TikTok General

OAuth Tokens

Manage oauth tokens within the TikTok General API. This section covers endpoints for working with oauth tokens including retrieval, creation, and management operations.

Get user info

GET/tiktok/oauth/userinfo

Get information about the currently authenticated TikTok user. Requires a valid OAuth token with an active TikTok session.

Header Parameters

x-oauth-tokenstring

Responses

200Ok

Response Attributes

code*number (double)
messagestring
userobject
||
Request
Response200

Validate refresh token

POST/tiktok/oauth/validate-refresh

Check if a stored refresh token is still valid without consuming it. Returns metadata about the session if valid.

This is a public endpoint — no authentication required.

Request Body

Required

The refresh token and client ID to validate

refresh_token*string

The refresh token to validate

client_id*string

The OAuth client ID that issued the token

Responses

200Ok

Response Attributes

code*number (double)
messagestring
valid*boolean
scopesenum[]
tiktok_user_idstring | null
country_codestring | null
||
Request
Response200

Exchange token

POST/tiktok/oauth/token

Exchange an authorization code or refresh token for access tokens.

For authorization_code grant:

  • code: The authorization code from /oauth/complete
  • redirect_uri: Must match the original redirect_uri

For refresh_token grant:

  • refresh_token: A valid refresh token

Request Body

Required

Token request parameters

client_id*string
client_secret*string
grant_type*enum
codestring

Required for authorization_code grant

redirect_uristring

Required for authorization_code grant

refresh_tokenstring

Required for refresh_token grant

Responses

200Ok

Response Attributes

code*number (double)
messagestring
dataobject
errorobject
||
Request
Response200

Revoke token

POST/tiktok/oauth/revoke

Revoke an access token or refresh token (RFC 7009). This endpoint always returns success for valid client credentials, even if the token was already revoked or invalid.

Request Body

Required

Revoke request parameters

token*string
token_type_hintenum
client_id*string
client_secret*string

Responses

200Ok

Response Attributes

code*number (double)
messagestring
errorobject
||
Request
Response200

Introspect token

POST/tiktok/oauth/introspect

Introspect a token to determine its state (RFC 7662). Returns active: true/false along with token metadata. Works for both access tokens and refresh tokens.

Request Body

Required

Introspection request parameters

token*string
token_type_hintenum
client_id*string
client_secret*string

Responses

200Ok

Response Attributes

code*number (double)
messagestring
dataobject

RFC 7662 Token Introspection response

errorobject
||
Request
Response200

Get public client

GET/tiktok/oauth/clients/{client_id}

Get public information about an OAuth client by client_id. This endpoint is used during the authorization flow to display client information to the user before they authorize.

Does not require authentication. Does not expose sensitive information like client_secret_hash.

Path Parameters

client_id*string

Responses

200Ok

Response Attributes

code*number (double)
messagestring
clientobject
||
Request
Response200