Docs
Manage User Access Tokens with OAuth v2
TikTok Login Kit manages the token lifecycle, allowing you to integrate login and authentication flows directly in your application. A successful authorization flow grants you refreshable access tokens. Those tokens enable you to perform endpoint access with user permissions.
Authorization scopes
Most endpoints provided by TikTok for Developers require direct consent from TikTok users before you can invoke them. The permissions are granted on a scope level. Users have the rights to only agree to a subset of scopes you requested from them.
The following are some example scopes:
- user.info.basic gives read-only access to a user's avatar and display name.
- video.list gives read-only access to a user's public TikTok videos.
Learn more about scopes.
Token security
Tokens must be handled with caution. It is recommended that you store and manage all tokens on the server side.
- Access token is a user authorization token that can be used to directly access user information in the TikTok ecosystem.
- Refresh token is used to renew the access token.
Endpoints
If you have already registered a redirect URI for your app and use https://www.tiktok.com/v2/auth/authorize/
to authorize, please refer to the new generation of user access token management API.
If you are an existing client, have not registered a redirect URI for your app and use https://www.tiktok.com/auth/authorize/
to authorize, please refer to our legacy user access token management API. To register a redirect URI, go to the Manage apps page of the TikTok for Developers website and migrate to the new endpoints as soon as possible.
NOTE: Mobile applications should still use legacy user access token management API