Scopes represent end user granted permissions to access specific data resources or perform specific actions. Every TikTok API requires a scope to be accessed and sensitive fields are protected by additional scopes. For example, the scope
.basic allows access to APIs and data related to the basic user of a TikTok user.
Applying for and managing scopes
To request scopes, you must have Login Kit enabled for you app. The scope
.basic will be enabled by default for all apps with Login Kit. Developers can also request additional scopes and manage existing scopes on their app management page after logging in.
- If you have not already, enable TikTok API for your app. First, click + Add products on the left sidebar under Products. Then, click Add under TikTok API. Finally, click Done to save changes.
- Navigate to the section titled TikTokAPI to view your scopes.
- To manage your scopes, click Edit Scope. You can then enable and disable desired scopes. Click Done to save your changes before closing.
- Note: Be cautious when disabling a scope. Access to its data will be revoked for existing integrations.
- If you see the label Submit for review on a scope, you must submit your app for review by the TikTok team before you are granted permissions to use that scope.
Remember that applying and being approved for a scope alone does not give you access to a user's data. Each user must also authorize your app for access to specific scopes.
After you are approved for certain scopes on TikTok for Developers, users will be asked to authorize and confirm your access. This is explained further in the tutorials for Login Kit on iOS, Android, and Web. Users can grant or deny the requested scopes or any subset of them, and revoke the authorization at any time on their TikTok apps.
After a user grants the requested scopes, a code will be sent to your registered callback URL. You can obtain an
access_token and start invoking TikTok APIs to get that user's information or perform actions on the user's behalf.
See Manage User Access Tokens for
access_token related endpoints.
You can find the list of available scopes and their explanation on this page.