Migration Guidance - User Info APIs Scope Migration

Introduction

TikTok is making some changes to our developer products to improve privacy and security for developers and TikTok end users. As part of these changes, we are introducing a few updates to our authorization scopes used with User Info APIs. If your apps do not integrate with Login Kit or do not use User Info APIs, you do not need to perform the migration. This guidance explains the necessary steps to complete the updates for User Info APIs. Please note that if you do not complete the migration by 02/29/2024, your apps may not receive the correct response from User Info APIs.

How to migrate

Step 1: Check User Info APIs usage

To determine if your apps need to perform the migration, check if you are using User Info APIs to obtain any fields listed in the table below.

• POST:https://open-api.tiktok.com/user/info/ and
• GET:https://open.tiktokapis.com/v2/user/info/)

New Scope and Field Relationship Table

The user.info.basic scope can't be used to get all the fields in the table above. If your app uses any of these fields, your API client needs to send the right scope associated with the fields as shown in the following steps. Going forward, the user.info.basic scope can only retrieve "open_id", "union_id", "avatar_url", "avatar_url_100", "avatar_large_url" and "display_name".

Step 2: Apply new scope

After you have confirmed that your apps need to perform the migration, the next step is to apply the new scopes.

• Click the Manage apps on the homepage and select your application.
• Make sure that the application has added the "Scopes" product and locate the "Scopes" product section.
• Click on Edit Scope, search and add the relevant scopes, save changes, and submit for review.

Once your changes have been approved, you can authorize the new scopes.

Step 3: Re-authorize new scope

After you have added the new scopes to your apps, you will need to perform a reauthorization with your users. Add the new scopes to your authorization parameter and ask users to give updated scope permissions through your Login Kit page. You can find more information about this in here.

Step 4: Call User Info APIs with new token

After you have confirmed that your users have authorized the new scopes for your apps and obtained the new access_token, you can use User Info APIs to retrieve the new fields. We recommend using the v2 User Info API, as the v1 User Info API will be deprecated soon. More detailed information can be found here.

Banner

We will be monitoring the usage of User Info APIs for the fields mentioned above. If your applications do not meet our new requirements, a banner will be added to your app's homepage as a notice. This banner will be removed once migration is complete.

Please note that it may take some time for us to collect the data and verify the migration. You may see the banner for up to one week after completing the migration.

FAQs

1. Can I still use "user.info.basic" to retrieve fields in the table above before the 02/29/2024?

Yes. You can still use "user.info.basic" to access "bio_description", "profile_deep_link", "is_verified", "follower_count", "following_count", "like_count" and "video_count" before 02/29/2024. However, after this time, if your application has not completed the migration and still queries for these fields, you will receive a "scope_not_authorized" error with HTTP status code of 401 Unauthorized. Therefore, you are requested to complete the migration as soon as possible.

2. Can I still use v1 user info API to get those fields?

Yes, you can still use v1 User Info API to retrieve those fields, but we recommend using our v2 user info API as we plan to deprecate the v1 API in the future.