coin history
edit_profile-Modify a user's profile
send_messages-Send DM & Live chat messages
conversation_requests-View and manage DM message requests
media_actions-To like or comment on videos
follow_actions-To follow or unfollow other users
live-Start, View & End Live videos
explore-To get profile information, feed, and other posts related information
state optional
- A custom state data to pass on.
country optional
- The account country will be detected automatically. By specifying this parameter you can use a custom country.
email optional
- You can include the user email for your own reference. Might also be used on our future features.
2. Saving the Account Key
After the user has authorized your application a redirection will occur at your specified redirection link and the query URL parameters will include:
access_tokenwhich is the Account Key,scopewhich is the list of allowed permissions, in case the user might have chosen to disallow some permissions.
Also, you can see your current authorized users from your Developer Dashboard.
The Account Key doesn't normally expire, but it will be invalidated if the account session expires, or when the user chooses to revoke access.
Now for getting this user information and making API requests you should simply include this key in the request headers with the header name being X-ACCOUNT-KEY.
| Security Scheme Type | User Authorization Key |
|---|---|
| Header parameter name | X-ACCOUNT-KEY |
Related Articles
What are OAuth users?
A OAuth user is a logged in TikTok account that has given you authorization to perform actions on their account or view private information. You can ask users to "Login with TikTok", just like Google or Facebook. We've made this possible by ...Why are my authorized users being removed automatically?
When a user logins with their TikTok accounts we store the login session on our database. If that session is no longer valid, the account will be removed from our database and a re-authorization is required. This can happen for different reasons: ...How do I remove a User?
You can't remove User authorizations due to security reasons, though they will be removed automatically after 1 month of inactivity. The account owner is always in control over his TikTok account data. Only the account owner can approve or revoke ...